Location:
Search - boot virus
Search list
Description: 硬盘以及分区结构简介。
硬盘分区表和文件分配表
硬盘只有经过物理格式化,分区,逻辑格式化后才能使用,在进行分区时,FDISK 会在硬盘的0柱面0磁头1扇区建一个64字节的分区表,在分表的前面是主引导记录 (MRB),后面是两个字节的有效标志55H,AAH,(H表示16进制)。此扇区被称为主 引导扇区,也是病毒最爱侵袭的地方,它由主引导记录+分区表+有效标志组成。
分区表对于系统自举十分重要,它规定着系统有几个分区;每个分区的起始及终止 扇区,大小以及是否为活动分区等重要信息。分区表由4个表项组成,每个表项16个字 节-hard on the structure and zoning. Hard disk partition table and document distribution table only after physical hard disk formatting, zoning, logical format as soon as possible. conducting district, FDISK the hard drive in cylindrical 0 0 1 Sector Head built a 64 bytes of zoning tables at the table in front of the Master Boot Record (MRB), followed by two bytes of effective signs 55 H, AAH, (H said 16-band). This was known as Sector master boot, as well as virus attacks favorite place, which consists of master boot record partition table effective symbol. Table system for the district since cite important, it provides a system has several branch; The start of each branch and terminate Sector. and whether the size of district activities and other important information. Division 4 table by t
Platform: |
Size: 757120 |
Author: zgb |
Hits:
Description: DLL的远程注入技术是目前Win32病毒广泛使用的一种技术。使用这种技术的病毒体通常位于一个DLL中,在系统启动的时候,一个EXE程序会将这个DLL加载至某些系统进程(如Explorer.exe)中运行。这样一来,普通的进程管理器就很难发现这种病毒了,而且即使发现了也很难清除,因为只要病毒寄生的进程不终止运行,那么这个DLL就不会在内存中卸载,用户也就无法在资源管理器中删除这个DLL文件-DLL injection technique is widely used Win32 virus a technical. Use of this technology to the virus-usually in a DLL, the system boot time. EXE program a DLL loaded to the system of certain processes (such as Explorer.exe) Win OK. As a result, general manager of the process it will be very difficult for the virus was discovered, but even if they discover is very difficult to remove. As long as the virus parasitic process operation is not terminated, then the DLL will not be in memory and unloading, users will have no way to the resource manager to remove the DLL files
Platform: |
Size: 45437 |
Author: 豹仔 |
Hits:
Description: 一个汇编病毒源代码-a compilation of the virus source code
Platform: |
Size: 4163 |
Author: 张雪 |
Hits:
Description: 对引导区的学驻病毒进行了剖析,分析了此类病毒的产生原因及发作原理。
Platform: |
Size: 260447 |
Author: 李明 |
Hits:
Description: 一个汇编病毒源代码-a compilation of the virus source code
Platform: |
Size: 4096 |
Author: 张雪 |
Hits:
Description: U盘大盗的关键代码,但并没有使之可以当病毒一样用。可以检测U盘插入事件,并将U盘上的文件拷贝到C:\Temp下。一切后果我本人不承担。-U bandit who was the key code, but not to make them when using the same virus. U disk can detect insertion events and the U-copy documents to C : \ Temp under. All the consequences I do not bear.
Platform: |
Size: 179200 |
Author: 王万三 |
Hits:
Description: 硬盘以及分区结构简介。
硬盘分区表和文件分配表
硬盘只有经过物理格式化,分区,逻辑格式化后才能使用,在进行分区时,FDISK 会在硬盘的0柱面0磁头1扇区建一个64字节的分区表,在分表的前面是主引导记录 (MRB),后面是两个字节的有效标志55H,AAH,(H表示16进制)。此扇区被称为主 引导扇区,也是病毒最爱侵袭的地方,它由主引导记录+分区表+有效标志组成。
分区表对于系统自举十分重要,它规定着系统有几个分区;每个分区的起始及终止 扇区,大小以及是否为活动分区等重要信息。分区表由4个表项组成,每个表项16个字 节-hard on the structure and zoning. Hard disk partition table and document distribution table only after physical hard disk formatting, zoning, logical format as soon as possible. conducting district, FDISK the hard drive in cylindrical 0 0 1 Sector Head built a 64 bytes of zoning tables at the table in front of the Master Boot Record (MRB), followed by two bytes of effective signs 55 H, AAH, (H said 16-band). This was known as Sector master boot, as well as virus attacks favorite place, which consists of master boot record partition table effective symbol. Table system for the district since cite important, it provides a system has several branch; The start of each branch and terminate Sector. and whether the size of district activities and other important information. Division 4 table by t
Platform: |
Size: 756736 |
Author: zgb |
Hits:
Description: DLL的远程注入技术是目前Win32病毒广泛使用的一种技术。使用这种技术的病毒体通常位于一个DLL中,在系统启动的时候,一个EXE程序会将这个DLL加载至某些系统进程(如Explorer.exe)中运行。这样一来,普通的进程管理器就很难发现这种病毒了,而且即使发现了也很难清除,因为只要病毒寄生的进程不终止运行,那么这个DLL就不会在内存中卸载,用户也就无法在资源管理器中删除这个DLL文件-DLL injection technique is widely used Win32 virus a technical. Use of this technology to the virus-usually in a DLL, the system boot time. EXE program a DLL loaded to the system of certain processes (such as Explorer.exe) Win OK. As a result, general manager of the process it will be very difficult for the virus was discovered, but even if they discover is very difficult to remove. As long as the virus parasitic process operation is not terminated, then the DLL will not be in memory and unloading, users will have no way to the resource manager to remove the DLL files
Platform: |
Size: 45056 |
Author: 豹仔 |
Hits:
Description: 可在系统引导时工作的RootKit,较简单
1) It s very small.The basic framework is just about 100 lines of assembly code.It supports 2000,XP,2003
2) It patches the kernel at runtime(no files are patched on disk).(basic version has this code removed , so as others could understand it easily).
3) BOOT KIT is PXE-compatible.
4) It can even lead to first ever PXE virus
5)It also enables you to load other root kits if you have physical access(Normally root kits can only be loaded by the administrator)-the system can guide the work of Rootkit. simple 1) It's very small.The basic framework is jus t about 100 lines of assembly code.It supports 2 000, XP, 2003 2) It patches the kernel at runtime (no file 's are patched on disk). (basic version has this c ode removed. so as others could understand it easily). 3) BOO T KIT is PXE-compatible. 4) It can even lead to fi rst ever PXE virus 5) It also enables you to load o ther'isnt root kits if you have physical access (Norm ally root kits can only be loaded by the administ rator)
Platform: |
Size: 72704 |
Author: 诚然 |
Hits:
Description: Monkey,即猴子病毒传播硬盘和软盘的引导区,总长度为 01F4H(500字节),它将原引导记录加密后保存,在系统读出时先解密再送出,结果造成病毒不在内存中时,系统无法得到正常的引导记录,以至对所有硬盘分区无法访问。-Monkey, a monkey virus that is spread by floppy disk and guide, 01F4H total length (500 bytes), which will encrypt the original boot record keeping, the system read out the first declassified again send, resulting virus is not memory, the system can not be normal boot record, as well as to all disk partitions can not visit.
Platform: |
Size: 5120 |
Author: jiankang |
Hits:
Description: 对引导区的学驻病毒进行了剖析,分析了此类病毒的产生原因及发作原理。-To guide school districts in the virus analyzed, analysis of such viruses and attacks the principle of cause.
Platform: |
Size: 260096 |
Author: 李明 |
Hits:
Description: C语言开发的一个计算机病毒程序,能够实现自动繁殖,删除系统文件,自我复制,修改注册表任意表项,进入系统启动进程等等功能。-C language developed by a computer virus program that can automatically reproduce, delete system files, self-copy, modify any registry entry, enter the system boot process and so on.
Platform: |
Size: 26624 |
Author: 季节 |
Hits:
Description: 3. 启动项目管理
最全自启动项目管理,带详细信息和进程资料
4. 启动顺序管理
延时启动,更具条件启动,比如网络,程序启动后启动相应程序
5. 文件删除改名处理
利用延时删除功能,删除病毒文件.或者将文件的权限全部去掉-3. To start the whole project management since the launch of the project management, with detailed information and process information 4. The boot sequence to start the management of delay, more start conditions, such as network, after the commencement of proceedings to start the corresponding procedures 5. Delete the renamed files to deal with the use of delay delete function to delete the virus file. or removed files
Platform: |
Size: 1516544 |
Author: haibinxx |
Hits:
Description: 读写磁盘主引导区(MBR)_VC 6.0++源代码-Read and write disk master boot sector (MBR) _VC 6.0++ Source code
Platform: |
Size: 27648 |
Author: Jackson |
Hits:
Description: 病毒分析:引导区病毒分析例子,但要熟悉汇编语言-Virus analysis: boot sector viruses analyzed examples, but be familiar with assembly language
Platform: |
Size: 2048 |
Author: aaa |
Hits:
Description: 这是一个引导型DOS病毒,通过修改MBR和系统中断向量来实现其操作-This is a DOS boot-type virus by modifying the MBR and the system interrupt vector to achieve its operational
Platform: |
Size: 1024 |
Author: GhostRiderXX |
Hits:
Description: 针对DOS的引导程序病毒,对于研究引导病毒机制,系统初始引导阶段工作机理有帮助。-The boot process for DOS virus, boot viruses for the study of mechanisms, the system boot phase of the mechanism of initial help.
Platform: |
Size: 995328 |
Author: 蒋青 |
Hits:
Description: 这是近期有一款关于病毒清理防护的VB开源代码,代码比较完整。有一定的技术性,具有市面共享及商业杀毒防毒类软件的常用特性,如病毒查杀,防护,可以隔离病毒。附带达700多种流行病毒库,可以自己更新增加病毒库。
其他技术支持,如注册表设置、优化,进程详细信息查看,开机启动项处理,垃圾文件清理、病毒库升级更新等功能,对于研究病毒防杀的网友可以借鉴学习。 -This is a recent virus clean-up protection on the VB source code, code is complete. A certain degree of technical, market share and business anti-virus with anti-virus software commonly used class features such as virus killing, protection, to isolate the virus. 700 with a variety of popular virus database, you can increase your virus database updates. Other technical support, such as registry settings, optimization, process more information see, boot handles, clean junk files, update the virus database update and other functions, for the killing of anti-virus users can learn from.
Platform: |
Size: 792576 |
Author: koyhei |
Hits:
Description: Ring0下注册表键值的枚举与隐藏。实现注册表项的枚举、隐藏。实现病毒开机自启动注册表项目检测.-Under the registry key enumeration Ring0 and hidden. Enumeration entry achieving the registry, hidden. Achieved since the launch of the registry items boot virus detection.
Platform: |
Size: 405504 |
Author: zyj |
Hits:
Description: Simple boot virus :)
Platform: |
Size: 2048 |
Author: Ivan |
Hits: