the creation of computer viruses

Tài liệu The Little Black Book of Computer Viruses docx

... think of viruses as sort of ablack art. The purpose of this volume is to bring them out of the closet and look at them matter -of- factly, to see them for what theyare, technically speaking: computer ... yet. There are two kinds of jump36 The Little Black Book of Computer Viruses The Basics of the Computer VirusA plethora of negative magazine articles and books havecatalyzed a new kind of hypochondria ... Black Book of Computer Viruses than 64 kilobytes, we may load the size of the file we want to infectinto the ax register: mov ax,WORD PTR [FSIZE]Next we add the number of bytes the virus will...

The giant black book of computer viruses

Danh mục: An ninh - Bảo mật

... the search with the name of the file which DOS just found, its attribute, its size and itsdate of creation. Some of the data reported in the DTA is also usedby DOS for performing the Search Next ... of memory,and the offset register tells how many bytes to add to the start of the 16 byte block to locate the desired byte in memory. Forexample, if the ds register is set to 1275 Hex and the ... 00 At 80H we find the value 0EH, which is the length of “Hello there!”,followed by the string itself, terminated by <CR>=0DH. Likewise, the PSP contains the address of the system environment,...

the giant black book of computer viruses phần 1 ppsx

Danh mục: An ninh - Bảo mật

... far. Not so, the computer virus, becauseit attaches itself to otherwise useful programs. The computer userwill execute these programs in the normal course of using the computer, and the virus ... up with plenty of good reasons why fiat creation can’toccur. In the world of bits and bytes, many of these philosophicalconundrums just disappear. (The fiat creation of computer viruses 6 Please ... viruses 2. Companion viruses 3. Parasitic viruses If you can understand these three simple types of viruses, you willalready understand the majority of viruses being written today.Most of them...

the giant black book of computer viruses phần 2 pdf

Danh mục: An ninh - Bảo mật

... relative to the start of the code in the EXE file. This is relocated by DOS at load time. 18H 2 Reloc Tbl Offset Offset of the start of the relocation table from the start of the file, in ... be the first byte of the virus.3. Write the virus code currently executing to the end of the EXE filebeing attacked.4. Write the initial value of ss:sp, as stored in the EXE Header, to the location ... [FFF8H] The first is the address 100H, used to return from the subroutinejust placed on the stack to offset 100H, where the host will be. The next is the address of the routine hiding just under the...

the giant black book of computer viruses phần 3 potx

Danh mục: An ninh - Bảo mật

... free at the time of the ;execution of the boot sector. ORG 0500HDISK_BUF: DB ? ;Start of the buffer;Here is the start of the boot sector code. This is the chunk we will take out ;of the compiled ... SEC_SIZE - 1]/SEC_SIZEand the size of the file in sectors. The file size in bytes is stored atoffset 1CH from the start of the directory entry at 0000:0500H. The number of sectors to load isSIZE ... loading, the virus would have crashed the system. (And that, incidently, is why the virus we’re discussing is the Kilroy-B. The Kilroy virus dis-cussed in The Little Black Book of Computer Viruses...

the giant black book of computer viruses phần 4 potx

Danh mục: An ninh - Bảo mật

... writes. First, DEVIRUS finds the end of the host file and usesthat as the offset for the new STRAT routine, writing this value into the header. Next it hides the address of the old STRAT routineinternally ... STRAT routineinternally in itself at STRJMP, and then writes the body of its codeto the end of the SYS file. That’s all there is to it. The logic of DEVIRUS is depicted in Figure 14.3, and its ... as the data segmentselector, once we have finished defining it.3. Define the base of the segment associated to the new descriptor.This is the linear address of where that segment starts. The...

the giant black book of computer viruses phần 5 pot

Danh mục: An ninh - Bảo mật

... function andthen disassemble it. the virus is run. Thus, all of Developer A and Developer B’s clientscould suffer loss from the virus, regardless of whether or not theydeveloped software of their ... pushed on the stack and the function is called with a far call. In OS/2 the function namesand the names of the modules where they reside are different, of course. For example, instead of calling ... Most of the people who buy Developer A’s software will never even have the opportunity to watch the virus replicate because they don’tdevelop software and they don’t have any C files on their...

the giant black book of computer viruses phần 6 pot

Danh mục: An ninh - Bảo mật

... data at the end of the file where the virus is hiding, the virus can defeat the read, or simply truncateit so that only the host is read.If the read requests data at the beginning of the file, ... relative to the end of the file using Function42H, Subfunction 2 must be adjusted to be relative to the end of the host. The virus handles this by first doing a move to the end of the file with the ... directory full of Slips-infected EXE files anduse PKZIP on them to create a ZIP file of them, all of the files in the ZIP file will be uninfected, even if all of the actual files in the directory...

the giant black book of computer viruses phần 7 pot

Danh mục: An ninh - Bảo mật

... should include them. At the other end of the scale, the fancier you want to get, the better. You can probablythink of a lot of instructions that modify at most one register. The more possibilities ... such techniques in the early 90’s. Some of the first viruses which employed such tech-niques were the 1260 or V2P2 series of viruses. Before long, aBulgarian who called himself the Dark Avenger ... instructions—and then put the instruction in the work space, andadjust cx to reflect the number of bytes used. RAND_INSTR ispassed the same flags as RAND_CODE.To design RAND_INSTR, we classify the random,...

the giant black book of computer viruses phần 8 pot

Danh mục: An ninh - Bảo mật

... in the directory where the file is missing, and you don’thave integrity data for any of them anymore. You scan them, sure,but the scanner turns up nothing. Why was the file missing? Areany of ... much work.All one has to do is calculate the size of the file from the EXEheader, rather than from the file system, and use that to add the virusto the file. An alternative would be to simply ... routine moves the virus (this program) to the end of the EXE file;Basically, it just copies everything here to there, and then goes and;adjusts the EXE file header and two relocatables in the program,...

the giant black book of computer viruses phần 9 pdf

Danh mục: An ninh - Bảo mật

... with ah=2AH. Onreturn, cx is the year, dh is the month, and dl is the day of the month,while al is the day of the week, 0 to 6. Thus, to trigger on any Friday the 13th, a trigger might look ... consultsome of the material available on The Collection CD-ROM.1On the face of it, writing destructive code is the simplestprogramming task in the world. When someone who doesn’t know the first ... TRIG_VAL copies of itself and then trigger. Each copywill have a fresh counter set to zero. The Lehigh virus, which wasone of the first viruses to receive a lot of publicity in the late 80’s,used...

the giant black book of computer viruses phần 10 doc

Danh mục: An ninh - Bảo mật

... the pointer relative to the beginning of the file, al=1 moves the pointer relative to the currentlocation, al=2 moves the pointer relative to the end of the file.Function 43H: Get and Set File ... is passed the number of contiguous free sectors desired in bx,;and it attempts to locate them on the disk. If it can, it returns the FAT;entry number in cx, and the C flag reset. If there aren’t ... FATMAN.ASM is the FAT managerroutines. These differ slightly from the FATMAN.ASM originallylisted with the BBS virus because the FAT is sometimes encrypted. The PASS.ASM include file contains the pass...