Ping: Ray Lopez- Assembler source

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hi Ray,

Would you like another chance to redeem yourself? I've provided you the  
assembler program source code again below. All you need to do is explain  
what each line does. Correctly this time, please.

It's an open book test you know. :)

segment code

start:
mov ax,data
mov ds,ax
mov ax,stack
mov ss,ax
mov sp,stacktop

mov dx,hello
mov ah,9
int 0x21

mov ah,0x3c
mov cx,0
mov dx,files
int 0x21

mov [filehnd],ax

mov ah,0x40
mov bx, filehnd
mov cx,[msglength]
mov dx,hello
int 0x21

mov ah,0x3e
mov bx,filehnd
int 0x21

mov ax,0x4c00
int 0x21

segment data

hello: db 'Hi! Ray How did I get created Today?',13,10,'$'
files db 'ray.txt', 0
filehnd dw 1
msglength dw 38


segment stack stack
resb 64
stacktop:


--  
Here's a little story 'bout the congressmen. They came and bailed out all  
of their billionaire friends. You can blame Bush... Or you can try to blame  
Obama -- But you should have fuckin learned from your Daddy or your Momma!  
Don't bring a knife to a gunfight, You'll Lose!

Re: Ping: Ray Lopez- Assembler source

On Tuesday, January 28, 2014 8:16:59 AM UTC+8, Dustin wrote:
Quoted text here. Click to load it
  
Quoted text here. Click to load it
  
Quoted text here. Click to load it

This is YOUR chance for redemption.  YOU must demonstrate you know what ass
embler code does, instead of merely copy and pasting, by commenting each an
d every line below.

Further, you must tell us what the target hardware is, how many accumulator
s there are, what they are named, and the like.

Ball is in YOUR court Dustin.  Here is a chance to prove you are not a loud
 mouth turd wannabe coder but actually know a thing or three about assembly
 language.  But somehow I feel I know how this is going to play out: you wi
th your predictable dodging and personal attacks.  Yes I bait you but only  
to show the world your true chicken shit character.

Waiting with baited breath my virus writing wannabe fiend,

RL

Re: Ping: Ray Lopez- Assembler source


Quoted text here. Click to load it

It would be very difficult to write the program above if I didn't  
understand what I was doing. As I wrote (hey, find the place where I copied  
the source from otherwise, accept the fact I wrote it, off the top of my  
head for you). I have nothing to redeem.  
  
Quoted text here. Click to load it

The source code should clearly indicate the intended hardware, Ray.  
Assuming you understood what you were looking it. I'd think the int calls  
themselves would give it away....
  
Quoted text here. Click to load it

Gotta love your weaseling.
  
Quoted text here. Click to load it

lol, wannabe? [g]  

--  
I called the help line. It was outsourced to Pakistan.
"What's the matter?"  
"I'm depressed."
"Can you drive a truck?"


Re: Ping: Ray Lopez- Assembler source

Dustin wrote:  

Quoted text here. Click to load it


Why won't this run?  I get "illegal operand"

--  

They who can give up essential liberty to obtain a little temporary safety,
 deserve neither liberty nor safety. - Ben Franklin

Re: Ping: Ray Lopez- Assembler source

After serious thinking G. Morgan wrote :

Quoted text here. Click to load it

What have you done to get it ready to run? What assembler is it written  
for, NASM?



Re: Ping: Ray Lopez- Assembler source

On Fri, 31 Jan 2014 08:53:51 -0500, FromTheRafters

Quoted text here. Click to load it

    It's those bloody illegal aliens again. They sometimes refer
to themselves as "operands" or "operatives"
Quoted text here. Click to load it
    Yep. It probably wont run because you have 16 bit disabled.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppCompat]
"VDMDisallowed"=dword:00000000

    that'll fix it.
    []'s
--  
Don't be evil - Google 2004
We have a new policy  - Google 2012

Re: Ping: Ray Lopez- Assembler source


Quoted text here. Click to load it

    <Cough> Don't forget to "turn it off" once you are done. It is
a security risk. Or just boot a FreeDOS usb and run Dustin.exe from
there. Safer.
    []'s
--  
Don't be evil - Google 2004
We have a new policy  - Google 2012

Re: Ping: Ray Lopez- Assembler source

4ax.com:

Quoted text here. Click to load it

Pooh assures people my old 16bit irok poses no risk on a modern version of  
windows. Are you saying otherwise? [g]


--  
I called the help line. It was outsourced to Pakistan.
"What's the matter?"  
"I'm depressed."
"Can you drive a truck?"


Re: Ping: Ray Lopez- Assembler source

@speranza.aioe.org:

Quoted text here. Click to load it

I wrote it for Nasm. No copyright infringement issue. [g]


--  
I called the help line. It was outsourced to Pakistan.
"What's the matter?"  
"I'm depressed."
"Can you drive a truck?"


Re: Ping: Ray Lopez- Assembler source

Dustin wrote on 1/31/2014 :
Quoted text here. Click to load it

The other post was ASIC again? Looks like BASIC a little. Interesting  
password.



Re: Ping: Ray Lopez- Assembler source

@speranza.aioe.org:

Quoted text here. Click to load it

The other post is ASIC yes. I write in a variety of languages... It's close  
to BASIC, but only has 80 internal commands. Everything else you want to do  
has to be done via another language and linked in with it later. The  
executables it generates are easy to disassemble and study too. When you do  
things like that, assembler makes that much more sense. To the point where  
you understand the mnemonic representation of the bytes as to what they  
represent in assembly; this makes patching files a breeze. You can  
translate [g]


The code posted is still disabled, even tho the backdoor is present. [g] I  
haven't seen David respond with the sections of source that are responsible  
for it tho. You'd think it would be easy as hell to spot.



--  
I called the help line. It was outsourced to Pakistan.
"What's the matter?"  
"I'm depressed."
"Can you drive a truck?"


Re: Ping: Ray Lopez- Assembler source


Quoted text here. Click to load it

Did you assemble it with nasm?

And if running a modern version of windows that doesn't by default allow  
msdos 16bit apps to run, you'll have to enable it. See shadows post for the  
registry edit. I don't run those OS's and don't have that one memorized.  
[g]
  



--  
I called the help line. It was outsourced to Pakistan.
"What's the matter?"  
"I'm depressed."
"Can you drive a truck?"


Re: Ping: Ray Lopez- Assembler source

Dustin formulated on Saturday :

Quoted text here. Click to load it

I noticed his registry path, but it struck me that it might be DVM for  
DOS Virtual Machine instead of VDM. I don't know, I'm running XP and  
don't even have that entry.



Re: Ping: Ray Lopez- Assembler source


Quoted text here. Click to load it

When you get it assembled and run it, it'll create a file called ray.txt in  
whatever directory/folder you run it from. The file will contain the same  
bytes that it displays on the screen. Which is "Hi! Ray How did I get  
Created Today?" without the quotes. 13,10 are the control characters (bytes  
) for carriage return/line feed. The dollar sign marks the end of my string  
(String terminator character); for the interrupt I used. If you don't  
include it, you'll get the beginning txt and whatever is presently  
available in memory in the first 64k data segment. Garbage.

Btw, there is a slight bug (oops) in that source file. The ray.txt will be  
zero bytes. You must include filehand in brackets as shown here:

mov ah,0x40
mov bx, [filehnd]
mov cx,[msglength]
mov dx,hello
int 0x21

The code as presented in quotes doesn't work because I wasn't using proper  
nasm syntax. add the brackets as shown above and it will. Those five lines  
are responsible for the actual "writing" to file step.

I was making code revisions and I broke it. lol. ray2.asm will assemble and  
print the txt on the screen, but due to improper syntax with nasm on my  
part, it won't write the bytes to the txt file ray.txt, unless you include  
the brackets I removed when I re-wrote it. brackets around filehnd are  
needed, as shown above.






--  
I called the help line. It was outsourced to Pakistan.
"What's the matter?"  
"I'm depressed."
"Can you drive a truck?"


Re: Ping: Ray Lopez- Assembler source

Quoted text here. Click to load it

It's okay Dustin. We kind of expected it!

--  
Jax    :)

Re: Ping: Ray Lopez- Assembler source


Quoted text here. Click to load it

Pooh..... I always figured Dustin's code isn't exactly 100% correct after
he said he had written several versions of Irok before he got it right.  

--  
Jax    :)

Re: Ping: Ray Lopez- Assembler source

127.0.0.1:

Quoted text here. Click to load it

You figured wrong. The original file I posted is 100% correct and does both  
functions just fine. I was dicking around with nasm and broke it later.

Get your facts right.

I said I wrote several versions of irok, but that wasn't to fix "bugs".  
Each version of irok has a different signature required to isolate it, each  
version also has different encryption keys. Each version also had a few  
routines either added or modified to improve it's infection speed.

You're writing completely from your ass.

Only ONE irok version had a slight bug with command line parameters, and  
that was again, a pure assembler module issue; I forgot to address a  
variable properly in tasm.

  



--  
I called the help line. It was outsourced to Pakistan.
"What's the matter?"  
"I'm depressed."
"Can you drive a truck?"


Re: Ping: Ray Lopez- Assembler source


Quoted text here. Click to load it

Dustin that's a long way of saying what I said.... your "code isn't  
exactly 100%". Think about it!

--  
Jax    :)

Re: Ping: Ray Lopez- Assembler source

127.0.0.1:

Quoted text here. Click to load it

HAH! If that's what you think, I can only express good luck to you in  
learning to program.


--  
I called the help line. It was outsourced to Pakistan.
"What's the matter?"  
"I'm depressed."
"Can you drive a truck?"


Re: Ping: Ray Lopez- Assembler source


Quoted text here. Click to load it

How many years programming experience do you have Dustin?

--  
Jax    :)

Site Timeline