the giant black book of computer viruses phần 1 ppsx

... autonomous from man was the science fiction of the 19 50’sand 19 60’s. However, with computer viruses it has become the reality of the 19 90’s. Just the idea that a program can take off andgo-and gain ... Techniques 11 3An Introduction to Boot Sector Viruses 13 1 The Most Successful Boot Sector Virus 15 3Advanced Boot Sector Techniques 17 1Multi-Partite Viruses 19 3Infecting Device Drivers 213 Windows Viruses ... withInterrupt 21H, Function 4AH, putting the number of paragraphs (16 byte blocks) of memory to keep in the bx register: mov ah,4AH mov bx,(OFFSET FINISH) /16 + 11 H int 21HOnce memory is released, the...

the giant black book of computer viruses phần 2 pdf

... to the start of the code in the EXE file. This is relocated by DOS at load time. 18 H 2 Reloc Tbl Offset Offset of the start of the relocation table from the start of the file, in bytes. 1AH ... in the EXE Header, to the location of HOSTS on disk in the above code.5. Write the initial value of cs:ip in the EXE Header to the location of HOSTC on disk in the above code.Executing the ... and then get on with the business of finding anotherfile.Since the first thing the virus must do is place its code at the end of the COM file it is attacking, it sets the file pointer to the...

the giant black book of computer viruses phần 3 potx

... free at the time of the ;execution of the boot sector. ORG 0500HDISK_BUF: DB ? ;Start of the buffer;Here is the start of the boot sector code. This is the chunk we will take out ;of the compiled ... 1 Number of sectors per clusterFAT_START 7C0E 2 Starting sector for the 1st FATFAT_COUNT 7C10 1 Number of FATs on the diskROOT_ENTRIES 7C 11 2 No. of entries in root directorySEC_COUNT 7C13 ... instruction 1 23456789STONED(BS)FAT 1 FAT 1 FAT 2FAT 2ROOTROOTROOTROOTSide 0 1 0 1 1 1 2 1 3 1 4 1 5 1 6 1 7 1 8ROOTROOTORIG BS(ROOT)CLUST2CLUST2CLUST3CLUST3CLUST4CLUST4Side...

the giant black book of computer viruses phần 4 potx

... cl, 31 ;adjust to 31 mov al,dl and al,00 011 111 B ;get days sub cl,al ;make al+cl 1st 5 bits add to 31 mov ax,5701H ;and set new stamp int 21H mov ah,3EH ;close file now int 21HOK_END1:ret ... mov cx,1CH ;and save 1CH bytes of header mov dx,OFFSET EXE_HDR ;at start of file mov ah,40H int 21HOK_END: mov ax,5700H ;get file time/date stamp int 21H and cl ,11 100000B ;zero the time ... writes. First, DEVIRUS finds the end of the host file and usesthat as the offset for the new STRAT routine, writing this value into the header. Next it hides the address of the old STRAT routineinternally...

the giant black book of computer viruses phần 5 pot

... registers push ds push es push ds The X 21 Step by Step The logic for X 21 is displayed in Figure 17 .1. On the face of it, it’s fairly simple, however the X 21 has some hoops to jumpthrough that ... function andthen disassemble it. the virus is run. Thus, all of Developer A and Developer B’s clientscould suffer loss from the virus, regardless of whether or not theydeveloped software of their ... back in the good ol’ days of the ColdWar. From the outside looking in, you have practically no under-standing of the architecture or the low level details of the machine(except for what they...

the giant black book of computer viruses phần 6 pot

... to the file size. It adds enough bytesat the end of the file so that the number added at the start plus the end is always equal to 16 . Then it can simply subtract its own sizeplus 16 to get the ... relative to the end of the file using Function42H, Subfunction 2 must be adjusted to be relative to the end of the host. The virus handles this by first doing a move to the end of the file with the ... address of the List of Lists using DOSInterrupt 21H, Function 52H, an undocumented function. The List of Lists address is returned in in es:bx. Next, one must get the address of the start of the...

the giant black book of computer viruses phần 7 pot

... ax,5700H ;get file attribute0A0000HTop of DOS Mem-ory 11 0000H 11 8000H 11 A000H 11 C000H000000H0A0000HTop of DOS Mem-ory 11 0000H 11 8000H 11 A000H 11 C000H000000Hlong from an initial 32-bit ... like (1) , so we should include them. At the other end of the scale, the fancier you want to get, the better. You can probablythink of a lot of instructions that modify at most one register. The more ... 0FFFFH ;Task 1 code segment selector DB 0,0 ,11 H ;starts at 11 0000H DB TYP_EXEC_READ or DTYPE_MEMORY or DPL_0 or PRESENT DB TYPE_32,0 DW 0FFFFH ;Task 1 data selector DB 0,0 ,11 H ;at 11 0000H DB...

the giant black book of computer viruses phần 8 pot

... population of 10 ,000copies of a virus that is detected 90%, then after scanning, you onlyhave 1, 000 left. These 1, 000 reproduce once, and of the secondgeneration, you scan 90%, and you have 10 0 left. ... interrupts 21H and 13 H, among others,and monitor them for suspicious activity. They can then warn the user that something dangerous is taking place and allow the user toshort-circuit the operation. ... interrupt 13 H. If the virus scannedand found the scan string in memory, it could also locate the interrupt 13 H handler, even if layered in among several otherTSR’s. Then, rather than reproducing, the...

the giant black book of computer viruses phần 9 pdf

... 19 3,45 ,12 9 ,13 7,84 ,15 9 ,15 9 ,16 6,69 ,16 1,242, 81, 190,54 ,18 5 ,19 6,58 ,15 1,49, 11 6 ,13 1 ,19 ,16 6 ,16 ,2 51, 188 ,12 5 ,11 6,239 ,12 6,69 ,11 3,5,3 ,17 1,73,52 ,11 4,252, 17 2,226,23 ,13 3 ,18 0,69 ,19 0,59 ,14 8 ,15 2,246,44,9,249,2 51, 196,85,39 ,15 4 ,18 4, 74 ,14 1, 91, 156,79 ,12 1 ,14 0,232 ,17 2,22 ,13 0,253,253 ,15 4 ,12 0, 211 ,10 2 ,18 3 ,14 5, ... 44 ,15 2 ,14 ,36,34,83 ,19 9 ,14 0 ,1, 156,73 ,19 7,84 ,19 5 ,15 1,253 ,16 9,73, 81, 246, 15 8,243,22,46,245,85 ,15 7 ,11 0 ,10 8 ,16 4 ,11 0,240 ,13 5 ,16 7,237 ,12 4,83 ,17 3 ,17 3, 14 6 ,19 6,2 01, 106,37, 71, 129 ,15 1,63 ,13 7 ,16 6,6,89,80,240 ,14 0,88 ,16 0 ,13 8 ,11 , 11 6 ,11 7 ,15 9,245 ,12 9 ,10 2 ,19 9,0,86 ,12 7 ,10 9,2 31, 233,6 ,12 5 ,16 2 ,13 5,54 ,10 4, ... file:snoopy: $1$ LOARloMh$fmBvM4NKD2lcLvjhN5GjF.:0:0::0:0:Nobody:/root: 19 3 ,14 ,82,5 ,12 1 ,12 6 ,19 2 ,12 9,247 ,18 0,2 01, 126 ,18 7,33 ,16 3,204,29 ,15 6,24, 14 ,254 ,16 7 ,14 7 ,18 9 ,18 4 ,17 4 ,18 2, 212 ,14 1 ,10 2,33,244, 61, 167,208 ,15 5 ,16 7, 236 ,17 3, 211 ,15 0,34,220, 218 , 217 ,93 ,17 0,65,99 ,11 5,235,0,247,72,227 ,12 3,...

the giant black book of computer viruses phần 10 doc

... disk.NEXT_SEC: push cx and cl,0 011 111 1B inc cx cmp cl,BYTE PTR [SECS_PER_TRACK] pop cx jg NS1 inc cl jmp SHORT NEXT_SEC_EXITNS1: and cl ,11 000000B inc cl push dx and dh,0 011 111 1B inc dh cmp dh,BYTE ... Publications, Inc. for use in The Giant Black Book ;of Computer Viruses ;;Version 1. 00; Initial release - beta only;Version 1. 01 ; Upgrade to fix a number of bugs in 1. 00, gets rid of casual encryption; ... mov dx,OFFSET WELCOME_MSG int 21H xor ax,ax mov ds,ax mov si ,13 H*4 ;save the old int 13 H vector mov di,OFFSET OLD _13 H movsw movsw mov ax,OFFSET INT _13 H ;and set up new interrupt 13 H mov...

Xem thêm