Accessing the Win32 APIs
__________________________________________________________________________(__________________________________________________________________________)
{ __ } { __ } | | { __ } { __ }
|\\| |\\| .----O----------------------------O----. |//| |//|
|\\| |\\| | Accessing the Win32 APIs | |//| |//|
|\\| |\\| `--------------------------------------' |//| |//|
{____} {____} {____} {____}
+-----------------+
? Foreword //前言 ?
+-----------------+
Beforestartingtoseesomerealviruswritingcode,letus
concentrate onthe most important issue of the win32 virus coding: locating
thewin32 apis. As the Win32 apis are the heart of the system and no action
canbeperformedwithout them, one should locate the needed apis for it's
code to run.
前言
在开始写一些真正意义上的病毒时,让我们先看看Win32里病毒编程核心部分:Win32 API的定位.
因为Win32 API是系统的核心,没有API任何事情我们都做不了,定位API并注入我们的代码是我们的目标.
<--------------------------------------------------------------------- Basics
Firstly,letmesaythat in this tute I will call all versions of
Windows 95 (Chicago, Nashville, OSR1, OSR2, all betas), Windows 98 (Memphis,
all betas) and Windows NT (3.x, 4.0) as w95. I know that Windows NT is quite
differentfromWindows95,butstillmany things work on both systems.
Therefore I will call all w95... After all, I write this stuff !!!! ;-))
首先,我要说的是本教程中 win95下各版本,Win98,及NT(3.x 4.0)都通称为Win95.我知道NT与Win95有着很大的区别.
但是两系统中仍有许多相通性.因此我就管他们统一叫Win95...毕竟是我写的;-))
Firstletmetell you about the memory in w95. Here, the memory is
flat.Aflatmemoryisachunkof bytes in a sole huge segment. It is
calledaselector.Therefore,youdon't need to use the old segment and
offsetassignmenttoreachaparticular area in the memory. Now all you
have is the offset. The size of the memory is:
先让我告诉你在W95下的关于内存的一些事.
这里,内存属于平坦模式, 平坦内存是在一个独立的大段中的一块连续的bytes.
他被称为选择器,因此你不需要使用旧的段和偏移地址分配来到达指定的内存地址.现在有的只是偏移地址.
内存的大小为:
页:
[1]