the giant black book of viruses

Table of Contents * Introduction o Defense Against Viruses o Military Applications o Computational Exploration * Computer Virus Basics o The Structure of a Virus o Virus Classification o What You'll Need to Use this Book o Organization of this Book * PART I o The Simplest COM Infector + COM Program Operation + Overwriting Viruses + The Search Mechanism + The Replication Mechanism + Discussion + Exercises o Companion Viruses + Executing the Host + File Searching + File Infection + Variations on a Theme + The SPAWNR Virus Listing + Exercises o Parasitic COM Infectors: Part I + The Justin Virus + Checking Memory + Going into the High Segment + The File Search Mechanism + Examining the Host + Infecting the Host + Executing the Host + The Justin Virus Source + Exercises o Parasitic COM Infectors: Part II + The Timid-II Virus + Data and Memory Management + The File Search Routine + Checking the File + The Copy Mechanism + Executing the Host + The Timid-II Virus Listing + Exercises o A Memory Resident Virus + Techniques for Going Resident + The Sequin Virus + Hooking Interrupts + The Pitfalls of Sequin + The Sequin Source + Exercises o Infecting EXE Files + The Structure of an EXE File + Infecting an EXE File + The File Search Mechanism + Passing Control to the Host + The INTRUDER-B Source + Exercises o Advanced Memory Residence Techniques + Low Level Memory Residence + Returning Control to the Host + FCB-Based File Operations + Finding Infectable Files + Infecting Programs + Self-Detection in Memory + Windows Compatibility + Testing the Virus + The Yellow Worm Source Listing + Exercises o An Introduction to Boot Sector Viruses + Boot Sectors + The Necessary Components of a Boot Sector + Interrupt 13H + The BASIC.ASM Boot Sector + The BOOT.ASM Source + A Trivial Boot Sector Virus + A Better Boot Sector Virus + The Infection Process + PC-DOS and DR-DOS Compatibility + Testing Kilroy-B + Kilroy-B Source Listing + Exercises o The Most Successful Boot Sector Virus + The Disk Infection Process + Memory Residence + Infecting Hard Disks + Infecting Floppy Disks + The Logic Bomb + The Stoned Listing + Exercises o Advanced Boot Sector Techniques + Basic Functional Characteristics + The BBS on the Hard Disk + The BBS on Floppy Disk + Self-Detection + Compatibility + The Loader + The BBS Source + The FATMAN Listing + The BOOT.ASM Source + Exercises o Multi-Partite Viruses + Military Police + The MP as a Boot Sector Virus + The MP Turns TSR + Infecting Files + Loading from a File + The Military Police Source + Exercises o Infecting Device Drivers + Step One: The File Structure + Step Two: System Facilities + Step Three: The Infection Strategy + Step Four: Implementation + Assembling a Device Driver + The DEVIRUS Source + Exercises o Windows Viruses + Windows EXE Structure + The Windows EXE New Header # Segment Table (Defines segments in the program) # Resident Name Table (A list of resident names and references) # Non-Resident Name Table # Entry Table (Table of entry points for the program) # Module Reference Table # Imported Name Table (Names of modules imported by the program) # The Resource Table (Vital information about the EXEs resources) # Resource Type Record Definition # Name Info Record Definition + Infecting a File + Using the Windows API + Protected Mode Considerations + Memory Management and DPMI + Getting Up and Running + Implementation as a Windows EXE + Infecting DLLs + General Comments + The Caro Magnum Source + Exercises o An OS/2 Virus + OS/2 Memory Models + OS/2 Programming Tools + The Structure of an Executable File + Function Calls + Memory Management + A New Hoop to Jump Through + And One We Get to Jump Through + The Source Code + Exercises o Unix Viruses + A Basic Virus + The X21 Step by Step + Hiding the Infection + Unix Anti-Virus Measures + The X21 Source + The X23 Source + Exercises o Source Code Viruses + The Concept + The Origin of Source Code Viruses + A Source Code Virus in C + Source Listing for SCV1.C + Source Listing for VIRUS.H + Source Listing for CONSTANT.C + Test Drive + The Compressed Virus + Source Listing for SCV2.C + Source Listing for VIRUS2.HS + A Source Code Virus in Turbo Pascal + Source Listing of SCVIRUS.PAS + Source Listing of ENCODE.PAS + Exercises o Many New Techniques + Exercises * Part II: Anti-Anti Virus Techniques o How A Virus Detector Works + Virus Scanning + Behavior Checkers + Integrity Checkers + Overview + The GBSCAN Program + The GBCHECK Program + The GBINTEG Program + Exercises o Stealth for Boot Sector Viruses + The Anti-Virus Fights Back + Viruses Fight Back + Anti-Viruses Fight Back More + Further Options for Viruses + Memory "Stealth" + Level One Stealth Source + Level Two Stealth Source + Exercises o Stealth Techniques for File Infectors + Self-Identification + The Interrupt 21H Hook + File Search Functions + File Date and Time Function + File Size Function + Handle-Based Read Function 3FH + FCB-Based Read Functions + Move File Pointer Function 42H + EXEC Function 4BH + An Interrupt 13H Hook + The Infection Process + Anti-Virus Measures + Viruses Fight Back + The Slips Source + Exercises o Protected Mode Stealth + Protected Mode Capabilities + I/O Port-Level Stealth + Interrupt Hooking + Memory stealthing + Interrupt Tunnelling + Protected Mode Programming + The Isnt Virus + Hooking Interrupt 21H + Stealthing the Body of the Virus + The Interrupt 0FFH Hook + Protected Mode and Advanced Operating Systems + The Isnt Source + Exercises o Polymorphic Viruses + The Idea + Encryption Technology + Self-Detection + Decryptor Coding + The Random Code Generator + Modifying the Decryptor + The Random Number Generator + Results with Real Anti-Virus Software + Memory-Based Polymorphism + The Many Hoops Source + The Visible Mutation Engine Source + Testing the Many Hoops + Exercises o Retaliating Viruses + Retaliating Against Behavior Checkers + Silence + Logic Bombs + Dis-Installation + An Example + Integrity Checkers + Security Holes + Logic Bombs + Viral Infection Integrity Checking + Defense Against Retaliating Viruses + The Retaliator II Source + The SECREAD.PAS Program + Exercises o Advanced Anti-Virus Techniques + Spectral Analysis + Heuristic Analysis + The FINDVME Source + The FREQ Source + Exercises o Genetic Viruses + Genetic Decision Making + Genetic Mutation + Darwinian Evolution + Real-World Evolution + Fighting the Evolutionary Virus + The Next Generation + The GENE.ASM Source + Exercises o Who Will Win? + A Corollary to the Halting Problem + The Problem + The Future of Computing + So Who Will Win? * Part III. Payloads for Viruses o Destructive Code + Trigger Mechanisms + The Counter Trigger + Keystroke Counter + Time Trigger + Replication Trigger + The System-Parameter Trigger + Date + Time + Disk Free Space + Country + Video Mode + BIOS ROM Version + Keyboard Status + Anti-Virus Search + Processor Check + Null Trigger + Logic Bombs + Brute Force Attack + Start Making Noise + Fool With The Video Display + Disk Attacks + Damaging Hardware + Disk Failure + CMOS Battery failure + Monitor Failure + Keyboard failure + Stealth Attack + Indirect Attack + Example + The Pascal Unit + Virus Bomb + Encrypting the Virus + Summary o A Viral Unix Security Breach + The Password File in BSD Unix + Enter the Virus + A Typical Scenario + Modifying master.passwd + Access Rights + The Snoopy Source + Exercises o Operating System Holes and Covert Channels + Operating System Basics + Compromising the System + Microsoft Idiosyncrasies + Why a Virus is Needed + The KBWIN95 Virus + More Covert Channels + The Capture Software Source + The KBWIN95 Virus Source + Demonstrating the KBWIN95 + Exercises o A Good Virus + Why a Virus? + 1. Virus Technology + 2. Self-Reproduction + Dishonest Employees + The File Buffer System + The Physical Disk + Operation of the KOH Virus + Infecting Disks + Encryption + The Interrupt Hooks + Ctrl-Alt-K: Change Pass Phrase + Ctrl-Alt-O: Floppy Disk Migration Toggle + Ctrl-Alt-H: Uninstall + Compatibility Questions + Legal Warning + The KOH Source + Exercises * Appendix A: ISR Reference o Interrupt 10H: BIOS Video Services o Interrupt 13H: BIOS Disk Services o Interrupt 1AH: BIOS Time of Day Services o Interrupt 20H: DOS Terminate o Interrupt 21H: DOS Services o Interrupt 24H: Critical Error Handler o Interrupt 27H: DOS Terminate and Stay Resident o Interrupt 2FH: Multiplex Interrupt o Interrupt 31H: DPMI Utilities o Interrupt 40H: Floppy Disk Interrupt * Appendix B: Resources o Inside the PC o Assembly Language Programming o Viruses, etc.

udp://tracker.openbittorrent.com:80
udp://open.demonii.com:1337
udp://tracker.coppersurfer.tk:6969
udp://exodus.desync.com:6969

perlxyz (2008-12-17)

thanks

ODBC (2011-12-26)

Thank you for sharing!