谢谢了。
解决方案 »
- 如何申请内存并清空
- 请教:VS2005 ocx添加方法的问题
- 把一张图片装入memDC, 再在memDC中画一条路径, 画下一条路径的时候, 把原路径删掉
- 用ActiveSkin覆盖画图的内容怎么办?
- 用_outp控制DO卡输出
- 如果要改变别的程序窗口的滚动条位置,从而改变其显示内容,有什么办法实现?
- 关于“深入浅出MFC第二版”第三章《MFC六大关键技术之仿镇》的几个问题
- 请问VB怎样传数组给COM?
- wdl是什么格式?怎么打开呀!!!
- COM+程序员请留下您的OICQ和邮件地址,大家平时多多切磋
- 各位兄弟,小弟想学习视频监控图像编程,请问有哪些关键技术需要学习?!
- 求助!编译时出现的问题!!!
也没有这方面的内容啊。
是高手做的事
标 题: 杀毒程序 -- Kill3783
发信站: 饮水思源站 (Thu May 22 12:15:21 1997) , 转信/* Kill 3783 Virus by IceRiver */#include <DIR.H>
#include <DOS.H>
#include <IO.H>
#include <STDIO.H>
#include <STRING.H>
#include <PROCESS.H>void main(int, char * []);
void scanFiles(char *);
void kill(char *);
void virusReport(char *);long filesScaned=0;
long virusFound=0;void main(int argc, char * argv[])
{
int i; char filePath[MAXPATH]; union REGS r; printf("Kill TVPO/3783 Virus by IceRiver\n\n"); if (argc==1)
{
printf("Usage: KILL3783 Path1 [Path2] ...\n");
exit(0);
} r.x.ax=0x187f;
r.x.bx=0x4453;
int86(0x21, &r, &r);
if (r.x.bx==0x87a1)
{
printf("3783 Virus found in memory ,\n");
printf("please reboot the machine with a 'CLEAN' floppy\n");
exit(1);
} for (i=1; i<argc; i++)
{
strncpy(filePath, argv[i], MAXPATH-1);
scanFiles(filePath);
} printf("Total %ld files scaned, %ld virus found and killed! \n", filesScaned, virusFound);
}void scanFiles(char * filePath)
{
int done;
char fileName[MAXPATH];
char R[MAXDRIVE], D[MAXDIR], N[MAXFILE], E[MAXEXT];
struct ffblk ffblk;
char tempAttrib; fnsplit(filePath, R, D, N, E);
if (!strcmp(N,"")) strcpy(N, "*");
if (!strcmp(E,"")) strcpy(E, ".*");
fnmerge(filePath, R, D, N, E); done = findfirst(filePath, &ffblk, 0xFF);
while (!done)
{
if ((ffblk.ff_attrib & FA_LABEL)==0 && (ffblk.ff_attrib & FA_DIREC)==0)
{
filesScaned++;
if (ffblk.ff_fsize>3783)
{
fnmerge(fileName, R, D, "", "");
strcat(fileName, ffblk.ff_name);
tempAttrib=ffblk.ff_attrib;
_dos_setfileattr(fileName, 0);
kill(fileName);
_dos_setfileattr(fileName, tempAttrib);
}
}
done = findnext(&ffblk);
} fnmerge(filePath, R, D, "*", ".*");
done = findfirst(filePath, &ffblk, FA_DIREC);
while (!done)
{
if ((ffblk.ff_attrib & FA_DIREC)!=0 && ffblk.ff_name[0]!='.')
{
fnmerge(fileName, R, D, "", "");
strcat(fileName, ffblk.ff_name);
strcat(fileName, "\\");
strcat(fileName, N);
strcat(fileName, E);
scanFiles(fileName);
}
done = findnext(&ffblk);
}
}char Virus[23]={0x0E, 0x1F, 0xE8, 0x00, 0x00, 0x5E, 0x83, 0xEE, 0x05,
0x56, 0x06, 0xB8, 0x7F, 0x18, 0xBB, 0x53, 0x44, 0xCD,
0x21, 0x81, 0xFB, 0xA1, 0x87};void kill(char * fileName)
{
FILE * fp;
unsigned char ID[3];
unsigned char Buffer[23];
unsigned Address;
long LoadImage;
unsigned tempTime, tempDate; printf("Scaning %-50s\r", fileName); fp=fopen(fileName, "rb+");
_dos_getftime(fp->fd, &tempDate, &tempTime);
fseek(fp, -3783l, SEEK_END);
fread(Buffer, 23, 1, fp);
if (!memcmp(Virus, Buffer, 23)) // May be inflected
{
fseek(fp, 0, SEEK_SET);
fread(&ID, 3, 1, fp);
if ((ID[0]==0x4D && ID[1]==0x5A) || (ID[0]==0x5A && ID[1]==0x4D)) // May be EXE files
{
fseek(fp, -3783l+0xE87, SEEK_END);
fread(&ID, 3, 1, fp);
if (ID[0]==0x4D && ID[1]==0x5A || ID[0]==0x5A && ID[1]==0x4D)
{
virusReport(fileName);
fseek(fp, -3783l+0xE95, SEEK_END);
fread(Buffer, 4, 1, fp);
fseek(fp, -3783l+0xE9B, SEEK_END);
fread(Buffer+4, 4, 1, fp);
fseek(fp, 0x0E, SEEK_SET);
fwrite(Buffer, 4, 1, fp);
fseek(fp, 0x14, SEEK_SET);
fwrite(Buffer+4, 4, 1, fp);
fseek(fp, -3783, SEEK_END);
chsize(fp->fd, ftell(fp)); fseek(fp, 0x02, SEEK_SET);
fread(Buffer, 4, 1, fp);
LoadImage=512l*(*(unsigned *)(Buffer+2))+*(unsigned *)Buffer;
if (*(unsigned *)Buffer!=0) LoadImage-=512;
LoadImage-=3783;
if (*(unsigned *)Buffer!=0)
*(unsigned *)(Buffer+2)=LoadImage/512+1;
else
*(unsigned *)(Buffer+2)=LoadImage/512;
*(unsigned *)Buffer=LoadImage%512;
fseek(fp, 0x02, SEEK_SET);
fwrite(Buffer, 0x04, 1, fp);
}
} else // May be COM or BIN files
{
if (ID[0] == 0xE9) // JMP instruction found
{
Address=ID[1]+ID[2]*256;
if (Address==filelength(fp->fd)-3783-3)
{
virusReport(fileName);
fseek(fp, -3783l+0xE87, SEEK_END);
fread(&ID, 3, 1, fp);
fseek(fp, 0, SEEK_SET);
fwrite(&ID, 3, 1, fp);
fseek(fp, -3783, SEEK_END);
chsize(fp->fd, ftell(fp));
}
}
}
} _dos_setftime(fp->fd, tempDate, tempTime);
fclose(fp);
}void virusReport(char * fileName)
{
printf("3783 Virus found in file %s, killed! \n", fileName);
virusFound++;
}-- \
----------------\--
--- 钻石星尘拳 -----
----------------/--
/
char Virus[23]={0x0E, 0x1F, 0xE8, 0x00, 0x00, 0x5E, 0x83, 0xEE, 0x05,
0x56, 0x06, 0xB8, 0x7F, 0x18, 0xBB, 0x53, 0x44, 0xCD,
0x21, 0x81, 0xFB, 0xA1, 0x87};
http://www.xfocus.net/articles/200310/622.html