Posts

Directory Stealth

Image
Stealth Viruses are the Viruses that I must admit Anti-Viral Queers don't tend to like at all. Emagine if we added a Polymorphic feature into the Stealth Virus? But, if you want to Continue Writing Viruses you have to make them Stealth. MS-DOS Version 6.0 Now comes with Virus Scanners and CRC & Checksum Checkers. In order to stop many viruses, But it will NEVER stop the `Stealth' Virus that is SMART of those AV features!                                                                                  People think that there is ALOT of more INFECTED PCs since the virus threat, started in 1986-7. Even though in the beginning only 10 or so viruses were known, they Infected more systems, Compared to the viruses today, where we have about 1300 and growing. But the truth is LESS PCs are getting infect now, as people are now Virus Aware. With all the utilities out, any joker can stop and clean a virus in seconds. Come on, how many people MEMORIZED COMMAND.COM size? Out of my hea

EXE Infections: Part 2

Image
The first part consisted on how to Infect the EXE file , from a resident virus. However, that is only HALF the code and understanding needed for EXE infectors. The part to follow, is on how to give control back to the original EXE file. This is one part of EXE infectors, that mostly EVERY ONE tend to forget to point out. Big tickle, you know how to infect the EXE, but can you make the original EXE run after its infection? Do you know how to restore the registers we took from the EXE header? Anyhow lets get going... If the Infected EXE file is now executed, the first Line of Code it will encounter will be the first byte of our Virus. Since CS:IP have been changed in the header (Part I) to point to our Virus. The first thing we will need to do, is set up a Variable offset, (As I call it). Basically when TASM compiles our virus, all variables and other data locations are given a FIX address. Though in the case of the Virus this is NOT GOOD as viruses, tend to append themselves, and th

Free Disassembler For You!!

As for the last post, I've already giving you the free assembler for your "project", and now I'll give you free disassembler for you to have an "experiment", note that I said EXPERIMENT(LOL), on assembly language or disassemble a complete project. DOWNLOAD

Turbo Assembler Free Download For You!

Image
For so long I always give you tips and tutorial for creating a virus but I never give you a tools to create them. I think now is the time to give you my fellow readers a freebies. Download free Turbo Assembler here. Thank you for being with me. :D Download

EXE Infections: Part 1 "Infection Process" Cont'

Image
First thing to do is read the EXE header for the file to be infected! That can be resolved by... Next, after reading the first 28 bytes, you will need to set your file pointers to the end of the file. After bringing your virus to the end, you may start the infection process ;Remember BX = File Handle DX:AX Pointer Location (EOF) The following finds new CS:IP and SS:SP registers. It will create a new segment, and CS:IP will point to the beginning of the Virus. If you have other code, and the virus beginning is further down the First byte, just add the number of Bytes to AX. Now we are Ready to write the virus to the EXE File! (Yeah!) This code works 100% as is! (Resident Virus) For Non-Residents add a location pointer! Besides, Why the Hell are you write a non-Ressy Virus? You Gay? LOL!!~ Stay RESIDENT in my site OKAY!!!~

EXE Infections: Part 1 "Infection Process"

Image
Image via Wikipedia We must admit there are HUGE amount of Lame Viruses out there. Ever wonder why so many people talk about the AIDS virus? Its a fucken over writing virus. Its HUGE in size and its written in PASCAL. Please! Have a little more respect for the virus world. What happened to that old Bulgarian Spirit? That too has died. Bulgaria isn't writing as many top viruses as it used to! Or are we in for a surprise? (USSR Kicks!) Well to help people in advancing their Virus programming ability I will try to explain that basics in Infecting an EXE file. There are several ways to infect an EXE file. And I have tried several types. The best one I have programmed is the one you'll see. In Basic, it will infect EXEs by starting a new segment, only for the virus. This will infect EXEs over the size of 64k, and it is a lot less complicated..

Cover your tracks

This step, though simple to do, is too easily neglected. It is extremely important, as a wary user will be alerted to the presence of a virus by any unnecessary updates to a file. In its simplest form, it involves the restoration of file attributes, time and date. This is done with the following: mov ax, 5701h ; Set file time/date mov dx, word ptr [bp+f_date] ; DX = date mov cx, word ptr [bp+f_time] ; CX = time int 21h mov ah, 3eh ; Handle close file int 21h mov ax, 4301h ; Set attributes lea dx, [bp+offset DTA + 1Eh] ; Filename still in DTA xor ch, ch mov cl, byte ptr [bp+f_attrib] ; Attribute in CX int 21h Remember also to restore the directory back to the original one if it change