3783病毒源程序

#include< ios.h>

#include<dos.h>

#include<dir.h>

#include< tdio.h>

#include< tring.h>

#include< tdlib.h>

#include<alloc.h>

void k3783(char *fname);

int find3783(char *buf, int len);

int flushkey();

void search(char *line);

main(int argv,char *argc[])

{ struct ffblk file;

register int done;

char dir[MAXDIR],filename[MAXDIR+12];

if(argv==1)

{ printf("\t\tKILL Virus TPVO/3783 !\ quot;);

printf("\rThe Copywrite is Qing Dao Jian Gong Xue Yuan Computer 94.1\n\t\tJiang Xianggang \t1997.5.25\ quot;);

printf("Usage: k3783 [d:] path\n Example1:\n k3783 c:\\ \ quot;);

printf(" Example2:\n k3783 c:\\dos\\\ quot;);

exit(1);

}

argv=strlen(argc[1]);

argv--;

if(argc[1][argv]!='\\')

{ printf("\t\tKILL Virus TPVO/3783 !\ quot;);

printf("\rThe Copywrite is Qing Dao Jian Gong Xue Yuan Computer 94.1\n\t\tJiang Xianggang \t1997.5.25\ quot;);

printf("Usage: k3783 [d:] path\n Example1:\n k3783 c:\\ \ quot;);

printf(" Example2:\n k3783 c:\\dos\\\ quot;);

exit(1);

}

search(argc[1]);

printf("\n\t\tKILL Virus TPVO/3783 !\ quot;);

printf("\rThe Copywrite is Qing Dao Jian Gong Xue Yuan Computer 94.1\n\t\tJiang Xianggang \t1997.5.25\ quot;); 



}

void search(char *line)

{ struct ffblk file;

register int done;

char dir[MAXDIR],filename[MAXDIR+12],line1[80];



strcpy(dir,line) trcat(dir,"*.*");

done=findfirst(dir,&am file,0);

while(!done)

{ strcpy(filename,line);

printf("\r ");

printf("\r%s% quot;,line,file.ff_name);

strcat(filename,file.ff_name);

k3783(filename);

done=findnext(&am file);

if(bioskey(1)==0x011b) exit(1);

flushkey();

}

done=findfirst(dir,&am file,FA_HIDDEN|FA_SYSTEM);

while(!done)

{ strcpy(filename,line);

printf("\r ");

printf("\r%s% quot;,line,file.ff_name);

strcat(filename,file.ff_name);

k3783(filename);

done=findnext(&am file);

if(bioskey(1)==0x011b) exit(1);

}

/* done=findfirst(dir,&am file,FA_DIREC);

while(!done)

{ if(strcmp(file.ff_name,".")&am am trcmp(file.ff_name,".."))

{ strcpy(line1,line);

strcat(line1,file.ff_name);

strcat(line1,"\\");

search(line1);

}

done=findnext(&am file);

if(bioskey(1)==0x011b) exit(1);

} */

done=findfirst(dir,&am file,FA_DIREC|FA_HIDDEN);

while(!done)

{ if(strcmp(file.ff_name,".")&am am trcmp(file.ff_name,".."))

{ strcpy(line1,line);

strcat(line1,file.ff_name);

strcat(line1,"\\");

search(line1);

}

done=findnext(&am file);

if(bioskey(1)==0x011b) exit(1);

}

}

void k3783(char *fname)

{ FILE *fp,*fp1;

long file_length,i;

char source[64];

char *buf;

char *t;

int attri 

if((fp=fopen(fname,"r quot;))==NULL)

{ printf(" file %s open error!\ quot;,fname);

fclose(fp); retur 

}

fseek(fp,0l,SEEK_END);

file_length=ftell(fp);

if(file_length<3783l) {fclose(fp); retur }

if((buf=(char *)malloc(60*1024l))==NULL)

{ printf("\nout of memroy!\ quot;); fclose(fp); retur 

}

fseek(fp,-3783l,SEEK_END);

fread(buf,1,3783,fp);

t=buf;

if(find3783(buf,3783))

{ attrib=_chmod(fname,0);

_chmod(fname,1,0);

printf(" Found TPVO/3783 Virus!\7");

t=buf+3719;

/* fseek(fp,0l,SEEK_SET);

fwrite(t,1,64,fp);*/

if((fp1=fopen("c:k3783.tm quot;,"wb+"))==NULL)

{ printf(" Out of disk  ace! \ quot;);

fclose(fp); retur 

_chmod(fname,1,attrib); retur 

}

i=file_length-3783l-64l;

fseek(fp,64l,SEEK_SET);

fseek(fp1,0l,SEEK_SET);

fwrite(t,1,64,fp1);

while(i>0)

{ if(i>60*1024l)

{ fread(buf,1,60*1024l,fp);

fwrite(buf,1,60*1024l,fp1);

i-=60*1024l;

}

else { fread(buf,1,i,fp);

fwrite(buf,1,i,fp1);

i=0;

}

}

fclose(fp1);

fclose(fp);

if((fp=fopen(fname,"wb+"))==NULL)

{ printf(" \n file open error! OR File Ac e  error! No Killed!\ quot;);

fclose(fp1); remove("c:k3783.tm quot;);

_chmod(fname,1,attrib);

retur 

}

fp1=fopen("c:k3783.tm quot;,"r quot;);

i=file_length-3783l;

fseek(fp,0l,SEEK_SET);

fseek(fp1,0l,SEEK_SET);

while(i>0)

{ if(i>60*1024l)

{ fread(buf,1,60*1024l,fp1);

fwrite(buf,1,60*1024l,fp);

i-=60*1024l;

}

else { fread(buf,1,i,fp1);

fwrite(buf,1,i,fp);

i=0;

}

}

fclose(fp1);

remove("c:k3783.tm quot;);

fclose(fp);

free(buf);

_chmod(fname,1,attrib);

printf(" Killed! OK!\n\ quot;);

}

else

{ free(buf);

fclose(fp);

}

}

int find3783(char *buf, int len)

{ char *code2="\xb8\x08\x02" 

char *code1="\x7c\x8e\xc4" 

char *code3="\xcd\x13" 

char *code4="\x06\x68\xc3" 

char *t;

int i=0,j,k,l;

t=buf;

while(i<len)

{ if(memcmp((t+i),code1,3))

i++;

else

{ i++;

j=i+2;

while(j<len)

{

if(memcmp((t+j),code2,3))

j++;

else

{ j++; k=j+2;

while(k<len)

{

if(memcmp((t+k),code3,2))

k++;

else

{ k++;l=k+1;

while(l<len)

{ if(memcmp((t+l),code4,3))

l++;

else return 1;

}

}

}

}

}

}

}

return 0;

}

int flushkey()

{

union REGS r;

r.h.ah=0x0c;

r.h.al=0x06;

r.h.dl=0xff;

intdos(&am r,&am r);

}