source: trunk/AIR-BOOT/SOURCE/SPECIAL/VIRUS.ASM@ 10

Last change on this file since 10 was 8, checked in by kiewitz, 23 years ago

Added AiR-BOOT Images and support for other languages.
Note: This comment was created after rebuilding the repo. [2011-07]

File size: 6.9 KB
Line 
1
2; Disclaimer:
3;=============
4; The sourcecode is released via www.netlabs.org CVS *ONLY*.
5; You MUST NOT upload it to other servers nor republish it in any way.
6; The sourcecode is still COPYRIGHTED and NOT YET RELEASED UNDER GPL.
7; It's (c) Copyright 1998-2002 by Martin Kiewitz.
8; You may recompile the source and do *PRIVATE* modifications, but please keep
9; in mind that modifying this code needs at least *some* assembly skill. If
10; you mess up your system, because you needed to hack your way through, don't
11; blame me. Releasing a customized version of AiR-BOOT, selling it in any form
12; or reusing parts of this source is *PROHIBITED*. Ask me, if you have some
13; idea about new functionality *before* developing the code, otherwise I will
14; definitely reject it. Also please accept, that I have some basic design
15; rules on AiR-BOOT and I will maintain them at all costs, so this won't get
16; another GRUB.
17
18;---------------------------------------------------------------------------
19; AiR-BOOT / VIRUS DETECTION
20;---------------------------------------------------------------------------
21
22; Checks system for stealth-virus...if any is found, MBR will get restored and
23; system will get halted. On Non-Real-Mode this will only save Interrupt Vectors.
24; Segment Registers preserved
25VIRUS_CheckForStealth Proc Near Uses ds si es di
26 xor al, al
27 mov cx, 4
28 mov di, offset CFG_VIR_INT08
29 push di
30 rep scasb
31 pop di
32 jne VCFS_AlreadyInitiated
33
34 VCFS_InitNow:
35 xor ax, ax
36 mov ds, ax
37 mov ax, cs
38 mov es, ax
39 mov cx, 2
40 mov si, 08h*4
41 rep movsw ; INT 08 Ptr
42 mov cl, 2
43 mov si, 13h*4
44 rep movsw ; INT 13 Ptr
45 mov cl, 2
46 mov si, 1Ch*4
47 rep movsw ; INT 1C Ptr
48 IFDEF ReleaseCode
49 call DriveIO_SaveConfiguration
50 ENDIF
51 jmp VCFS_Finished
52
53 VCFS_AlreadyInitiated:
54 xor ax, ax
55 mov es, ax
56 xor si, si
57 mov ax, word ptr es:[si+08h*4]
58 mov dx, word ptr es:[si+08h*4+2]
59 cmp ax, word ptr ds:[di+0]
60 jne VCFS_Found
61 cmp dx, word ptr ds:[di+2]
62 jne VCFS_Found
63 mov ax, word ptr es:[si+13h*4]
64 mov dx, word ptr es:[si+13h*4+2]
65 cmp ax, word ptr ds:[di+4]
66 jne VCFS_Found
67 cmp dx, word ptr ds:[di+6]
68 jne VCFS_Found
69 mov ax, word ptr es:[si+1Ch*4]
70 mov dx, word ptr es:[si+1Ch*4+2]
71 cmp ax, word ptr ds:[di+8]
72 jne VCFS_Found
73 cmp dx, word ptr ds:[di+10]
74 jne VCFS_Found
75
76 VCFS_Finished:
77 ret
78
79 VCFS_Found:
80 ; New ROM-Proof Logic:
81 ; Mismatching vector found, so try to write to that location. If it doesn't
82 ; succeed, ROM will be assumed (so valid change), a message will get
83 ; displayed and new vectors will be saved. Otherwise Virus found.
84 mov es, dx
85 mov bx, ax
86 mov al, bptr es:[bx] ; Get Byte from Interrupt Vector
87 mov ah, al
88 xor al, 0FFh
89 mov bptr es:[bx], al ; Try to write there...
90 mov al, bptr es:[bx] ; Get back...
91 mov bptr es:[bx], ah ; And restore to original byte...
92 cmp al, ah
93 jne VCFS_WhewThisIsOne ; Mismatch ? -> Virus found
94 mov si, offset TXT_BIOSchanged
95 call MBR_Teletype
96 xor ah, ah
97 int 16h ; Waits for any keystroke
98 jmp VCFS_InitNow
99 VCFS_WhewThisIsOne:
100 mov si, offset TXT_VirusFoundMain
101 call MBR_Teletype
102 ; Now check BackUp MBR for validation (AiRBOOT signature), do this
103 ; using direct-calls to original bios handler.
104 call ANTIVIR_RestoreMBR
105 jnc VCFS_ValidRestore
106 mov si, offset TXT_VirusFound1damn
107 call MBR_Teletype
108 call MBR_Teletype ; VirusFound1any
109 mov si, offset TXT_VirusFoundEnd
110 call MBR_Teletype
111 jmp MBR_HaltSystem
112
113 VCFS_ValidRestore:
114 mov si, offset TXT_VirusFound1ok
115 call MBR_Teletype
116 mov si, offset TXT_VirusFound1any
117 call MBR_Teletype
118 mov si, offset TXT_VirusFoundEnd
119 call MBR_Teletype
120 jmp MBR_HaltSystem
121VIRUS_CheckForStealth EndP
122
123; Checks system for normal-MBR-virus... (done by comparing current MBR with
124; memory image). Note: We will only compare the first 446 bytes.
125; if one is found, MBR will get restored and system will get halted.
126; Segment Registers preserved
127VIRUS_CheckForVirus Proc Near Uses ds si es di
128 push cs cs
129 pop ds es
130 mov bx, offset TmpSector
131 mov dx, 0080h
132 mov cx, 0001h ; Harddisc 0, Sector 1
133 mov ax, 0201h
134 int 13h
135 jnc VCFV_MBRloaded
136 ret
137 VCFV_MBRloaded:
138 mov si, BootBasePtr
139 mov di, offset TmpSector
140 mov cx, 223 ; Compare 446 bytes
141 repz cmpsw ; if fail: Cross call to Stealth-Virus
142 jne VCFS_WhewThisIsOne
143 ret
144VIRUS_CheckForVirus EndP
145
146; ============================================================================
147; ANTI-VIRUS-CODE
148; ============================================================================
149
150; Saves a backup of the current MBR to harddisc (used before booting)
151ANTIVIR_SaveBackUpMBR Proc Near Uses ax bx cx dx es
152 push cs
153 pop es
154 mov bx, BootBasePtr
155 mov dx, 0080h
156 mov cx, 003Ch ; First Harddrive, Sector 60
157 mov ax, 0301h ; Write 1 Sector
158 int 13h
159 ret
160ANTIVIR_SaveBackUpMBR EndP
161
162; Will report Carry-Clear, if BackUp MBR is valid (supposingly)
163ANTIVIR_CheckBackUpMBR Proc Near Uses
164 push cs cs
165 pop es ds
166 mov bx, offset TmpSector
167 mov dx, 0080h
168 mov cx, 003Ch ; Harddisc 0, Sector 60
169 mov ax, 0201h ; Load 1 Sector
170 pushf
171 call dword ptr cs:[CFG_VIR_INT13] ; Get Sector 60 directly (w/o INT 13h)
172 jc ACBUMBR_Failed
173 mov cx, 7
174 mov di, offset TmpSector
175 inc di ; Position for "AiRBOOT" normally
176 mov si, offset CheckID_MBR
177 repz cmpsb
178 stc
179 jne ACBUMBR_Failed
180 clc
181 ACBUMBR_Failed:
182 ret
183ANTIVIR_CheckBackUpMBR EndP
184
185ANTIVIR_RestoreMBR Proc Near Uses
186 call ANTIVIR_CheckBackUpMBR
187 jnc ARMBR_DoIt
188 ret
189 ARMBR_DoIt:
190 mov bx, offset TmpSector
191 mov dx, 0080h
192 mov cx, 0001h ; Harddisc 0, Sector 1
193 mov ax, 0301h ; Write 1 Sector
194 pushf
195 call dword ptr cs:[CFG_VIR_INT13] ; Writes to Sector 1 directly
196 ret
197ANTIVIR_RestoreMBR EndP
Note: See TracBrowser for help on using the repository browser.