2000-11-12 · Hotice · xici
Hello everyone, everyone has heard computer virus, is it very mysterious? I don't want to know what it is, how is it? Due to the main reason, people who edited the virus are secretly declared, causing a misunderstanding that the virus is very mysterious. In fact, the virus is also a procedure. It is just some special. Ok, let me talk about it.
A COM virus compiled a COM file is a single-segment execution structure, originating from the CPM-86 operating system, its execution file code is exactly the same, and the initial execution of the offset address is 100h, corresponding to the file Move 0. Run Debug first to do an exercise, we take the more.com of more.com to do experiments. C: / debug more.com -u 0ca4: 0100 B8371E MOV AX, 1E37; note the top three bytes of content 0CA4: 0103 ba3008 MOV DX, 0830 0CA4: 0106 3BC4 CMP AX, SP 0CA4: 0108 7369 JNB 0173 0CA4: 010A 8BC4 MOV AX, SP 0CA4: 010C 2D4403 SUB AX, 0344 0CA4: 010F 90 NOP 0CA4: 0110 25F0FF AND AX, FFF0 0CA4: 0113 8BF8 MOV DI, AX 0CA4: 0115 B9A200 MOV CX, 00A2 0CA4: 0118 90 NOP 0CA4: 0119 Be7e01 MOV SI, 017E 0CA4: 011C FC CLD 0CA4: 011D F3 REPZ 0CA4: 011E A5 MOVSW 0CA4: 011F 8BD8 MOV BX, AX