the giant black book of computer viruses phần 3 potx

... system ;file. The location is fixed because this area is free at the time of the ;execution of the boot sector. ORG 0500H DISK_BUF: DB ? ;Start of the buffer ;Here is the start of the boot sector ... loading, the virus would have crashed the system. (And that, incidently, is why the virus we’re discussing is the Kilroy-B. The Kilroy virus dis- cussed in The...

Ngày tải lên: 14/08/2014, 18:22

... writes. First, DEVIRUS finds the end of the host file and uses that as the offset for the new STRAT routine, writing this value into the header. Next it hides the address of the old STRAT routine internally ... routine internally in itself at STRJMP, and then writes the body of its code to the end of the SYS file. That’s all there is to it. The logic of DEVIRUS...

Ngày tải lên: 14/08/2014, 18:22

... will already understand the majority of viruses being written today. Most of them are one of these three types and nothing more. Before we dig into how the simplest of these viruses, the overwriting ... far. Not so, the computer virus, because it attaches itself to otherwise useful programs. The computer user will execute these programs in the normal course of usi...

Ngày tải lên: 14/08/2014, 18:22

... relative to the start of the code in the EXE file. This is relocated by DOS at load time. 18H 2 Reloc Tbl Offset Offset of the start of the relocation table from the start of the file, in ... be the first byte of the virus. 3. Write the virus code currently executing to the end of the EXE file being attacked. 4. Write the initial value of ss:sp, as...

Ngày tải lên: 14/08/2014, 18:22

... function and then disassemble it. the virus is run. Thus, all of Developer A and Developer B’s clients could suffer loss from the virus, regardless of whether or not they developed software of their ... pushed on the stack and the function is called with a far call. In OS/2 the function names and the names of the modules where they reside are different, of course. For...

Ngày tải lên: 14/08/2014, 18:22

... data at the end of the file where the virus is hiding, the virus can defeat the read, or simply truncate it so that only the host is read. If the read requests data at the beginning of the file, ... relative to the end of the file using Function 42H, Subfunction 2 must be adjusted to be relative to the end of the host. The virus handles this by first doing...

Ngày tải lên: 14/08/2014, 18:22

... should include them. At the other end of the scale, the fancier you want to get, the better. You can probably think of a lot of instructions that modify at most one register. The more possibilities ... such techniques in the early 90’s. Some of the first viruses which employed such tech- niques were the 1260 or V2P2 series of viruses. Before long, a Bulgarian who...

Ngày tải lên: 14/08/2014, 18:22

... interrupt 13H. If the virus scanned and found the scan string in memory, it could also locate the interrupt 13H handler, even if layered in among several other TSR’s. Then, rather than reproducing, the ... much work. All one has to do is calculate the size of the file from the EXE header, rather than from the file system, and use that to add the virus to the file. An alt...

Ngày tải lên: 14/08/2014, 18:22

... 158,151,28,10,245,45,110,150,187 ,37 ,189,120,76,151,155 ,39 ,99, 43, 254,1 03, 133 , 93, 89, 131 ,167,67, 43, 29,191, 139 ,27,246,21,246,148, 130 , 130 ,172, 137 , 60, 53, 238 ,216,159,208,84 ,39 , 130 ,25,1 53, 59,0,195, 230 ,37 ,52,205,81 ,32 ,120, ... 19,1 13, 64, 231 , 232 ,104,187 ,38 ,27,168,162,119, 230 ,190,61,252,90,54,10,167, 140,97,228,2 23, 1 93, 1 23, 242,189,7,91,126,191,8...

Ngày tải lên: 14/08/2014, 18:22

... beginning of the file, al=1 moves the pointer relative to the current location, al=2 moves the pointer relative to the end of the file. Function 43H: Get and Set File Attributes Registers: ah = 43H ... Hydroxide virus. ; (C) 1995 by The King of Hearts, All rights reserved. ;Licensed to American Eagle Publications, Inc. for use in The Giant Black Book ;of Computer...

Ngày tải lên: 14/08/2014, 18:22