Much has changed since the early 1990's when I first began studying computer viruses. The first was Brain (a boot sector virus) which I obtained from an infected 3 1/2-inch diskette. After that I collected the Form boot sector virus, and I disassembled it to get the source code. From there I kept collecting and by 1996 had a collection of over 10,000 computer viruses which I used for study purposes. Eventually virus writers exploited MS Word macros and I successfully decrypted the CAP macro virus in 1997 which was prevalent and had infected many documents in the company I worked for at the time.
Starting out I wrote assembly language with Debug in DOS. After a few years I managed to buy a copy of MASM and disassembler software.
DOS DEBUG (OBSOLETE)
When I first began using Debug, the process of writing the code looked something like this:
-A XXXX:0100 MOV AH,9 XXXX:0102 MOV DX,108 XXXX:0105 INT 21 XXXX:0107 RET XXXX:0108 DB 'HELLO WORLD$' XXXX:0014 -R CX CX 0000 -N hello.com -W -Q
This "Hello, World" example creates a tiny executable and will not work on 32-bit or 64-bit machines. It requires an emulator like DOSBox v0.74, an Intel x86 PC emulator, to run it. It can be assembled as an EXE file or a COM file.
Line 5: mov dx,msg Moves the address of the message (Line 10) into the dx register
Line 6-7: int 21h / ah=9 Output a string at DS:DX. String must be terminated by '$'.
Line 8-9: int 21h / ah=4Ch Return control to the operating system (stop program).
;nasm -f win64 hello.asm -o hello.exe ;OR ;nasm -f bin hello.asm -o hello.com org 100h mov dx,msg mov ah,9 int 21h mov ah,4Ch int 21h msg db 'Hello, World!',0Dh,0Ah,'$'
This second example was written in a current version of MASM and the difference is interesting because of the number of include files and library files. Instead of knowing assembly language, it requires more a knowledge of building and linking libraries.
This example, which unlike the first example works on 64-bit, Windows 7:
.486 ; create 32 bit code .model flat, stdcall ; 32 bit memory model option casemap :none ; case sensitive include \masm32\include\windows.inc ; always first include \masm32\macros\macros.asm ; MASM support macros ; include files that have MASM format prototypes for function calls include \masm32\include\masm32.inc include \masm32\include\gdi32.inc include \masm32\include\user32.inc include \masm32\include\kernel32.inc ; Library files that have definitions for function includelib \masm32\lib\masm32.lib includelib \masm32\lib\gdi32.lib includelib \masm32\lib\user32.lib includelib \masm32\lib\kernel32.lib .code ; Where the code starts start: ; The CODE entry point to the program print chr$("Hello, World!",13,10) exit end start ; Where the program ends