

                                   0804ac5c
				     Start
				       |
		   +---------------------------------------+
		   |					   |
	       0804ac1d 				0804ac86
		   |					   |
	 +-------------------+			 +-------------------+
	 |		     |			 |		     |
     0804abb4		 0804ac32	     0804ac71		 0804ac47
	 |		     |			 |		     |
    +---------+ 	+---------+	    +---------+ 	+---------+
    |	      | 	|	  |	    |	      | 	|	  |
0804abc9  0804abf3  0804acc5  0804acda	0804acb0  0804ac08  0804abde  0804ac9b
    |	      | 	|	  |	   |	      | 	|	  |
   / \	     / \       / \	 / \	  / \	     / \       / \	 / \
  |   |     |	|     |   |	|   |	 |   |	    |	|     |   |	|   |
aba6 a408 aba6 aba6 aba6 aba6 aba6 aba6 aba6 aba6 aba6 aba6 aba6 aba6 aba6 aba6
exit   |  exit exit exit exit exit exit exit exit exit exit exit exit exit exit
       |
 jump to virus

===============================================================================

[Amadeus@cvex work]$ ./trace virus
[ Trace ] - ver 0.2 Beta
Copyleft (C) 2001-2003 Amjads. Made in Taiwan

EAX=00000000 EBX=00000000 ECX=00000000 EDX=00000000 ESI=00000000 EDI=00000000
SS =0000002B ESP=BFFFF290 EBP=00000000 DS =0000002B ES =0000002B Flags=00000246
CS =00000023 EIP=0804AC5C	PF ZF IF

0804AC5C B802000000		MOV	EAX,00000002	(*Start*)
-
-u0804aba6
0804ABA6 B81D000000		MOV	EAX,0000001D	(*exit*)
0804ABAB CD80			INT	80
0804ABAD B801000000		MOV	EAX,00000001
0804ABB2 CD80			INT	80
0804ABB4 B802000000		MOV	EAX,00000002	(L1L2)
0804ABB9 CD80			INT	80
0804ABBB 09C0			OR	EAX,EAX
0804ABBD 7405			JE	0804ABC4
-u
0804ABBF E905000000		JMP	0804ABC9	->L1L2L3
0804ABC4 E92A000000		JMP	0804ABF3	->L1L2R3
0804ABC9 B802000000		MOV	EAX,00000002	(L1L2L3)
0804ABCE CD80			INT	80
0804ABD0 09C0			OR	EAX,EAX
0804ABD2 7405			JE	0804ABD9
0804ABD4 E9CDFFFFFF		JMP	0804ABA6	-> exit
0804ABD9 E92AF8FFFF		JMP	0804A408	-> jump to Virus
-u
0804ABDE B802000000		MOV	EAX,00000002	(R1R2L3)
0804ABE3 CD80			INT	80
0804ABE5 09C0			OR	EAX,EAX
0804ABE7 7405			JE	0804ABEE
0804ABE9 E9B8FFFFFF		JMP	0804ABA6	-> exit
0804ABEE E9B3FFFFFF		JMP	0804ABA6	-> exit
0804ABF3 B802000000		MOV	EAX,00000002	(L1L2R3)
0804ABF8 CD80			INT	80
-u
0804ABFA 09C0			OR	EAX,EAX
0804ABFC 7405			JE	0804AC03
0804ABFE E9A3FFFFFF		JMP	0804ABA6	-> exit
0804AC03 E99EFFFFFF		JMP	0804ABA6	-> exit
0804AC08 B802000000		MOV	EAX,00000002	(R1L2R3)
0804AC0D CD80			INT	80
0804AC0F 09C0			OR	EAX,EAX
0804AC11 7405			JE	0804AC18
-u
0804AC13 E98EFFFFFF		JMP	0804ABA6	-> exit
0804AC18 E989FFFFFF		JMP	0804ABA6	-> exit
0804AC1D B802000000		MOV	EAX,00000002	(L1)
0804AC22 CD80			INT	80
0804AC24 09C0			OR	EAX,EAX
0804AC26 7405			JE	0804AC2D
0804AC28 E987FFFFFF		JMP	0804ABB4	->L1L2
0804AC2D E900000000		JMP	0804AC32	->L1R2
-u
0804AC32 B802000000		MOV	EAX,00000002	(L1R2)
0804AC37 CD80			INT	80
0804AC39 09C0			OR	EAX,EAX
0804AC3B 7405			JE	0804AC42
0804AC3D E983000000		JMP	0804ACC5	->L1R2L3
0804AC42 E993000000		JMP	0804ACDA	->L1R2R3
0804AC47 B802000000		MOV	EAX,00000002	(R1R2)
0804AC4C CD80			INT	80
-u
0804AC4E 09C0			OR	EAX,EAX
0804AC50 7405			JE	0804AC57
0804AC52 E987FFFFFF		JMP	0804ABDE	->R1R2L3
0804AC57 E93F000000		JMP	0804AC9B	->R1R2R3
0804AC5C B802000000		MOV	EAX,00000002	*(start)*
0804AC61 CD80			INT	80
0804AC63 09C0			OR	EAX,EAX
0804AC65 7405			JE	0804AC6C
-u
0804AC67 E9B1FFFFFF		JMP	0804AC1D	->L1
0804AC6C E915000000		JMP	0804AC86	->R1
0804AC71 B802000000		MOV	EAX,00000002	(R1L2)
0804AC76 CD80			INT	80
0804AC78 09C0			OR	EAX,EAX
0804AC7A 7405			JE	0804AC81
0804AC7C E92F000000		JMP	0804ACB0	->R1L2L3
0804AC81 E982FFFFFF		JMP	0804AC08	->R1L2R3
-u
0804AC86 B802000000		MOV	EAX,00000002	(R1)
0804AC8B CD80			INT	80
0804AC8D 09C0			OR	EAX,EAX
0804AC8F 7405			JE	0804AC96
0804AC91 E9DBFFFFFF		JMP	0804AC71	->R1L2
0804AC96 E9ACFFFFFF		JMP	0804AC47	->R1R2
0804AC9B B802000000		MOV	EAX,00000002	(R1R2R3)
0804ACA0 CD80			INT	80
-u
0804ACA2 09C0			OR	EAX,EAX
0804ACA4 7405			JE	0804ACAB
0804ACA6 E9FBFEFFFF		JMP	0804ABA6	-> exit
0804ACAB E9F6FEFFFF		JMP	0804ABA6	-> exit
0804ACB0 B802000000		MOV	EAX,00000002	(R1L2L3)
0804ACB5 CD80			INT	80
0804ACB7 09C0			OR	EAX,EAX
0804ACB9 7405			JE	0804ACC0
-u
0804ACBB E9E6FEFFFF		JMP	0804ABA6	-> exit
0804ACC0 E9E1FEFFFF		JMP	0804ABA6	-> exit
0804ACC5 B802000000		MOV	EAX,00000002	(L1R2L3)
0804ACCA CD80			INT	80
0804ACCC 09C0			OR	EAX,EAX
0804ACCE 7405			JE	0804ACD5
0804ACD0 E9D1FEFFFF		JMP	0804ABA6	-> exit
0804ACD5 E9CCFEFFFF		JMP	0804ABA6	-> exit
-u
0804ACDA B802000000		MOV	EAX,00000002	(L1R2R3)
0804ACDF CD80			INT	80
0804ACE1 09C0			OR	EAX,EAX
0804ACE3 7405			JE	0804ACEA
0804ACE5 E9BCFEFFFF		JMP	0804ABA6	-> exit
0804ACEA E9B7FEFFFF		JMP	0804ABA6	-> exit
0804ACEF 0000			ADD	BYTE [EAX],AL
0804ACF1 0000			ADD	BYTE [EAX],AL
-q

