the giant black book of computer viruses phần 10 doc
the giant black book of computer viruses phần 10 doc
... Hydroxide virus.
; (C) 1995 by The King of Hearts, All rights reserved.
;Licensed to American Eagle Publications, Inc. for use in The Giant Black Book
;of Computer Viruses
;
;Version 1.00
; Initial ... the pointer relative to
the beginning of the file, al=1 moves the pointer relative to the current
location, al=2 moves the pointer relative to the end of the...
the giant black book of computer viruses phần 1 ppsx
... far. Not so, the computer virus, because
it attaches itself to otherwise useful programs. The computer user
will execute these programs in the normal course of using the
computer, and the virus ... viruses
2. Companion viruses
3. Parasitic viruses
If you can understand these three simple types of viruses, you will
already understand the majority of viruses bein...
the giant black book of computer viruses phần 2 pdf
... relative to the start of
the code in the EXE file. This
is relocated by DOS at load time.
18H 2 Reloc Tbl Offset Offset of the start of the
relocation table from the start
of the file, in ... stack:
[ 0100 H]
[FFF8H]
The first is the address 100 H, used to return from the subroutine
just placed on the stack to offset 100 H, where the host will be. The...
the giant black book of computer viruses phần 3 potx
... free at the time of the
;execution of the boot sector.
ORG 0500H
DISK_BUF: DB ? ;Start of the buffer
;Here is the start of the boot sector code. This is the chunk we will take out
;of the compiled ... loading, the
virus would have crashed the system. (And that, incidently, is why
the virus we’re discussing is the Kilroy-B. The Kilroy virus dis-
cussed in...
the giant black book of computer viruses phần 4 potx
... writes. First, DEVIRUS finds the end of the host file and uses
that as the offset for the new STRAT routine, writing this value into
the header. Next it hides the address of the old STRAT routine
internally ... STRAT routine
internally in itself at STRJMP, and then writes the body of its code
to the end of the SYS file. That’s all there is to it. The logic of
D...
the giant black book of computer viruses phần 5 pot
... function and
then disassemble it.
the virus is run. Thus, all of Developer A and Developer B’s clients
could suffer loss from the virus, regardless of whether or not they
developed software of their ... pushed on the stack and
the function is called with a far call. In OS/2 the function names
and the names of the modules where they reside are different, of
course. For...
the giant black book of computer viruses phần 6 pot
... data at the end of the file where
the virus is hiding, the virus can defeat the read, or simply truncate
it so that only the host is read.
If the read requests data at the beginning of the file, ... adds
the distance from the end of the file it was asked to move, thereby
calculating the requested distance from the beginning of the file.
From this number i...
the giant black book of computer viruses phần 7 pot
... should include them. At the other end of
the scale, the fancier you want to get, the better. You can probably
think of a lot of instructions that modify at most one register. The
more possibilities ... virus start
;The following 10 bytes must stay together because they are an image of 10
;bytes from the EXE header
HOSTS DW 0,STACKSIZE ;host stack and code segments
FI...
the giant black book of computer viruses phần 8 pot
... in the directory where the file is missing, and you don’t
have integrity data for any of them anymore. You scan them, sure,
but the scanner turns up nothing. Why was the file missing? Are
any of ... much work.
All one has to do is calculate the size of the file from the EXE
header, rather than from the file system, and use that to add the virus
to the file. An altern...
the giant black book of computer viruses phần 9 pdf
... with ah=2AH. On
return, cx is the year, dh is the month, and dl is the day of the month,
while al is the day of the week, 0 to 6. Thus, to trigger on any Friday
the 13th, a trigger might look ... consult
some of the material available on The Collection CD-ROM.
1
On the face of it, writing destructive code is the simplest
programming task in the world. When some...