Mirrors/vxug-MalwareSourceCode
13
1
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode synced 2024-06-28 18:02:48 +00:00
Code Releases Activity
9b5457c80c
vxug-MalwareSourceCode/MSDOS/Virus.MSDOS.Unknown.kbm.asm
vxunderground a2f096eccc
Add files via upload
2021-01-12 17:47:04 -06:00

253 lines
9.9 KiB
NASM
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

;---------------------------------------------------------------------------
;KBM KeyBoard Mouse by Dan Rollins 5-20-85
;
; This program intercepts keyboard data and creates a bit pattern determined
; according to whether or not certain keys are currently being pressed.
;
; The bit pattern is stored in the "inter-application communication area"
; at 0000:04f0. It is interpreted as:
;
; 7 6 5 4 3 2 1 0 (bit number)
; C m P H l d r u (bit name)
; | | | | | | | |
; | | | | | | | +- bit 0 (01h) - set = 1 while [up arrow] is pressed
; | | | | | | +--- bit 1 (02h) - set = 1 while [right arrow] is pressed
; | | | | | +----- bit 2 (04h) - set = 1 while [down arrow] or [5] is pressed
; | | | | +------- bit 3 (08h) - set = 1 while [left arrow] is pressed
; | | | |
; | | | +--------- bit 4 (10h) - set = 1 while [Home] is pressed
; | | +----------- bit 5 (20h) - set = 1 while [PgUp] is pressed
; | +------------- bit 6 (40h) - set = 1 while grey [-] is pressed
; +--------------- bit 7 (80h) - set = 1 while [CapsLock] is pressed
;
; As soon as the key is released, the relevant bit is reset to 0.
;
; The byte at 0000:04f1 is the "pass-through/filter" mode flag. When this
; byte is zero, all keystrokes are passed to the normal keyboard handler.
; When it's non-zero, the selected keystrokes are filtered (disabled for
; normal input). BIOS and DOS keyboard calls will not recognize them.
;
; The Alt-NumLock keystroke toggles between pass-through and filter modes.
;
; This program is installed and remains resident. It is a COM-format
; file, so it must be converted with EXE2BIN.
;
; Copyright (c) Ziff-Davis Publishing Co., 1986. All rights reserved.
;
;= equates ===============
KB_DATA_PORT equ 60h ;These are listed in the PC and XT
KB_CTRL_PORT equ 61h ; Technical Reference Manuals
KB_FLAG equ 417h ; the BIOS shift-key status (in segment 0)
ALT_STATE equ 8 ; Bit pattern while the [Alt] key is pressed
NUMLOCK_KEY equ 69 ; scan-code of the [NumLock] key
INT_CTL_PORT equ 20h ; Interrupt controller port (8259 chip)
EOI equ 20h ; End-Of-Interrupt code sent to 8259
RELEASE_BIT equ 80h ;also called the "break" bit: a key was released
KEY_BITS equ 04f0H ;the address of the key bit flags (segment 0)
MODE_FLAG equ 04f1H ;when 0, all keys are passed to normal kbint
INST_FLAG equ 04f2H ; set to 1234H during installation
com_seg segment
assume cs:com_seg, ds:com_seg
org 100h ;must have for COM-format program
kbm proc far
jmp set_up ;get past data and install interrupt hander
;============= program data area ========
norm_kbd_int label dword ;type DWORD so it can be used in a FAR jump
nki_offset dw 0 ; This address is stored in the SET_UP proc
nki_segment dw 0 ; It's the address of the previous kbint routine
;-----------------------------------------------------------------------------
; KBD_INT
; 1) read the keyboard
; 2) set/reset bits in mouse movement byte
; 3) execute normal keyboard interrupt
;
; scan bit key suggested meaning
; code flag name (defined by user)
; ---- ---- --------- ----------------------
kbm_tbl db 72, 1 ; num.pad 8 go up
db 77, 2 ; num.pad 6 go right
db 80, 4 ; num.pad 2 go down
db 75, 8 ; num.pad 4 go left
db 76, 4 ; num.pad 5 go down
db 71, 16 ; Home button 1
db 73, 32 ; PgUp button 2
db 74, 64 ; grey minus button 3
db 58, 128; CapsLock "high-gear shift" for fast motion
tbl_end label byte
;-----------------------------------------------------------------------------
; KBD_INT
; This procedure intercepts the ROM-BIOS KB_INT.
; It sets and resets bits of a kbd flag as the user presses and releases keys.
; When the byte at 0000:04F1 is 0, the keystroke is passed on to the
; original keyboard handler.
kbd_int proc far
sti
cld
push ax
push si
push ds
in al,KB_DATA_PORT ;read scan-code from keyboard into AL
mov ah,al ;save original byte in AH
and al,7fh ;mask off "release bit" for comparisons
mov si,offset kbm_tbl
k_20:
cmp si,offset tbl_end ;at end of table?
ja k_25 ; yes, key not found. Exit to normal kbint
cmp al,byte ptr cs:[si] ; is this the key?
je k_30 ; yes, process the keystroke
inc si ; no, point past the scan code
inc si ; point past the bit-mask
jmp k_20 ; and loop back for the next entry
k_25:
;------- check for mode-toggle by user
cmp ah,NUMLOCK_KEY ;is this a press of [NumLock]?
jne k_27 ; no, go
sub si,si ; yes, look to BIOS data area
mov ds,si
test byte ptr ds:[KB_FLAG],ALT_STATE ; is [Alt] pressed?
jz k_27 ; no, pass the key on
xor byte ptr ds:[MODE_FLAG],1 ; yes, toggle the mode and
jmp short k_exit ; exit w/o processing
;------- the keystroke is to be processed by the normal keyboard interrupt
k_27:
pop ds
pop si
pop ax
jmp cs:[norm_kbd_int] ;continue at normal keyboard handler
k_30:
;------- process the scan code into a bit-pattern
mov al,cs:[si+1] ;get bit-flag mask
sub si,si
mov ds,si ;point to segment of KEY_BITS
test ah,RELEASE_BIT ;is this key being released?
jz k_40 ; no, go
;------- process key release
not al ;flip-flop mask bits
and byte ptr ds:[KEY_BITS],al ;mask off released key bit
jmp k_50
k_40:
;------- process key press
or byte ptr ds:[KEY_BITS],al ;set the bit for pressed key
;------- determine whether key should be passed on to normal keyboard handler
k_50:
cmp byte ptr ds:[MODE_FLAG],0 ;should key be processed further?
je k_27 ; yes, continue at normal kb int
;------- the keystroke is to be ignored by the rest of the system.
;------- wrap up this keyboard interrupt.
k_exit:
in al,KB_CTRL_PORT ;get current value of keyboard control lines
mov ah,al ; save it
or al,80h ;set the "enable kbd" bit
out KB_CTRL_PORT,al ; and write it out the control port
xchg ah,al ;fetch the original control port value
out KB_CTRL_PORT,al ; and write it back
pop ds
pop si
cli
mov al,EOI ;send End-Of-Interrupt signal
out INT_CTL_PORT,al ; to the 8259 Interrupt Controller
pop ax
iret ;exit to interrupted program
kbd_int endp
LAST_BYTE equ offset $+1 ;This is the address passed to INT 27H
;Notice that the code of the SET_UP
; procedure is not preserved in memory
;-----------------------------------------------------------------------------
; SET_UP
; This routine is executed only once, when the program is installed.
inst_msg db 'KBM KeyBoard Mouse driver',0dh,0ah
db 'Copyright (c) 1986 Ziff-Davis Publishing Co.,',0dh,0ah,'$'
err_msg1 db 07,'Already installed',0dh,0ah,'$'
err_msg2 db 'Wrong DOS version.',0dh,0ah,'$'
set_up proc near
;------- make sure this is DOS 2.0 or later
mov ah,30h
int 21h
cmp al,2
jae su_10
mov dx,offset err_msg2
jmp msg_exit
su_10:
;------- see if KBM has already been installed
mov ax,0
mov es,ax
cmp es:[INST_FLAG],1234H ;already installed?
jne su_20 ; no, continue
mov dx,offset err_msg1 ; yes, exit with message
jmp msg_exit
su_20:
mov word ptr es:[INST_FLAG],1234h ; flag says KBM is installed
;------- save the old kbint vector and set up the new one
mov al,9
mov ah,35h ;DOS GET_VECTOR service
int 21h ; for interrupt 9 (KBINT)
mov al,9 ;get address of the current kb int handler
mov ah,35h ;DOS GET_VECTOR service
int 21h
mov nki_segment,es ;save old address
mov nki_offset,bx
mov dx,offset kbd_int ;set INT 9 to local keyboard interceptor
mov al,9 ;set vector for INT 9 to DS:DX
mov ah,25h ;DOS SET_VECTOR service
int 21h
mov ax,0
mov es,ax ;initialize variables:
mov byte ptr es:[MODE_FLAG],0 ; process all keystrokes
mov byte ptr es:[KEY_BITS],0 ; no keys are pressed
;------- display message to indicate install`tion complete
mov dx,offset inst_msg
mov ah,9
int 21h
;------- exit to DOS, leaving the interrupt handler resident
mov dx,LAST_BYTE
int 27h
msg_exit:
mov ah,9
int 21h
int 20h
set_up endp
kbm endp
com_seg ends
end kbm

View Git Blame Copy Permalink