Metropoli BBS - hnd2name.asm

VIEWER: hnd2name.asm MODE: TEXT (ASCII)
;*************************************************************************
;* Finds the filename of an open file when given its handle.  The two DOS
;* functions are undocumented.  I found these while disassembling the
;* "Darth Vader" virus.  If you remove the error check after the first
;* function call, replace it with a dummy instruction such as "xor bh,bh".
;* McAfee's virus scanner (and probably others) uses this piece of code to
;* identify the Darth Vader virus. (!)  For descriptions of these
;* functions, see "Undocumented DOS" or Ralf Brown's INT list.
;*************************************************************************

Ideal
Model Tiny
CodeSeg
Org 100h

Start:      mov bx,3                ;Use AUX for demo
            mov ax,1220h            ;Get JFT entry
            int 2Fh
            jc Error
            mov bl,[es:di]          ;Get SFT entry
            mov ax,1216h
            int 2Fh
            jc Error
            add di,20h              ;Index to filename

            push es                 ;Print it out
            pop ds
            mov dx,di
            mov cx,11
            mov ah,40h
            int 21h
Exit:       mov ax,4C00h
            int 21h

Error:      mov dx,offset Error$
            mov ah,9
            int 21h
            jmp Exit

Error$      db      'DOS returned an error.  '
            db      'Check handle number.',13,10,'$'

End Start
[ RETURN TO DIRECTORY ]