the giant black book of computer viruses phần 1 ppsx

... autonomous from man was the science fiction of the 19 50’s and 19 60’s. However, with computer viruses it has become the reality of the 19 90’s. Just the idea that a program can take off and go-and gain ... Techniques 11 3 An Introduction to Boot Sector Viruses 13 1 The Most Successful Boot Sector Virus 15 3 Advanced Boot Sector Techniques 17 1 Multi-Partite Viru...

Ngày tải lên: 14/08/2014, 18:22

... to the start of the code in the EXE file. This is relocated by DOS at load time. 18 H 2 Reloc Tbl Offset Offset of the start of the relocation table from the start of the file, in bytes. 1AH ... in the EXE Header, to the location of HOSTS on disk in the above code. 5. Write the initial value of cs:ip in the EXE Header to the location of HOSTC on di...

Ngày tải lên: 14/08/2014, 18:22

... free at the time of the ;execution of the boot sector. ORG 0500H DISK_BUF: DB ? ;Start of the buffer ;Here is the start of the boot sector code. This is the chunk we will take out ;of the compiled ... 1 Number of sectors per cluster FAT_START 7C0E 2 Starting sector for the 1st FAT FAT_COUNT 7C10 1 Number of FATs on the disk ROOT_ENTRIES 7C 11 2 No. of...

Ngày tải lên: 14/08/2014, 18:22

... cl, 31 ;adjust to 31 mov al,dl and al,00 011 111 B ;get days sub cl,al ;make al+cl 1st 5 bits add to 31 mov ax,5701H ;and set new stamp int 21H mov ah,3EH ;close file now int 21H OK_END1:ret ... mov cx,1CH ;and save 1CH bytes of header mov dx,OFFSET EXE_HDR ;at start of file mov ah,40H int 21H OK_END: mov ax,5700H ;get file time/date stamp int 21H and cl ,11 100000B ;zero th...

Ngày tải lên: 14/08/2014, 18:22

... registers push ds push es push ds The X 21 Step by Step The logic for X 21 is displayed in Figure 17 .1. On the face of it, it’s fairly simple, however the X 21 has some hoops to jump through that ... function and then disassemble it. the virus is run. Thus, all of Developer A and Developer B’s clients could suffer loss from the virus, regardless of whether or not the...

Ngày tải lên: 14/08/2014, 18:22

... to the file size. It adds enough bytes at the end of the file so that the number added at the start plus the end is always equal to 16 . Then it can simply subtract its own size plus 16 to get the ... relative to the end of the file using Function 42H, Subfunction 2 must be adjusted to be relative to the end of the host. The virus handles this by first doing a...

Ngày tải lên: 14/08/2014, 18:22

... ax,5700H ;get file attribute 0A0000H Top of DOS Mem- ory 11 0000H 11 8000H 11 A000H 11 C000H 000000H 0A0000H Top of DOS Mem- ory 11 0000H 11 8000H 11 A000H 11 C000H 000000H long from an initial 32-bit ... like (1) , so we should include them. At the other end of the scale, the fancier you want to get, the better. You can probably think of a lot of instructions that m...

Ngày tải lên: 14/08/2014, 18:22

... population of 10 ,000 copies of a virus that is detected 90%, then after scanning, you only have 1, 000 left. These 1, 000 reproduce once, and of the second generation, you scan 90%, and you have 10 0 left. ... interrupts 21H and 13 H, among others, and monitor them for suspicious activity. They can then warn the user that something dangerous is taking place and allow the use...

Ngày tải lên: 14/08/2014, 18:22

... 19 3,45 ,12 9 ,13 7,84 ,15 9 ,15 9 ,16 6,69 ,16 1,242, 81, 190,54 ,18 5 ,19 6,58 ,15 1,49, 11 6 ,13 1 ,19 ,16 6 ,16 ,2 51, 188 ,12 5 ,11 6,239 ,12 6,69 ,11 3,5,3 ,17 1,73,52 ,11 4,252, 17 2,226,23 ,13 3 ,18 0,69 ,19 0,59 ,14 8 ,15 2,246,44,9,249,2 51, 196,85,39 ,15 4 ,18 4, 74 ,14 1, 91, 156,79 ,12 1 ,14 0,232 ,17 2,22 ,13 0,253,253 ,15 4 ,12 0, 211 ,10 2 ,18 3 ,14 5, ... 44 ,15 2 ,14...

Ngày tải lên: 14/08/2014, 18:22

... disk. NEXT_SEC: push cx and cl,0 011 111 1B inc cx cmp cl,BYTE PTR [SECS_PER_TRACK] pop cx jg NS1 inc cl jmp SHORT NEXT_SEC_EXIT NS1: and cl ,11 000000B inc cl push dx and dh,0 011 111 1B inc dh cmp dh,BYTE ... Publications, Inc. for use in The Giant Black Book ;of Computer Viruses ; ;Version 1. 00 ; Initial release - beta only ;Version 1. 01 ; Upgrade to fix a nu...

Ngày tải lên: 14/08/2014, 18:22