CIH virus mainly infects executable programs of Windows 95/98/Me. When it attacks, it destroys the system program in the computer's Flash BIOS chip, causing damage to the motherboard and destroying data in the hard disk. When a virus attacks, the hard drive spins continuously, and the virus program writes junk data to the hard drive in units of 2048 sectors, starting from the main boot area of the hard drive until all the hard drive data is destroyed. All data on the hard disk (including the partition table) is destroyed and must be repartitioned to possibly save the hard disk. At the same time, motherboards from some brands, such as Gigabyte and MSI, will destroy the system program in the Flash BIOS, causing the system to become unresponsive after booting.
The CIH virus was introduced into the country from Taiwan in August 1998. There are five versions in total. Various versions have developed over time and been continuously improved. The development process is as follows:
(1 ) CIH virus version 1.0
The initial version 1.0 was only 656 bytes, and the prototype was relatively simple. There was not much improvement in structure from ordinary viruses. Its biggest feature is that it can infect Microsoft Windows PE executable files, the length of program files infected by them increases, and the CIH virus version 1.0 is not yet destructive.
(2) CIH virus version 1.1
When the CIH virus developed to version 1.1, the length of the virus was 796 bytes. This version of the CIH virus has the ability to determine Windows Once it is determined that the user is running Windows NT, the functions of the NT software will not take effect and will hide themselves to avoid generating error messages. At the same time, more optimized code is used to reduce its length.
Another improvement point of version 1.1 CIH virus is that it can take advantage of the "gaps" in the Windows PE class executable file, split itself into several parts as needed, and insert them into the PE class executable file respectively. The advantage of this is that it will not increase the file length when infecting most Windows PE files.
(3) CIH virus version 1.2
When the CIH virus developed to version 1.2, in addition to correcting some of the defects of version 1.1, it also added the ability to damage users The hard disk and the code of the user's machine BIOS program. This improvement makes it enter the ranks of malignant viruses. The CIH virus body length of version 1.2 is 1003 bytes.
(4) CIH virus version 1.3
The biggest flaw of the CIH virus version 1.2 is that when it infects a ZIP self-extracting package file, it will cause the ZIP compressed package to The following error warning message appears during self-extraction:
WinZip Self-Extractor header corrupt. Possible cause: disk or file transfer error.
Version 1.3 of the CIH virus appears to be in a hurry. Its improvement points are aimed at the above defects. Its improvement method is: Once it is determined that the opened file is WinZip Self-extracting programs of this type will not be infected. At the same time, this version of the CIH virus has modified the virus attack time from April 26 to June 26. The CIH virus version 1.3 is 1010 bytes long.
(4) CIH virus version 1.4
Version 1.4 CIH virus has improved the defects in previous versions and does not infect ZIP self-extracting package files. It also modifies The attack date was changed from June 26 to the 26th of each month, increasing the frequency of virus attacks. The copyright information in the virus was also modified (the copyright information was changed to: "CIH v1.4 TATUNG", the relevant information in the previous version was "CIH v1.x TTIT"), the length of the CIH virus version 1.4 is 1019 bytes.
As mentioned before, the CIH virus has created several firsts in the history of viruses and is very destructive. The outbreak of the virus has caused immeasurable losses to the world. So, how is code with such great "destructive" power written? Below, we take version 1.4 of the CIH virus as an example to analyze part of its core code.
The above is the content of virus program source code example analysis-CIH virus [1]. For more related content, please pay attention to the PHP Chinese website (www.php.cn)!
What is the full form of PHP?Apr 28, 2025 pm 04:58 PMThe article discusses PHP, detailing its full form, main uses in web development, comparison with Python and Java, and its ease of learning for beginners.
How does PHP handle form data?Apr 28, 2025 pm 04:57 PMPHP handles form data using $\_POST and $\_GET superglobals, with security ensured through validation, sanitization, and secure database interactions.
What is the difference between PHP and ASP.NET?Apr 28, 2025 pm 04:56 PMThe article compares PHP and ASP.NET, focusing on their suitability for large-scale web applications, performance differences, and security features. Both are viable for large projects, but PHP is open-source and platform-independent, while ASP.NET,
Is PHP a case-sensitive language?Apr 28, 2025 pm 04:55 PMPHP's case sensitivity varies: functions are insensitive, while variables and classes are sensitive. Best practices include consistent naming and using case-insensitive functions for comparisons.
How do you redirect a page in PHP?Apr 28, 2025 pm 04:54 PMThe article discusses various methods for page redirection in PHP, focusing on the header() function and addressing common issues like "headers already sent" errors.
Explain type hinting in PHPApr 28, 2025 pm 04:52 PMArticle discusses type hinting in PHP, a feature for specifying expected data types in functions. Main issue is improving code quality and readability through type enforcement.
What is PDO in PHP?Apr 28, 2025 pm 04:51 PMThe article discusses PHP Data Objects (PDO), an extension for database access in PHP. It highlights PDO's role in enhancing security through prepared statements and its benefits over MySQLi, including database abstraction and better error handling.
How to create API in PHP?Apr 28, 2025 pm 04:50 PMArticle discusses creating and securing PHP APIs, detailing steps from endpoint definition to performance optimization using frameworks like Laravel and best security practices.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Zend Studio 13.0.1
Powerful PHP integrated development environment
PhpStorm Mac version
The latest (2018.2.1) professional PHP integrated development tool
SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.
SublimeText3 English version
Recommended: Win version, supports code prompts!
