mirror of
https://github.com/opsxcq/mirror-textfiles.com.git
synced 2025-08-26 21:14:52 +02:00
123 lines
5.2 KiB
Plaintext
123 lines
5.2 KiB
Plaintext
|
|
Trurl Variable Encription Device
|
|
Version 1.0á - Beta Release
|
|
Written By Trurl, the great constructor
|
|
The First Polymorphic Library Writen in Argentina
|
|
Not To be Distributed to the main public
|
|
|
|
DISCLAIMER
|
|
You are free to include this library in your virus or your Trojan
|
|
Horses. Any other kind of use is prohibited. You are free to give this to any
|
|
other person that is going to use it for his/her virus. The Author can not be
|
|
held responsible for any damage caused by virus that use this polimorfic en-
|
|
gine.
|
|
|
|
HOW IT WORKS
|
|
Unlike the other polimorfic engines, this one is so simple to use that
|
|
you don't need to read the whole document to proceed, it's enough that you read
|
|
the 'Parameters' part. (gna!).
|
|
If you've never writen a virus before, you can start using this library
|
|
or not, it's up to you and to your capabilities.
|
|
Now let's go to the technical stuff.
|
|
This engine has been writen under Turbo Assembler V 3.1, and we
|
|
recommend that you use this assembler to compile the viruses that will carry
|
|
the engine.
|
|
This engine francly cannot compete to others like te MtE or the TpE,
|
|
but it has the advantage that it cannot be detected, and it won't be for some
|
|
period of time. But, though it has not the tremendous capabilities of MtE, it
|
|
CAN polymorph your virus. The engine will encrypt your code each time with a
|
|
diferent encryption key, and will generate a decryption routine that will be
|
|
different each time. This decryption routine will have a variable length.
|
|
The engine uses two methods of varying the decryption routine:
|
|
The first consists in the variation of the registers of work. Some
|
|
algorithms can be programmed using diferent registers, and still work in the
|
|
same way. We use this principle and vary the registers of the decryption rou-
|
|
tine in a almost random way.
|
|
The second consists of adding trash-nothing-doing-orders of the type of
|
|
'nop'. The number and the length of this orders is randomly decided, chosing
|
|
among a few diferent 'nop' style orders.
|
|
Another advantage of the engine is its incredibly little size: it is
|
|
only 667 bytes long.
|
|
|
|
HOW THE PHUCK DO I USE THIS SHIT?
|
|
Good question. We assume that you will use TASM 3.1 or higher to com-
|
|
pile your virus. You need to add an 'extern' declaration like:
|
|
|
|
extrn Polymorph: proc
|
|
|
|
When you need to encrypt the code, you call the engine this way:
|
|
|
|
call Polymorph
|
|
|
|
Then you must link the engine to your virus:
|
|
|
|
tlink [/t] your_virus tved
|
|
|
|
PARAMETERS
|
|
The input parameters are very simple:
|
|
|
|
DS:DX Code to encrypt
|
|
This is the code of your virus. (plus the engine).
|
|
CX Length of the code
|
|
This the length of the code, plus the length of the engine, wich is
|
|
684 bytes.
|
|
SI Offset in wich the virus will begin running
|
|
This is the offset in wich the decryption routine will take control.
|
|
For example, if you are making a COM overwriting virus, this will be 100h.
|
|
ES:DI
|
|
Working Buffer. Here is where the engine will work and where it will
|
|
leave you the decryption_routine + encrypted code. There has to be enough space
|
|
for the code of your virus plus the code of the engine (684 bytes) plus the code
|
|
of the decryption routine. (The length of this routine varies between 32 and
|
|
212 bytes) So we recommend you have in this buffer at least 212+684+Lengt_of
|
|
your_virus.
|
|
|
|
The output paramters are:
|
|
|
|
CX Final Length of the decryption routine
|
|
|
|
All other registers are preserved
|
|
|
|
STACK USE
|
|
The engine will not need much stack space. It uses aproximately 40
|
|
bytes for stack storage. So you don't need to use a private stack when resi-
|
|
dent.
|
|
|
|
RANDOM NUMBERS
|
|
The random numbers used by the engine are generated by a routine that is
|
|
inside the OBJ file. In future versions, we will allow you to make your own
|
|
random number generators
|
|
|
|
FINAL NOTES
|
|
Well, i hope i haven't forget anything. Feel free to investigate and
|
|
experiment with the engine. If you have any doubts regarding its usage, please
|
|
look at the demo virus (called Bonsembiante) or at the test program. If you
|
|
include it in your virus, make sure that the engine does work the way you
|
|
expected, and if it does'nt or if you have any sugestions, any comments or
|
|
any other thing that you like to tell me, contact me.
|
|
Here you have some comments regarding the Bonsembiante virus and the
|
|
test program:
|
|
|
|
Bonsembiante Virus:
|
|
This is a COM, overwriting, non-resident virus, made only to be an
|
|
example for the use of the engine. We give up the source code of the virus.
|
|
Note that this is a totally unremarkable virus.
|
|
|
|
Test Program:
|
|
This program uses the engine to modify itself each time it is runned.
|
|
Thus, if you look at it now, then run it, and then look at it again, you will
|
|
not be able to find one byte that is equal. We also give up the source of this
|
|
program.
|
|
|
|
CONTACTING ME
|
|
You can find me in this BBS's in Buenos Aires:
|
|
COPY GAME BBS ; if you don't
|
|
VIRUSES BBS ; know the numbers
|
|
Dionysios BBS ; get them. jajaja
|
|
Satanic Brain
|
|
The latest release of the Engine should also be available at these BBS's.
|
|
Pass the Engine (all files together in an archive) to virus programmers only.
|
|
Greatings to all virus programers spread around the world, and specialy to
|
|
Argentinian Virus Programers!
|
|
|
|
Trurl, the great constructor, 8/3/94. |