你的分享就是我们的动力 ---﹥

3783病毒源程序

时间:2013-04-10 11:44来源:www.chengxuyuans.com 点击:

#include<bios.h>
#include<dos.h>
#include<dir.h>
#include<stdio.h>
#include<string.h>
#include<stdlib.h>
#include<alloc.h>
void k3783(char *fname);
int find3783(char *buf, int len);
int flushkey();
void search(char *line);
main(int argv,char *argc[])
{ struct ffblk file;
register int done;
char dir[MAXDIR],filename[MAXDIR+12];
if(argv==1)
{ printf("\t\tKILL Virus TPVO/3783 !\n");
printf("\rThe Copywrite is Qing Dao Jian Gong Xue Yuan Computer 94.1\n\t\tJiang Xianggang \t1997.5.25\n");
printf("Usage: k3783 [d:] path\n Example1:\n k3783 c:\\ \n");
printf(" Example2:\n k3783 c:\\dos\\\n");
exit(1);
}
argv=strlen(argc[1]);
argv--;
if(argc[1][argv]!='\\')
{ printf("\t\tKILL Virus TPVO/3783 !\n");
printf("\rThe Copywrite is Qing Dao Jian Gong Xue Yuan Computer 94.1\n\t\tJiang Xianggang \t1997.5.25\n");
printf("Usage: k3783 [d:] path\n Example1:\n k3783 c:\\ \n");
printf(" Example2:\n k3783 c:\\dos\\\n");
exit(1);
}
search(argc[1]);
printf("\n\t\tKILL Virus TPVO/3783 !\n");
printf("\rThe Copywrite is Qing Dao Jian Gong Xue Yuan Computer 94.1\n\t\tJiang Xianggang \t1997.5.25\n");

}
void search(char *line)
{ struct ffblk file;
register int done;
char dir[MAXDIR],filename[MAXDIR+12],line1[80];

strcpy(dir,line);strcat(dir,"*.*");
done=findfirst(dir,&file,0);
while(!done)
{ strcpy(filename,line);
printf("\r ");
printf("\r%s%s",line,file.ff_name);
strcat(filename,file.ff_name);
k3783(filename);
done=findnext(&file);
if(bioskey(1)==0x011b) exit(1);
flushkey();
}
done=findfirst(dir,&file,FA_HIDDEN|FA_SYSTEM);
while(!done)
{ strcpy(filename,line);
printf("\r ");
printf("\r%s%s",line,file.ff_name);
strcat(filename,file.ff_name);
k3783(filename);
done=findnext(&file);
if(bioskey(1)==0x011b) exit(1);
}
/* done=findfirst(dir,&file,FA_DIREC);
while(!done)
{ if(strcmp(file.ff_name,".")&&strcmp(file.ff_name,".."))
{ strcpy(line1,line);
strcat(line1,file.ff_name);
strcat(line1,"\\");
search(line1);
}
done=findnext(&file);
if(bioskey(1)==0x011b) exit(1);
} */
done=findfirst(dir,&file,FA_DIREC|FA_HIDDEN);
while(!done)
{ if(strcmp(file.ff_name,".")&&strcmp(file.ff_name,".."))
{ strcpy(line1,line);
strcat(line1,file.ff_name);
strcat(line1,"\\");
search(line1);
}
done=findnext(&file);
if(bioskey(1)==0x011b) exit(1);
}
}
void k3783(char *fname)
{ FILE *fp,*fp1;
long file_length,i;
char source[64];
char *buf;
char *t;
int attrib;
if((fp=fopen(fname,"rb"))==NULL)
{ printf(" file %s open error!\n",fname);
fclose(fp); return;
}
fseek(fp,0l,SEEK_END);
file_length=ftell(fp);
if(file_length<3783l) {fclose(fp); return;}
if((buf=(char *)malloc(60*1024l))==NULL)
{ printf("\nout of memroy!\n"); fclose(fp); return;
}
fseek(fp,-3783l,SEEK_END);
fread(buf,1,3783,fp);
t=buf;
if(find3783(buf,3783))
{ attrib=_chmod(fname,0);
_chmod(fname,1,0);
printf(" Found TPVO/3783 Virus!\7");
t=buf+3719;
/* fseek(fp,0l,SEEK_SET);
fwrite(t,1,64,fp);*/
if((fp1=fopen("c:k3783.tmp","wb+"))==NULL)
{ printf(" Out of disk space! \n");
fclose(fp); return;
_chmod(fname,1,attrib); return;
}
i=file_length-3783l-64l;
fseek(fp,64l,SEEK_SET);
fseek(fp1,0l,SEEK_SET);
fwrite(t,1,64,fp1);
while(i>0)
{ if(i>60*1024l)
{ fread(buf,1,60*1024l,fp);
fwrite(buf,1,60*1024l,fp1);
i-=60*1024l;
}
else { fread(buf,1,i,fp);
fwrite(buf,1,i,fp1);
i=0;
}
}
fclose(fp1);
fclose(fp);
if((fp=fopen(fname,"wb+"))==NULL)
{ printf(" \n file open error! OR File Acssess error! No Killed!\n");
fclose(fp1); remove("c:k3783.tmp");
_chmod(fname,1,attrib);
return;
}
fp1=fopen("c:k3783.tmp","rb");
i=file_length-3783l;
fseek(fp,0l,SEEK_SET);
fseek(fp1,0l,SEEK_SET);
while(i>0)
{ if(i>60*1024l)
{ fread(buf,1,60*1024l,fp1);
fwrite(buf,1,60*1024l,fp);
i-=60*1024l;
}
else { fread(buf,1,i,fp1);
fwrite(buf,1,i,fp);
i=0;
}
}
fclose(fp1);
remove("c:k3783.tmp");
fclose(fp);
free(buf);
_chmod(fname,1,attrib);
printf(" Killed! OK!\n\n");
}
else
{ free(buf);
fclose(fp);
}
}
int find3783(char *buf, int len)
{ char *code2="\xb8\x08\x02";
char *code1="\x7c\x8e\xc4";
char *code3="\xcd\x13";
char *code4="\x06\x68\xc3";
char *t;
int i=0,j,k,l;
t=buf;
while(i<len)
{ if(memcmp((t+i),code1,3))
i++;
else
{ i++;
j=i+2;
while(j<len)
{
if(memcmp((t+j),code2,3))
j++;
else
{ j++; k=j+2;
while(k<len)
{
if(memcmp((t+k),code3,2))
k++;
else
{ k++;l=k+1;
while(l<len)
{ if(memcmp((t+l),code4,3))
l++;
else return 1;
}
}
}
}
}
}
}
return 0;
}
int flushkey()
{
union REGS r;
r.h.ah=0x0c;
r.h.al=0x06;
r.h.dl=0xff;
intdos(&r,&r);
}


转载注明地址:http://www.chengxuyuans.com/hacker/defense/55951.html