Let's walk through this virus source code, shall we? - Page 2

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Re: Let's walk through this virus source code, shall we?

Dustin presented the following explanation :
Quoted text here. Click to load it

Now *that's* scarey shit.



Re: Let's walk through this virus source code, shall we?

p5b8pIo7NnZ2dnUVZ8tOdnZ2d@brightview.co.uk:

Quoted text here. Click to load it

Cute message btw.. [g]


--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the way.
I ain't got much time. Young ones close behind. I can't wait in line.


Re: Let's walk through this virus source code, shall we?

Ant wrote:

Quoted text here. Click to load it

Boo!  <g>


Re: Let's walk through this virus source code, shall we?


Quoted text here. Click to load it

hehehe


--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.


Re: Let's walk through this virus source code, shall we?

"RayLopez99" wrote:

Quoted text here. Click to load it

Sure but there's probably not much point since this is 16-bit code for
an MS-DOS environment; e.g. running under debug (or ntvdm) on a 32-bit
variety of Windows. It won't run on 64-bit Windows at all unless in an
emulator like DOSBox.

MS-DOS uses interrupt 0x21 (int 21) to provide system services to
application programs and that's all these little examples are doing -
calling int 21. Int 21 requires a function number and parameter(s) to
tell it what to do.

From my code:
 mov dx,010c ; address of a string to DX register
 mov ah,09   ; "display string" function number in AH register
 int 21      ; invoke the function

I suggest you consult a DOS reference for int 21 usage if you're
interested but this knowledge will be of no use for writing programs
to run on Windows.

Quoted text here. Click to load it

Dustin has explained that (difference between 'com' created by debug
and 'exe' created by nasm).



Re: Let's walk through this virus source code, shall we?

4nNnZ2dnUVZ8j8AAAAA@brightview.co.uk:

Quoted text here. Click to load it

All true.
 
Quoted text here. Click to load it

All true. He should head for win32/64 and perhaps linux asm...
 
Quoted text here. Click to load it

Yep.

I was learning nasm then.. demo skeleton.. hehehehe


--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the way.
I ain't got much time. Young ones close behind. I can't wait in line.


Re: Let's walk through this virus source code, shall we?


Quoted text here. Click to load it

You still with us Ray? All confused two ways from sunday now eh? :)

I told you I know this stuff. I wasn't bsing you. hehehe.

Quoted text here. Click to load it

You ever going to comment further? I've posted two that'll do what you
asked for. Ant converted mine to a .com file suitable for debug.. Whats up
dude? Anything else cheeky you wanna say now?
 



--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the way.
I ain't got much time. Young ones close behind. I can't wait in line.


Re: Let's walk through this virus source code, shall we?


Quoted text here. Click to load it

Here's another quickie I wrote up for you. It creates a file and dumps a
text string into it. The same string it  prints on the screen. The text
file will be 39 bytes in length, named Ray.txt.

segment code

start:
mov ax,data
mov ds,ax
mov ax,stack
mov ss,ax
mov sp,stacktop

mov dx,hello
mov ah,9
int 0x21

mov ah,0x3c
mov cx,0
mov dx,files
int 0x21

mov [filehnd],ax

mov ah,0x40
mov bx, [filehnd]
mov cx,[msglength]
mov dx,hello
int 0x21

mov ah,0x3e
mov bx,filehnd
int 0x21

mov ax,0x4c00
int 0x21

segment data

hello: db 'Hi! Ray How did I get created Today?',13,10,'$'
files db 'ray.txt', 0
filehnd dw 1
msglength dw 38


segment stack stack
resb 64
stacktop:




--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.


Re: Let's walk through this virus source code, shall we?


Quoted text here. Click to load it

38 bytes in length, sorry. [g]

Go ahead, google around for this source code if you think I stole it.

heres the directory dump:

 Volume in drive C has no label.
 Volume Serial Number is B051-3A91

 Directory of C:\PROGRA~1\nasm

08/03/2012  10:36 PM               518 RAY.ASM
               3 File(s)          1,036 bytes
               0 Dir(s)  24,318,357,504 bytes free



--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the way.
I ain't got much time. Young ones close behind. I can't wait in line.


Re: Let's walk through this virus source code, shall we?

Quoted text here. Click to load it
 
procedure ENDDRAG(DROP:BOOLEAN)
function GETTEXTBUF(BUFFER:PCHAR;BUFSIZE:INTEGER):INTEGER
function GETTEXTLEN:INTEGE
procedure SETTEXTBUF(BUFFER:PCHAR)
function PERFORM(MSG:CARDINAL;WPARAM,LPARAM:LONGINT):LONGINT
function SCREENTOCLIENT(POINT:TPOINT):TPOINT  
  
TControl  
TWINCONTROL  
TWinControl  
Parent  
Longint  
Handle    
Boolean    
Showing    
Integer    
TabOrder    
TabStop    

function CANFOCUS:BOOLEAN  
function FOCUSED:BOOLEAN  
TCONTROL INTEGER  
CONTROLS  
INTEGER  
CONTROLCOUNT  

function HandleAllocated: Boolean;
procedure HandleNeeded;
procedure EnableAlign;
procedure RemoveControl(AControl: TControl);
procedure InsertControl(AControl: TControl);
procedure Realign;
procedure ScaleBy(M, D: Integer);
procedure ScrollBy(DeltaX, DeltaY: Integer);
procedure SetFocus; virtual;)  
procedure PAINTTO(DC:Longint;X,Y:INTEGER)
function CONTAINSCONTROL(CONTROL:TCONTROL):BOOLEAN
procedure DISABLEALIGN
procedure UPDATECONTROLSTATE
TBRUSH
BRUSH
LONGINT

HELPCONTEXT S
TControl
TGRAPHICCONTROL S
TWinControl

Re: Let's walk through this virus source code, shall we?


Quoted text here. Click to load it
<snip garbage>

You could have just said you didn't know.

I told you and Ray from the getgo, You're both way out of your leagues
with me on these subjects.



--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.


Re: Let's walk through this virus source code, shall we?

Quoted text here. Click to load it

I see mov ax,0x4c00 as a
  
cf64CommonFilesdirectory64bit1
groupThepathtotheprogramgroup1
+sendtoThepathtothecurrentusersSendTofolder1

Maybe You and Ray,
both out of Pascol Scripting leagues,
you can InnoIDE that Dustin..

%userappdataThepathtothedesktopfilder1
0commonappdataThepathtotheApplicationsDatafolder1
%userdesktopThepathtothedesktopfolder1
'commondesktopThepathtothedesktopfolder1
&userdocsThepathtotheMyDocumentsfolder1
(commondocsThepathtotheMyDocumentsfolder1


garbage is just  your little micro...  

Re: Let's walk through this virus source code, shall we?


Quoted text here. Click to load it

Again, you're an idiot. mov ax,0x4c00 is the dos function for exit
program. I call it via interrupt 21 "int 21". Combined, it's the equ of
end in BASIC.

This has nothing whatsoever to do with the code I posted.
 
Quoted text here. Click to load it

Language barrier issue aside, you really are an idiot. Why? You're
posing as someone you aren't. IE: programmer.
 



--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.


Re: Let's walk through this virus source code, shall we?

Quoted text here. Click to load it

Yeah, I'm a computer programmer.
I write computer programs.
Constantly.

For AX is not a DOS only Function,
and a minimal Basic interpreter..

As for MDC-IE: Plug-In programming,
I have not post one at no time,

For the Pascol Script above,
was not in the right Format in the first place..

But it may take 5 to 6 years to get ray,
to a high-level languages in a newsgroups..
 

Re: Let's walk through this virus source code, shall we?


Quoted text here. Click to load it

Anyone can script. HTML is now taught in grade school so I'm told.
 
You just tried to reverse engineer my source and bullshit your way out
of it, because you don't understand code and what it's doing. I called
you out. Anyone who can read asm, will know you're bullshit!

Quoted text here. Click to load it

AX is a cpu register. The source code above isn't basic. It's assembler.
16bit DOS assembler.
 
Quoted text here. Click to load it

You're both dumb. Really.

--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.


Re: Let's walk through this virus source code, shall we?


Quoted text here. Click to load it

You children are a hoot!

In microcomputers, I started out with 8008 machine language. Octal.
I hope I grew from there...

Chris (real name)


Re: Let's walk through this virus source code, shall we?

Chris S. used his keyboard to write :
Quoted text here. Click to load it

Whatever happened to the "R" register?



Re: Let's walk through this virus source code, shall we?


Quoted text here. Click to load it

Motorolla cpu was my first.. coco3. [g]
 
Quoted text here. Click to load it



--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.


Re: Let's walk through this virus source code, shall we?

Quoted text here. Click to load it

.386
.model flat,stdcall
option casemap:none

include bughunter.inc

.code
start:
invoke GetModuleHandle, NULL
mov    hInstance,eax
invoke GetCommandLine
invoke WinMain, hInstance,NULL,CommandLine, SW_SHOWDEFAULT
invoke ExitProcess,eax


 
Quoted text here. Click to load it
it a 386 assembler in a 16bit..
In a 32bit and a 64bit world LOOL
 
Quoted text here. Click to load it

Mmm bughunter in 32bit windows look good,
in DOS is dumb.......

WinMain proc hInst:HINSTANCE,hPrevInst:HINSTANCE,CmdLine:LPSTR,CmdShow:DWORD
LOCAL wc:WNDCLASSEX
LOCAL msg:MSG
LOCAL hwnd:HWND

mov wc.cbSize,SIZEOF WNDCLASSEX
mov wc.style, CS_HREDRAW or CS_VREDRAW
mov wc.lpfnWndProc, OFFSET WndProc
mov wc.cbClsExtra,NULL
mov wc.cbWndExtra,NULL
push hInst
pop wc.hInstance
mov wc.hbrBackground, COLOR_WINDOW+1
mov wc.lpszMenuName, OFFSET MenuName
mov wc.lpszClassName, OFFSET ClassName
invoke LoadIcon, NULL, IDI_APPLICATION
mov wc.hIcon,eax
mov wc.hIconSm,eax
invoke LoadCursor, NULL, IDC_ARROW
mov wc.hCursor,eax
invoke RegisterClassEx, addr wc
invoke CreateWindowEx, WS_EX_CLIENTEDGE, ADDR ClassName, ADDR AppName,\
WS_OVERLAPPEDWINDOW, CW_USEDEFAULT, CW_USEDEFAULT, 300, 200, NULL, NULL,\
hInst, NULL
mov   hwnd,eax
invoke ShowWindow, hwnd, SW_SHOWNORMAL
invoke UpdateWindow, hwnd

.while TRUE
invoke GetMessage, ADDR msg, NULL, 0, 0
.break .if (!eax)
invoke TranslateMessage, ADDR msg
invoke DispatchMessage, ADDR msg
.endw

mov eax,msg.wParam
ret
WinMain endp

Re: Let's walk through this virus source code, shall we?


Quoted text here. Click to load it

More bullshit.
 
Quoted text here. Click to load it

Lay off the beer.
  
Quoted text here. Click to load it

look good in 32bit windows? How pray tell does it look good in windows
and look different in DOS?


--
Things look bad from over here. Too much confusion and no solution.
Everyone here knows your fear. Your out of touch and you try too much.
Yesterdays glory will help us today. You wanna retire? Get outta the
way. I ain't got much time. Young ones close behind. I can't wait in
line.


Site Timeline