Computer Virus Making | Make A Virus!

In the last installment of my Virus Writing Guide, I explained the various parts of a virus and went into a brief discussion about each. In this issue, I shall devote all my attention towards the replicator portion of the virus. I promised code and code I shall present. However, I shall digress for a moment because it has come to my attention that some mutant copies of the first installment were inadvertently released. These copies did not contain a vital section concerning the calculation of offsets. You never know where your variables and code are going to wind up in memory. If you think a bit, this should be pretty obvious. Since you are attaching the virus to the end of a program, the location in memory is going to be changed, i.e. it will be larger by the size of the infected program. So, to compensate, we must take the change in offset from the original virus, or the delta offset, and add that to all references to variable...

You can download this ebook for your reference on how to boost your money using ebay. More important, I will give it to you for FREE!!! Click HERE

This is the part which conceals the program from notice by the everyday user and virus scanner. The simplest form of concealment is the encryptor. The code for a simple XOR encryption system follows: encrypt_val db ? decrypt: encrypt: mov ah, encrypt_val mov cx, part_to_encrypt_end - part_to_encrypt_start mov si, part_to_encrypt_start mov di, si xor_loop: lodsb ; DS:[SI] -> AL xor al, ah stosb ; AL -> ES:[DI] loop xor_loop ret Note the encryption and decryption procedures are the same. This is due to the weird nature of XOR. You can CALL these procedures from anywhere in the program, but make sure you do not call it from a place within the area to be encrypted, as the program will crash. When writing the virus, set the encryption value to 0. part_to_encrypt_start and part_to_encrypt_end sandwich the area you wish to encrypt. Use a CALL decrypt in the beginning of V2 to unencrypt ...

The job of the replicator is to spread the virus throughout the system of the clod who has caught the virus. How does it do this without destroying the file it infects? The easiest type of replicator infects COM files. It first saves the first few bytes of the infected file. It then copies a small portion of its code to the beginning of the file, and the rest to the end. In the diagram, P1 is part 1 of the file, P2 is part 2 of the file, and V1 and V2 are parts 1 and 2 of the virus. Note that the size of P1 should be the same as the size of V1, but the size of P2 doesn't necessarily have to be the same size as V2. The virus first saves P1 and copies it to the either 1) the end of the file or 2) inside the code of the virus. Let's assume it copies the code to the end of the file. The file now looks like: Then, the virus copies the first part of itself to the beginning of the file. Finally, the virus copies the second part of itself to the end of the...

Now I must said that you have finish studying about the basics of the assembly language, so that I want to continue with our virus writing guide. Before that you must know every types and function of virus you want to create. Remember, all of this is for educational purpose only. I don't want to take any responsibility of what you're doing with my article. For started, there are three types of virii @ virus that is: 1) Tiny virii (under 500 bytes) which are designed to be undetectable due to their small size. TINY is one such virus. They are generally very simple because their code length is so limited. 2) Large virii (over 1,500 bytes) which are designed to be undetectable because they cover their tracks very well (all that code DOES have a use!). The best example of this is the Whale virus, which is perhaps the best 'Stealth' virus in existence. 3) Other virii which are not designed to be hidden at all (the writers don't give...

Ok, as promised before, I'll explain about the INT in this post. So, check it out and understand it cause this will be used a lot in your programme you write. Examples: INT 21h ;calls DOS standard interrupt # 21h INT 10h ;the Video BIOS interrupt.. INT is used to call a subroutine that performs some function that you'd rather not write yourself. For instance, you would use a DOS interrupt to OPEN a file. You would similiarly use the Video BIOS interrupt to set the screen mode, move the cursor, or to do any other function that would be difficult to program. Which subroutine the interrupt preforms is USUALLY specified by AH. For instance, if you wanted to print a message to the screen you'd use INT 21h, subfunction 9 by doing this: mov ah,9 int 21h Yes, it's that easy. Of course, for that function to do anything, you need to specify WHAT to print. That function requires that you have DS:DX be a FAR pointer that points to ...

Now I want to share with you a stand alone software used to compile .asm files to exe files. This is very useful for you to assemble whats you write/programmed. Check it out! DOWNLOAD

Heck, as long as I've mentioned it before, lets look at the STACK: The STACK is an area of memory that has the properties of a STACK of plates- the last one you put on is the first one take off. The only difference is that the stack of plates is on the roof. (Ok, so that can't really happen... unless gravity was shut down...) Meaning that as you put another plate (or piece of data) on the stack, the STACK grows DOWNWARD. Meaning that the stack pointer is DECREASED after each PUSH, and INCREASED after each POP. _____ Top of the allocated memory in the stack segment (SS) þ þ þ þ ® SP (the stack pointer points to the most recently pushed byte) Truthfully, you don't need to know much more than a stack is Last In, First Out (LIFO). WRONG ex: push cx ;this swaps the contents of CX and AX push ax ;of course, if you wanted to do this quicker, you'd ... pop cx ;just say XCHG cx,ax pop ax ; but ...

As before I've mentioned about the AX registers, now we'll continue about the other registers. Take note guys!. BX (BH/BL): same as AX (BH/BL) SPECIAL USES: As mentioned before, BX can be used as an OFFSET register. ex: mov ax,[ds:bx] (grabs the WORD at the address created by DS and BX) CX (CH/CL): Same as AX SPECIAL USES: Used in REP prefix to repeat an instruction CX number of times ex: mov cx,10 mov ax,0 rep stosb ;this would write 10 zeros to [ES:DI] and increase ;DI by 10. Used in LOOP ex: mov cx,100 THELABEL: ;do something that would print out 'HI' loop THELABEL ;this would print out 'HI' 100 times ;the loop is the same as: dec cx jne THELABEL DX (D...

Recently I found this site that really good in P-T-C (paid to click) system and highest paying rates! Try it yourself. Good to make your side income but it's not make you rich in a second. Remember that. Click here to register.

I've mentioned AX, AL, and AH before, and you're probably wondering what exactly they are. Well, I'm gonna go through one by one and explain what each register is and what it's most common uses are. Here goes: AX (AH/AL): AX is a 16 bit register which, as metioned before, is merely two bytes attached together. Well, for AX, BX, CX, & DX you can independantly access each part of the 16 bit register through the 8bit (or byte sized) registers. For AX, they are AL and AH, which are the Low and High parts of AX, respectivly. It should be noted that any change to AL or AH, will change AX. Similairly any changes to AX may or may not change AL and AH. For instance: Let's suppose that AX = 00000h (AH and AL both = 0, too) mov AX,0 mov AL,0 mov AH,0 Now we set AL = 0FFh. mov AL,0FFh :AX => 000FFh ;I'm just showing ya what's in the registers :AL => 0FFh :AH => 000h Now we increase AX by one: INC AX :AX =...

New affiliates added at the right side! Check this out! Wireless Speakers Search through this great collection of brand name speakers Vigrx Health supplements with great multiple discounts! Penis Enlargement Testing kits for infections Av Rent Car Algarve car hire faro car hire faro airport car hire

Pay close attention, because this topic is (I believe) the single most difficult (or annoying, once you understand it) aspect of ASSEMBLER. An OverView: The original designers of the 8088, way back when dinasaurs ruled the planet, decided that no one would ever possibly need more than one MEG (short for MEGABYTE :) of memory. So they built the machine so that it couldn't access above 1 MEG. To access the whole MEG, 20 BITs are needed. Problem was that the registers only had 16 bits, and if the used two registers, that would be 32 bits, which was way too much (they thought.) So they came up with a rather brilliant (blah) way to do their addressing- they would use two registers. They decided that they would not be 32bits, but the two registers would create 20 bit addressing. And thus Segments and OFFsets were born. And now the confusing specifics. OFFSET = SEGMENT*16 SEGMENT = OFFSET /16 ;note that the lower 4 bits are lost SEGMENT * 16 |0010010000010000---...

As before we know the basic such as byte, nibble and bit. Today i'll tell you more about this basics. 1 WORD |0000000000000000| 2 BYTEs ÀÄ AH ÄÙÀÄ AL ÄÙ 4 NIBBLEs ÀÄÄÄÄÄ AX ÄÄÄÄÄÙ 16 BITs The WORD is just two BYTEs that are stuck together. A word has a maximum value of 0FFFFh (= 65,535). Since a WORD is 4 NIBBLEs, it is represented by 4 HEX digits. This is the size of the 16bit registers on the 80x86 chips. The registers are: AX, BX, CX, DX, DI, SI, BP, SP, CS, DS, ES, SS, and IP. Note that you cannot directly change the contents of IP or CS in any way. They can only be changed by JMP, CALL, or RET. 1 DWORD 2 WORDs |00000000000000000000000000000000| 4 BYTEs ³ ÀÄ AH ÄÙÀÄ AL ÄÙ 8 NIBBLEs ³ ÀÄÄÄÄÄ AX ÄÄÄÄÄÙ 32 BITs ÀÄÄÄÄÄÄÄÄÄÄÄÄ EAX ÄÄÄÄÄÄÄÄÄÄÄÄÄÙ A DWORD (or "DOUBLE WORD") is just two WORDs, hence the name DOUBLE-WORD. This can have a maximum value of 0FFFFFFFFh (8 NIBBLEs, 8 'F's) which e...

Now i'm trying to get you know better about assembly language as requested by our friends. (frndskiller & team) First thing ya need to know is a little jargon so you can talk about the basic data structures with your friends and neighbors. They are (in order of increasing size) BIT, NIBBLE, BYTE, WORD, DWORD, FWORD, PWORD and QWORD, PARA, KiloByte, MegaByte. The ones that you'll need to memorize are BYTE, WORD, DWORD, KiloByte, and MegaByte. The others aren't used all that much, and you wont need to know them to get started. Here's a little graphical representation of a few of those data structures: (The zeros in between the || is a graphical representation of the number of bits in that data structure.) 1 BIT : |0| The simplest piece of data that exists. Its either a 1 or a zero. Put a string of them together and you have a BASE-2 number system. Meaning that instead of each 'decimal' place being worth 10, its only worth 2. For insta...

Some May notice that when they use PCTOOLs (aka PCSHELL) or Peter Norton Utilities, or *SOME* File Managing systems like DOS-Shell, the File increase of infected files is know visable. There is no doubt about it, if you only put Method #1 in your virus you will encounter times were the file increase shows. Its not because your Routine isn't good! But due to the fact that there is another way to Read the Dir Listing by DOS. An this method is Call File-find by ASCIIZ format. We just learned how to edit File-Find by FCB. Which is used by MS-DOS PC-DOS and some other programs. But unlike the others, they use the ASCIIZ file-Find method as it is EASIER to open, close, edite, and any other file access routine is ALOT easier with the ASCIIZ or (File Handle) system. So we will make our Virus Stealth to Method #2! Making us 100% Stealth from file-finds... ...

Stealth Viruses are the Viruses that I must admit Anti-Viral Queers Don't tend to like at all. Imagine if we added a Polymorphic feature into the Stealth Virus? But, if you want to Continue Writing Viruses you have to make them Stealth. MS-DOS Version 6.0 Now comes with Virus Scanners and CRC & Checksum Checkers. In order to stop many viruses, But it will NEVER stop the `Stealth' Virus that is SMART of those AV features! People think that there is ALOT of more INFECTED PCs since the virus threat, started in 1986-7. Even though in the beginning only 10 or so viruses were known, they Infected more systems, Compared to the viruses today, where we have about 1300 and growing. But the truth is LESS PCs are getting infect now, as people are now Virus Aware. With all the utilities out, any joker can stop and clean a virus in seconds. Come on, how many people MEMORIZED COMMAND.COM size? Out of my head it...

“Advertlets.com - Blog Advertising in Asia!”.

The first part consisted on how to Infect the EXE file, from a resident virus. However, that is only HALF the code and understanding needed for EXE infectors. The part to follow, is on how to give control back to the original EXE file. This is one part of EXE infectors, that mostly EVERY ONE tend to forget to point out. Big tickle, you know how to infect the EXE, but can you make the original EXE run after its infection? Do you know how to restore the registers we took from the EXE header? Anyhow lets get going... If the Infected EXE file is now executed, the first Line of Code it will encounter will be the first byte of our Virus. Since CS:IP have been changed in the header (Part I) to point to our Virus. The first thing we will need to do, is set up a Variable offset, (As I call it). Basically when TASM compiles our virus, all variables and other data locations are ...

We must admit there are HUGE amount of Lame Viruses out there. Ever wonder why so many people talk about the AIDS virus? Its a fucken over writting virus. Its HUGE in size and its written in PASCAL. Please! Have a little more respect for the virus world. What happened to that old Bulgarian Spirit? That too has died. Bulgaria isn't writting as many top viruses as it used to! Or are we in for a surprise? (USSR Kicks!) Well to help people in advancing their Virus programming ability I will try to explain that basics in Infecting an EXE file. There are several ways to infect an EXE file. And I have tried several types. The best one I have programmed is the one you'll see. In Basic, it will infect EXEs by starting a new segment, only for the virus. This will infect EXEs overthe size of 64k, and it is alot less complicated.. ...

This tutorial was originally written by Rock Steady/NuKE and edited by me. The BEST advantage a virus can have is `Disinfecting of Fly' as we must try to basically hide the virus as well as possible! And nowadays Anti- Virus programs are going crazy. As I remember at the time Npox 2.0 was developed it would Disinfect every file opened by F-prot and Scan and when the Scanner found nothing and closed the file to go on to the next Npox would re-infect them. Truly can cause havoc, As a matter of fact Frisk didn't like this as I had some `Anti Fuck-Prot' routines and he added his own routine to open files by Int21h/6C00h, as Npox only disinfected on Int21h/3Dh, however to make the virus disinfect on Int21h/6C00h, doesn't require much work, simply to take the ASCIIZ string at DS:SI and put SI into DX so we have DS:DX pointing to it, then run this routine. ...

For your info, all of the information in this site is based on ASSEMBLY language in programming. If you don't know what is that, go find it yourself. I'm not teaching this language to y'all but how to manage a virus or virii. If you have all that information needed, you may continue.

I had this in my mind a long time ago but it's so hard to get alive with this thing so I will get fully straight to you! The material is this blog is for EDUCATIONAL purpose only. I don't take any responsibilities of what you're doing with this material. If you don't agree with that, you should close this page now! I'm sorry my English sucks!