_______ _______ __________ _____________________ \ | | / / __ \ \ / | | | | | / \ | | | *************| |_/ |*| \__/ |*| |***************** *************| |*| |*| || || |***************** **************\______ |*| __ |*| || || |***************** *********************\ |*| || |*| |*\_/*| |***************** ________| | | || | | | | | / | | || | | | | | /_____________/ /_______\\_____\ \____\ /______\ þ Youngsters Against McAfee þ Present Intro To .COM Infecting Part II of an on going series of the Totally Whacked Out Virus Writer's Manual By Admiral Bailey [YAM] ______________ --| Disclaimer |------------------------------------------------------------ ~~~~~~~~~~~~~~ I Nor Any member of YAM is not responsible in any way for any damage done by this manual. Or anybody that reads this manual. There simple and small. ____________________ --| Copyright Notice |-(C)opyrite 1992-------------------------------------- ~~~~~~~~~~~~~~~~~~~~ This thing is copyrighted by me. Do not change anything in it and release it as your own. If you like it that's good. If you don't then do better. If you caught releasing this as your own you will be dealt with accordingly. I will make sure of this. Now onto the good stuff... again! ________________ --| Introduction |----------------------------------------------------------- ~~~~~~~~~~~~~~~~ Imagine one day downloading VSum and looking through it only to find out that your virus has made it in there. And it also having the line 'I don't know what this virus does other then replicate' in the description. Boggling McAfee and Patty all because you decided to write a simple virus that to them is a pain in the ass. Well now your dreams can come true. In this part of the TWOVWM (Totally Whacked out Virus Writer's Manual) i will be explaining the process of .COM infecting in a very detailed manner. You may get bored from all the reading that you have to do but you will know exactly how to infect .COM files by the time you are done reading this. But before you read this I recommend that you read the first Manual on overwriting virii. It has most of the basic's and i will not repeat anything in that manual when it comes to the coding time. __________________________ | Why Am I Writing This? | ~~~~~~~~~~~~~~~~~~~~~~~~~~ I have never come upon anything that explains virii in detail. Explaining why to do this and how to do this. By writing this I'm putting something out into the world of virii that will contribute to better virii being made. _________________________________ | What Type of Virus This Time? | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In this Manual I will be talking about how to write .COM infecting virii. What are they? Basically they are virii that infect any file that fits the criteria of '*.COM'. Its one of the 3 types of executable files. There are Batch, .EXE (Explained in a later part), and .COM. Infecting .COM files is the second easiest virus to write next to the over writer. What a .COM infecting virus does is search the current drive for a .COM file and infect it by altering the first jump (Explained later) so that instead of immediately running the program the virus is run first and then control is given back to the original file. The advantages of this type of virus is that you can replicate on a system without the user finding out. You can do many thing to make it harder for the person to figure it out. But I'll save that for another part. Basic Concept Of A .COM Infecting Virus: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File Before Infected : _________________________ | JP | Original Program | ~~~~~~~~~~~~~~~~~~~~~~~~~ Ä[- All the program does is jump to the program (Note JP-Jump Program) and executes the program. File After Infected : ______________________________________ | JV | Original Program | Virus | JP | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Ä[- Before the program is run the program first jumps to the virus (Note JV - Jump Virus) executes the virus and then jumps back to the original program. (Note the JP) _______________________ | What Will You Need? | ~~~~~~~~~~~~~~~~~~~~~~~ In order for you to create your first .COM infecting virus you will need as usual: þ TASM (Latest Version). Its the best! þ Knowledge of assembly. Duh!? Whats Dat??? But other things I recommend are: þ The first part of the TWOVWM. (Wow what a name.) It gets into the basics of virii ect. þ A good debugger. A lot of people like Turbo debugger but personally I like debug because its quick and simple. þ Ralph Browns Interrupt list. Its pretty big (1 meg). But it has almost every interrupt that you can call on a computer and its getting bigger. Even has some undocumented calls. þ Any virus mag. I personally like NUKE's because it has a lot of info in it. But Evolution is still on top. :) þ Sourcer so you can get a commented source of other virii that you have. þ Evolution Mag. YAM's mag. A must have because of its articles ect.. check it out for yourself. _____________________ --| Let's Get Writing |------------------------------------------------------ ~~~~~~~~~~~~~~~~~~~~~ Now since this is going get quite complicated for beginners I will first illustrate what will be happening in your program by using a flow chart. After that we will go through the process of actually infecting bit by bit. The virus that I will use for this will be a variant of the Wild Thing virus that I wrote. I'm not going give out the exact source because... well because. And for all you K-Rad /