The nature of the virus by koms bomb / cvc.ga
The purpose of this article is to explain how easy it is to write a virus. First, the virus myth us first look at the "excitement" and "excited" virus technology. 1, CIH, simply became myth, CIH's author also became an idol of countless people. This myth is blown out of AVER. This idol is just a continuation of the Chinese people blindly worship. Foreigners have no smell. See what this virus is there? 1K multi-point code, what can I have? I think this virus is the only place to be very optimized. This kind of optimization is, in fact, it is not difficult to say, as long as some compilation programming experience, plus a instruction manual (at least the command length), there is enough patience, it can do it. What else else? Enter Ring 0? I have already had it, and then someone who knows some protection model knows that using GDT / IDT / LDT can be privileged, common sense. The file size after infection is constant? People who know the PE format know how much empty. Use VXD technology? Flash bios? As long as you can find these information, what is difficult? VXD is nothing more than playing some int 20h, flash bios is nothing more than writing some ports. Call interrupt, write port, who won't? But how to adjust the interrupt, write which ports, you need to know the relevant information. I can't write VXD-based viruses, I will not flash Bios because I don't have information on this. Take a look at the "hot" virus technology. 2. Cross the platform virus. Cross Windows and Linux, is the same X86 directive, is there any special? Basically, this cross-platform virus, a common part of the transformation, and the OS-independent code, and the OS is separated. For example, in Windows, call the API, and use int 80h on Linux (no mistake to break, I have no research on Linux). In fact, it is equivalent to the merger of two viruses. This virus is obviously easy as long as there is information called related system. In fact, it is not difficult to write a virus for different CPUs. Just infect different code for different files, then the code of the OS or CPU is not executed as data. By the way, what is the use of cross-platform? How many PE files on the Linux machine? How many ELF files on Windows? 3, .NET virus. Is there a fresh? Does Java also have a virus? Just master MSIL assembly, write a real .NET virus is not difficult. It is worth mentioning that two of the first fried. Net virus actually finely andcomponed. The one of the 29A is written in X86. It is a little bit a little bit. The .NET is architecture in MSIL, is an intermediate language, X86 assembly is simply not related to .NET. I didn't carefully see this virus code, but I estimate that there are some operations that differ from PE in EPE format, and generally, it is a PE virus. The C # virus of "17-year-old teenage girl" is. Net virus, but worth a blow? You, talking about you, go see C # syntax, then look at some .NET Framework, I believe you can use C # to write a program that can send yourself through mail, this is a fashionable .NET virus. 4, Metamorphism. It was simply blown by AVER. This thing is that it is actually re-coding your own code.
The process is, disassemble your code, rewrite (such as MOV EAX, ESI can write into a Push ESI; POP EAX, etc.), insert garbage code. Of course, it is best to delete the garbage code in the next generation. How to judge garbage code? Obviously see the purpose of the purpose of a directive is not used as a source of source operation, and it can be considered garbage. This thing is playing with machine code skills, as long as you put an Intel's instruction manual in hand, add enough patience, you want to re-coding the code, it is not difficult. But writing this thing is really cumbersome, it can be said that it is very cumbersome, the code written is also very large, no practical value. I will re-consider a semi-metamorphism in the future, it is not difficult, but I'm small, if eNGine exceeds 8K, I will give up.
Second, the essence of viruses, everyone thinks that the virus is mysterious, in fact, because everyone did not understand the virus, AVER also advocated (this phenomenon is particularly serious). What is the virus in the end? The virus is a program that is different from ordinary programs that it will copy themselves, this is the most important difference. There are many ways to copy, directly copy, interior through the network, insert other executable files, etc., but the implementation of these methods is also a program, and there is no special place. In fact, writing viruses and writing ordinary procedures, there is no need to be too high. Why do I say this? Programming is just technology, the basics of this technology is very shallow, it can be said to be very shallow, and there is no step. If you have to do a physicist, you must first learn the physics of middle school, otherwise you will learn not to learn. But if you want to make a compilation program (sound looks very deep), you don't have to learn Basic first, learn from PASCAL and C, and finally learn, you can have a compilation from the beginning, there is no problem. Many people claim to be masters with their own understanding of the core, but where is this? Maybe he spent three months discovered a system of core secrets, just a programmer of M $ using an hour to write. This also created a lot of "genius boy / girl", teenage children can write a good procedure or virus, let everyone feel that it is a genius. In fact, I will definite a 10-year-old child's understanding of programming knowledge will not be better than me, and even better because of my little memory, everyone thinks that I have a problem with my IQ? Maybe, but the child is better than you. The Chinese people's "genius teenagers" in the computer are always in Jinjin, in fact, just stupidity. Programming does not require IQ, but requires information. If you don't master a certain number of Win32 API, you can't help write the style of Win32 program. In fact, this thing is also related to substance power, why do foreign countries have many "genius teenagers"? Because of their IQ? Obviously, the Chinese IQ is at least not lost to Western. Mainly because they are more affluent, you can contact your computer very early, and have money to go online, and you can get a lot of useful information. Relying on, I have to complain about it, I officially started to expose the computer or graduated in 2000. When I was teen, I didn't have money, let alone computer, now I will take a cat online. I said so much. In fact, one conclusion is that writing viruses and writing ordinary procedures, does not require IQ (of course IQ does not be too low, if I don't be less than 80, unless I really have another genius, otherwise don't play the program is good ), But require information, this indirect requires material power. Therefore, the virus is not mysterious, not mysterious, it is not difficult, it can be said to be quite simple, because they are usually small, the biggest do tens of K. I am now gradually understanding, even if it is easy to use with Delphi, it is also a more difficult thing to have more complicated, and it is necessary to have a comprehensive idea, scientific module division, and so on. Although the virus is simple, there is also a very fun place because it is copying yourself. How to reproduce them faster, how to conceal yourself makes users not easily discover the traces of the virus, is my main research target.
This goal clearly violates the "XX Spirit" of some Gussi (they advocated hackers, but I will not black, only to poison, is a drug, but this is the essence of viruses, if It is not called viruses, and there is no need to study viruses, and there is not as good as possible. This kind of guardian, advocating the "new", "high-profile" technology to write a virus, the virus is the "academic virus", "concept virus". But what is this virus? In addition to the opportunity to blow the AVER, it is useless. In addition to CIH, I am basically this virus. Everyone can look at it, where is new technology? Where is it high-profile? It is worth noting that the old article "After the Heroic Age of Heroes", many people think that "benefiting the flies", I still say two sentences in order not to miss everyone. This article generally is in his nuts. "AV company's general engineer, play Softice's technique, far without Cracker"? I really don't know if Aver is familiar with Si, but this sentence has two big problems, 1), can play Si skills represent the level? Well, I am playing Si from now on, I am fine in Si after a month, then I am a master? This is simply not a human logic. 2) Study the virus must use Si? I debug the virus mainly uses VC, Si just auxiliary, very convenient. "Imagine anti-virus's sample analysis engineer," **, the original virus can also be edited like this ", then the mood is tense to give the sample to the company's senior high-end people seek pointing. They are full of satisfaction." Nuts, who believes in Symantec in Nimda, Klez, Bugbear, how to take out the solution in a few hours? "But use a similar social engineering or a method of psychology." Of course, those senior VXERs are not shameful, they never spread to their virus spread widely, these people are somewhat Similar to the gentleman of the old hackers, these people have really appreciated ", not everyone can make Social Engine, good S / E will be admired by people around the world (set with Gussi, The world exclaimed, "**, this can be wanted to get"), one person can be very patient, you can have a deep research on the core, this is not mysterious, but the good S / E requires a light flash. The virus that cannot be widely spread is obviously not a good virus. Whether it is superb (and basically as I said, there is no superb technology), and the viruses and hackers are different, the hacker black website, the truly morality should not be It is destroyed, but he has the ability to break 10,000 websites. Some moral viruses should not be destroyed, but the ability virus can infect 10 million machines, this is nothing wrong, this is what the virus should do, of course, the ability to infect is not necessarily infected, not necessarily release, But the ability to verify infection usually needs actual combat. There is also that he is also the kind of guardian I said, which advocates the hacker spirit. In fact, if everyone follows his spirit, then the ending is that all the best technique is studying unrealistic technology, there is no practical . Overall, a non-understanding of viral nature, there is no understanding of the virus, there is no person who wrote a virus, does not match this article.
I have always been angry with the ignorant people who are still in CiH and other viruses to God, and there are too many people in China, so I wrote this article because I am angry, so there is an improper speech. Everyone forgive me, if you feel angry with me, you can theory, but don't swear. Welcome to reprint, please indicate by koms bomb / cvc.ga. Also: I found that the window of Shenzhen has turned my article from 9cbs, but removed all the author information, I gave them a letter called them to correct, and there is no echo. This kind of behavior is extremely despicable, if an irritation will play with fire!
