发个以前的病毒样本，关关税吧！

;This is source code of a WinXp virus.Write by zjjmj2002.
;It use \Device\PhysicalMemory switch to ring.The routine entering ring 0 is from some other's C code--I only
;rewrite it in MASM.
;It use ApiHash to Search the API addresses in memory.
;The infection method is cavity infection.It will insert pieces of itself to the cavity of host
;file,but if there are no enough place for it,it will append to the tail of host file.
;It will hook CreateProcessW to infect PE file.
;It can hide itself in kernen32.dll module.Save computer resource :)
;It will destory many install PE file,becoz they always try to examine themself before executing :(
;So if the PE filesize>10M,it will not infect!
;Anti WFP，so my cute virus can infect notepad.exe and so on！
;This is TEST version, So it only infect special PE file(offset 0x38=0xff)！
;Sorry for my poor English,coz I have wasted too many time on StarCraft,hehe!

                     

都爱用英文....