摘要：MBR感染,是DOS时代的事情了..那个时代的Dos机需要一个1.44MB大小的软盘来作为启动盘,于是MBR病毒就会大肆的感染MBR区,也感染了软盘的MBR...呵呵..现在的windows不需要通过软盘来启动了..但是现在的MBR感染应该不叫MBR感染了..叫改写了MBR区..windows下对MBR改写的可以参考下charme同学的<<MBR另类感染技术>>.下面贴一段... 阅读全文

摘要：系统启动过程主要由一下几步组成(以硬盘启动为例): 1. 开机 :-) 2. BIOS 加电自检 ( Power On Self Test -- POST ) 内存地址为 0ffff:0000 3. 将硬盘第一个扇区 (0头0道1扇区, 也就是Boot Sector) 读入内存地址 0000:7c00 处. 4. 检查 (WORD) 0000:7dfe 是否等于 0xaa55, 若不等于 则转去尝... 阅读全文

摘要：MOVSLODSCLDCMPSSTOSREPSTDSCAS　　MOVS ( MOVe String) 串传送指令MOVB //字节串传送 DF=0, SI = SI + 1 , DI = DI + 1 ；DF = 1 , SI = SI - 1 , DI = DI - 1MOVW //字串传送 DF=0, SI = SI + 2 , DI = DI + 2 ；DF = 1 , SI = SI - ... 阅读全文

摘要：1.Introduction============== In my search for knowledge, I found many tutorials out there that werecreated to show the user how to code a simple boot sector virus. Although thetutes were very good in ... 阅读全文

摘要：.386p.model flat ,stdcalloptions casemap:nonejumps.data.codeVirusStart:;重定位calldeltadelta:popebpmoveax,ebpsubebp,offset deltasubeax,RedundatSizesubeax,1000hNewEip equ $-4movdword ptr [ebp+AppBase],eax... 阅读全文