the giant black book of computer viruses phần 10 doc
... Hydroxide virus. ; (C) 1995 by The King of Hearts, All rights reserved. ;Licensed to American Eagle Publications, Inc. for use in The Giant Black Book ;of Computer Viruses ; ;Version 1.00 ; Initial ... the pointer relative to the beginning of the file, al=1 moves the pointer relative to the current location, al=2 moves the pointer relative to the end of the...
Ngày tải lên: 14/08/2014, 18:22
... far. Not so, the computer virus, because it attaches itself to otherwise useful programs. The computer user will execute these programs in the normal course of using the computer, and the virus ... viruses 2. Companion viruses 3. Parasitic viruses If you can understand these three simple types of viruses, you will already understand the majority of viruses bein...
Ngày tải lên: 14/08/2014, 18:22
... relative to the start of the code in the EXE file. This is relocated by DOS at load time. 18H 2 Reloc Tbl Offset Offset of the start of the relocation table from the start of the file, in ... stack: [ 0100 H] [FFF8H] The first is the address 100 H, used to return from the subroutine just placed on the stack to offset 100 H, where the host will be. The...
Ngày tải lên: 14/08/2014, 18:22
the giant black book of computer viruses phần 3 potx
... free at the time of the ;execution of the boot sector. ORG 0500H DISK_BUF: DB ? ;Start of the buffer ;Here is the start of the boot sector code. This is the chunk we will take out ;of the compiled ... loading, the virus would have crashed the system. (And that, incidently, is why the virus we’re discussing is the Kilroy-B. The Kilroy virus dis- cussed in...
Ngày tải lên: 14/08/2014, 18:22
the giant black book of computer viruses phần 4 potx
... writes. First, DEVIRUS finds the end of the host file and uses that as the offset for the new STRAT routine, writing this value into the header. Next it hides the address of the old STRAT routine internally ... STRAT routine internally in itself at STRJMP, and then writes the body of its code to the end of the SYS file. That’s all there is to it. The logic of D...
Ngày tải lên: 14/08/2014, 18:22
the giant black book of computer viruses phần 5 pot
... function and then disassemble it. the virus is run. Thus, all of Developer A and Developer B’s clients could suffer loss from the virus, regardless of whether or not they developed software of their ... pushed on the stack and the function is called with a far call. In OS/2 the function names and the names of the modules where they reside are different, of course. For...
Ngày tải lên: 14/08/2014, 18:22
the giant black book of computer viruses phần 6 pot
... data at the end of the file where the virus is hiding, the virus can defeat the read, or simply truncate it so that only the host is read. If the read requests data at the beginning of the file, ... adds the distance from the end of the file it was asked to move, thereby calculating the requested distance from the beginning of the file. From this number i...
Ngày tải lên: 14/08/2014, 18:22
the giant black book of computer viruses phần 7 pot
... should include them. At the other end of the scale, the fancier you want to get, the better. You can probably think of a lot of instructions that modify at most one register. The more possibilities ... virus start ;The following 10 bytes must stay together because they are an image of 10 ;bytes from the EXE header HOSTS DW 0,STACKSIZE ;host stack and code segments FI...
Ngày tải lên: 14/08/2014, 18:22
the giant black book of computer viruses phần 8 pot
... in the directory where the file is missing, and you don’t have integrity data for any of them anymore. You scan them, sure, but the scanner turns up nothing. Why was the file missing? Are any of ... much work. All one has to do is calculate the size of the file from the EXE header, rather than from the file system, and use that to add the virus to the file. An altern...
Ngày tải lên: 14/08/2014, 18:22
the giant black book of computer viruses phần 9 pdf
... with ah=2AH. On return, cx is the year, dh is the month, and dl is the day of the month, while al is the day of the week, 0 to 6. Thus, to trigger on any Friday the 13th, a trigger might look ... consult some of the material available on The Collection CD-ROM. 1 On the face of it, writing destructive code is the simplest programming task in the world. When some...
Ngày tải lên: 14/08/2014, 18:22