- UID
- 66114
注册时间2010-4-1
阅读权限30
最后登录1970-1-1
龙战于野
TA的每日心情 | 慵懒
2019-3-12 17:25 |
|---|
签到天数: 3 天 [LV.2]偶尔看看I
|
__________________________________________________________________________
(__________________________________________________________________________)
{ __ } { __ } | | { __ } { __ }
|\\| |\\| .----O----------------------------O----. |//| |//|
|\\| |\\| | Accessing the Win32 APIs | |//| |//|
|\\| |\\| `--------------------------------------' |//| |//|
{____} {____} {____} {____}
+-----------------+
? Foreword //前言 ?
+-----------------+
Before starting to see some real virus writing code, let us
concentrate on the most important issue of the win32 virus coding: locating
the win32 apis. As the Win32 apis are the heart of the system and no action
can be performed without them, one should locate the needed apis for it's
code to run.
前言
在开始写一些真正意义上的病毒时,让我们先看看Win32里病毒编程核心部分:Win32 API的定位.
因为Win32 API是系统的核心,没有API任何事情我们都做不了,定位API并注入我们的代码是我们的目标.
<--------------------------------------------------------------------- Basics
Firstly, let me say that in this tute I will call all versions of
Windows 95 (Chicago, Nashville, OSR1, OSR2, all betas), Windows 98 (Memphis,
all betas) and Windows NT (3.x, 4.0) as w95. I know that Windows NT is quite
different from Windows 95, but still many things work on both systems.
Therefore I will call all w95... After all, I write this stuff !!!! ;-))
首先,我要说的是本教程中 win95下各版本,Win98,及NT(3.x 4.0)都通称为Win95.我知道NT与Win95有着很大的区别.
但是两系统中仍有许多相通性.因此我就管他们统一叫Win95...毕竟是我写的;-))
First let me tell you about the memory in w95. Here, the memory is
flat. A flat memory is a chunk of bytes in a sole huge segment. It is
called a selector. Therefore, you don't need to use the old segment and
offset assignment to reach a particular area in the memory. Now all you
have is the offset. The size of the memory is:
先让我告诉你在W95下的关于内存的一些事.
这里,内存属于平坦模式, 平坦内存是在一个独立的大段中的一块连续的bytes.
他被称为选择器,因此你不需要使用旧的段和偏移地址分配来到达指定的内存地址.现在有的只是偏移地址.
内存的大小为: |
|
IP卡
发表于 2010-5-29 21:13:39
提升卡
置顶卡
变色卡
千斤顶
显身卡