info/mirror-textfiles.com
1
0
Fork 0
mirror of https://github.com/opsxcq/mirror-textfiles.com.git synced 2025-08-20 09:41:57 +02:00
Code Issues Releases Wiki Activity
Files
gh-pages
mirror-textfiles.com/virus/DOCUMENTATION/vcl.txt

518 lines
21 KiB
Plaintext
Raw Permalink Blame History

Documentation for
Nowhere Man's
²²²²²²² ²²²²²²² ²²²²²²²²²²²²²²²²²² ²²²²²²²²²
²²²²²²² ²²²²²²² ²²²²²²²²²²²²²²²²²²²² ²²²²²²²
²²²²²²² ²²²²²²² ²²²²²² ²²²²²² ²²²²²²²
²²²²²²² ²²²²²²² ²²²²²² ²²²²²²²
²²²²²²² ²²²²²²² ²²²²²² ²²²²²²²
²²²²²²² ²²²²²²² ²²²²²² ²²²²²²²
²²²²²²² ²²²²²²² ²²²²²² ²²²²²²²
²²²²²²² ²²²²²²² ²²²²²² ²²²²²²²
²²²²²²² ²²²²²²² ²²²²²² ²²²²²²² ²²²²
²²²²²²²²²²²²² ²²²²²² ²²²²²² ²²²²²²² ²²²²²
²²²²²²²²²²² ²²²²²²²²²²²²²²²²²²²² ²²²²²²²²²²²²²²²²²
²²²²²²²²² ²²²²²²²²²²²²²²²²²² ²²²²²²²²²²²²²²²²²²
Virus Creation Laboratory
Version 1.00
Copyright (c) 1992 Nowhere Man and [NuKE] WaReZ
V.C.L. and all documentation written by Nowhere Man
------------------------------------------------------------------------------
"And did you exchange a walk-on part in the war for a lead
role in a cage?"
- Roger Waters
------------------------------------------------------------------------------
Trademarks
----------
[NuKE] and [NuKE] WaReZ are trademarks of [NuKE] International
Software Development Corperation.
Borland C++, Turbo Assembler, and Turbo Linker are registered
trademarks of Borland International.
Microsoft is a registered trademark of Microsoft Corporation.
Microsoft: Proud to bring you ten years of the 640k limit.
Legalese
--------
Nowhere Man and [NuKE] WaReZ are hereby not responsible for
any damages caused by the use or misuse of Nowhere Man's Virus
Creation Laboratory (V.C.L.) nor by the use or misuse of any program
produced, in whole or in part, by V.C.L. The author, Nowhere Man,
will not be held responsible for any losses incurred, either
directly or indirectly, by the use of this product or by the use of
any program generated, in whole or in part, by this product. This
product is distributed "as is" with no warranties expressed or
implied. Use this product entirely at your own risk. The author
makes no guarantees as to the correct functioning of this product.
The author reserves the right to make modifications at any time
without prior notice.
All code produced, in whole or in part, by Nowhere Man's Virus
Creation Laboratory (V.C.L.) automatically becomes the sole
property of Nowhere Man and [NuKE] WaReZ. All binary code produced
from assembler source code generated in whole or in part by V.C.L.
likewise becomes the sole property of Nowhere Man and [NuKE] WaReZ.
Any use of such code, in whole or in part, for the purpose of
inclusion in a product, commerical or otherwise, designed to detect
or eliminate said code on an electronic medium is expressly
forbidden without the full written consent of Nowhere Man and
[NuKE] WaReZ. This includes, but is not limited to, virus
detection and removal programs, CHK4BMB-type products or other
products designed to detect potentially damaging code within
programs, and programs designed to detect the presence of a
sequence of binary data within a computer program.
Source and binary code produced by V.C.L. may be freely
distributed and studied, so long as such distribution and research
is not for the purpose of examining said code to determine
weaknesses and/or methods of detection and/or removal on an
electronic medium.
Any reverse-engineering, disassembly, or other attempts to
determine the nature of code known to be produced by V.C.L. for
purposes such as those enumerated above is likewise expressly
forbidden without the full written consent of Nowhere Man and
[NuKE] WaReZ.
Notices
-------
V.C.L. is a potentially dangerous program, and great care
should be using when experimenting with *any* virii, trojans, or
logic bombs produced by it. When you format your hard disk or
infect every file you've ever accessed don't say we didn't warn
you. When distributing this program please carefully consider
whether or not the person to whom you are giving it will be
responsible enough to use it properly. Please be careful.
When distributing virii, trojans, or logic bombs created with
V.C.L., please give credit to Nowhere Man's Virus Creation
Laboratory. Editing out the [VCL] marker in virii is a no-no.
It's five lousy bytes. I spent months on this project, the least
you can do is give me some credit.
Introduction
------------
Welcome to Nowhere Man's Virus Creation Laboratory, a product
to re-define the virus-writing community. No longer does one need
to spend weeks writing and debugging assembly language to produce
a working, competitive virus. With V.C.L. all of the work is done
for you -- you just choose the options and effects of the virus,
and it does the rest, leaving you free to experiment with different
effects and concentrate on creativity. What was once a matter of
hours, days, or even weeks is reduced to a few minutes in the slick
V.C.L. IDE. Some of the key features of V.C.L.:
o Professional-quality Integrated Development
Environment (IDE). Modeled after Borland's award-winning
Turbo Languages' IDEs, this easy to use shell is menu-
driven and features context-sensitive on-line help and
full mouse support. Menuing system is CUA-compliant.
o Creates appending, overwriting, and spawning virii, as
well as trojan horses and logic bombs. The fully-
commented assembler output is optimized when possible.
V.C.L. can also shell out to an assembler (not included)
of your choice to automatically assemble and link the
virus/trojan/logic bomb.
o Ability to change the virus's virulence (rate of
infection), method of file search (PATH search, directory
tree, etc.), and/or add code to prevent tracing and
disassembly. Virii and trojans may also be encrypted.
o Customizable. All colors are re-definable, and other
aspects of the IDE are changeable. New procedures may
be added to the effects/conditions list (or old ones
may be deleted).
As you can see, V.C.L. is *the* way to produce virii. The
fully-commented assembler output is great for learning the trade,
and more experienced programmers will enjoy the ability to add to
V.C.L. and use the output as a staring point for a custom-made
virus.
Requirements
------------
V.C.L. requires the following to operate:
o an 80286 processor or better
o 512k or more of free memory
o MS-DOS v3.0 or higher (v4.0 or higher recommended)
And optionally:
o A Microsoft-compatible mouse
o A MASM-compatible assembler (preferably TASM)
Note that the DOS utilities LINK.EXE and EXE2BIN.EXE, as well
as your assembler, must be in your path if you want to produce .COM
and/or .OBJ files. All files needed for V.C.L. should be located
in the same directory.
File List
---------
The following files should be present in the .ZIP you
received. If any files are missing or appear to be changed please
delete V.C.L. and get an guaranteed-genuine copy from any
authorized [NuKE] site.
Installation files
------------------
INSTALL.EXE Installation program for V.C.L.
INSTALL.DOC Documenatation for INSTALL
NMVCL.ZIP .ZIP containing remaining files
(Note: These files can be deleted once V.C.L. is installed)
Essential files
---------------
VCL.EXE Main executable
VCL.CFG Configuration file
VCL.DAT Routine data
VCL.HLP On-line help
Other files
-----------
VCL.PIF Windows program information file for V.C.L.
VCL.ICO Windows icon for V.C.L.
FILE2DB.COM File to data utility (see FILE2DB.DOC)
TESTBOMB.C C logic bomb test module
TESTBOMB.PAS Pascal logic bomb test module
Documentation
-------------
VCL.DOC Main documentation (this file)
ROUTINES.DOC Description of included routines
EXAMPLES.DOC Description of example creations
FILE2DB.DOC Documentation for FILE2DB
Examples
--------
KINISON.VCL Kinison Virus
CODEZERO.VCL Code Zero Virus
PEARLHBR.VCL Pearl Harbor Virus
EARTHDAY.VCL Earth Day Virus
VMESSIAH.VCL Viral Messiah Virus
DONTELLO.VCL Dontatello Virus
YANKEE-2.VCL Yankee-Doodle ][ Virus
RICHARDS.VCL Richard Simmons Trojan
(Note: Each example also has one or two data files, an assembler file,
and a .COM file. The data file(s) are neccessary to re-create the
virus or trojan; the other files may be deleted if desired.)
How to Use V.C.L.
-----------------
V.C.L. has extensive on-line help that can guide you every
step of the way; therefore it is unnecessary to go into detail
about how to use the environment here. To call up context-
sensative help at any time press F1. More information about the
help system is available by choosing the Help command from the main
menu bar.
To run V.C.L., just type VCL (no command-line arguments) and
press Enter. To exit you can either press Escape from the main
menu bar or select the Quit command from the File menu.
Adding Routines to V.C.L.
-------------------------
Adding routines to V.C.L. is a rather straightforward process.
However some elaboration is needed as far as the type of assembler
code that V.C.L. expects.
A new effect should be standard assembler code, fully
commented whenever possible. It should contain no proc/endp
commands and should not have a RETurn. Any time that your routine
needs to exit it should JuMP to a label to be located after the
final statement. For example:
xor ax,ax
kill_time: inc ax
cmp ax,0FFFFh
je exit_kill_time
jmp short kill_time
exit_kill_time:
(Ok, this code is poorly written, but it is made to
demonstrate how to exit a routine, not how to write tight
assembler)
A new condition should be standard assembler code, again fully
commented (comments are extremely important in assembler). It
should contain no proc/enp commands, but SHOULD have a near return
at the end. The condtion should return a value in AX.
Both types of routines should be indented two columns (sixteen
spaces) and be in lower-case, to better fit with other V.C.L. code.
The segment registers (CS, DS, ES, and SS), BP, and DI should be
preserved; all other registers can be exploited at whim.
Assembling Code
---------------
Assembling code produced by V.C.L. can either be done from
within the environment or from the DOS prompt. Naturally, you must
have a MASM-compatible assembler (which is not included with
V.C.L.) do assemble any code; things like DEBUG and A86 just won't
cut it.
If you are assembling from within the environment you must
also have DOS's LINK and EXE2BIN utilities (included with most MS-
and PC-DOS configurations) in your PATH string (if you don't know
what that is then you shouldn't be playing with V.C.L.) or in the
current directory. V.C.L. will shell out to your assembler using
the command line that you set under the Configuration³Assembler
command. V.C.L. is shipped with the command-line configured for
use with Turbo Assembler (TASM), Borland's assembler, which I
highly recommend; using V.C.L. with MASM or other assemblers will
probably require some changes. After you assembler produces an
.OBJ file, V.C.L. will call LINK, then EXE2BIN the resulting .EXE
into a .COM -- V.C.L. automatically deletes unneeded files. Please
note that when you are creating a logic bomb this step is skipped,
and you will be left with an .OBJ for linking with your main
program.
The Assembler Command Line set within V.C.L. should (if
possible) contain switches for case-sensitivity on PUBLICs,
multiple passes, and no .MAP file. Single pass assemblers such as
MASM will produces unneeded NOP fixups. If possible, set any
switches required so that the assembler will not display output.
Assembling from DOS can be done however you wish. See your
assembler's documentation for more information.
Linking Logic Bombs
-------------------
When V.C.L. create a logic bomb it is actually producing an
.OBJ file that must be linked with your main program. A logic bomb
is basically a routine which will do certain things (usually
harmful) under a certain condition. For example, you could
generate a logic bomb to format all hard drives on January 1st. A
logic bomb is not a virus; it does not spread. It is a delayed-
action trojan hidden within an otherwise fully-functioning piece of
software.
To use the logic bomb you must call it from another program
and link it with that program. Depending on which language your
main program is written in, different methods will be used to call
your routine. Therefore V.C.L. must know which language you will
be using; this is set with the Configuration³Call Format command.
See the on-line help for more specifics. Then you must call the
logic bomb. Logic bombs take no parameters and return nothing. In
C they are void; in Pascal they are procedures. (BASIC is highly
variable. Consult your compiler's documentation for details on how
to call an assembler procedure.) Finally you must link the logic
bomb with your program; see your linker's documentation for
specifics.
One other nice use for logic bombs is to include them in
libraries (.LIB files). You can call the bomb from a routine in
the library that will be commonly used; then when anyone uses that
routine from your library they are also calling your bomb. If the
library proves popular you can have hundreds of unknowing carriers.
Muhahahaha.
Revision Information
--------------------
Version 1.00 (July 5, 1992)
o Initial Release.
Version 0.75 (April 23, 1992)
o Beta test version for [NuKE] members and selected
friends. If you somehow have a copy of this version
please delete it, as it doen't fully work, contains many
bugs, and isn't compatible with this and future releases.
Program Information
-------------------
V.C.L. was written in Borland C++ v3.0 small memory model,
with optimizations made for size. All viral code and external
routines included with this package were developed and tested using
Turbo Assembler v3.0 and Turbo Linker v5.0. V.C.L. incorporates
three separate source files, totaling over 4,000 lines of code.
The CXL programming library v5.1, written by Mike Smedley, was used
in development of V.C.L.
V.C.L. is self-checking, and will wipe itself from disk if any
essential executable or data file is corrupted or altered in any
way. Virus Creation Laboratory will only work on the computer upon
which it was installed. If you wish to distribute V.C.L. to
others, feel free to do so, but you must re-install from the
original .ZIP using INSTALL.EXE.
Technical Support
-----------------
If you have any questions, comments, suggestions, bug reports,
etc. concerning this or any other product written by myself,
Nowhere Man, I can be reached at The Hell Pit BBS (708-459-7267).
If you are reporting a bug, please tell me the following
information: the undesired effect (crash, failure to produce a
working virus, etc.), the conditions under which it occurred (which
options were set, etc.), the amount of free memory at the time of
the failure, and any special conditions we should know about
(running under Windows, using a non-standard video adapter, and so
on).
This and all future versions of V.C.L. will be available at
all official [NuKE] distribution sites. Upgrades to V.C.L. will be
released irregularly over time (ie: no promises as to when they
come out and what they will include).
Your Suggestions Count
----------------------
Your suggestions count. Any good suggestions by users will be
highly appreciated and will be noted if applied to future versions.
If you develop any good virii with V.C.L. I would be interested in
checking them out. Particularly good ones will be included as
examples in future versions. The same applies to add-on assembler
routines; if you develop any new routines for use with V.C.L.
please upload them to me, with comments and description, and they
will be included in subsequent versions. Any suggestions regarding
assembler code produced by V.C.L. will also be highly appriciated.
Coming in future versions of Virus Creation Laboratory:
o Appending .EXE virii
o More effects and conditions
o Boot sector virii
o Terminate and Stay Resident (TSR) virii
o Virex-Protection(C) -- defeats all TSR anti-virus
products!
o Cryptex(C) encryption scheme -- every virus produced has
its own special encryption method! No two are alike!
o Improved environment (maybe even a Windows IDE, too)
Acknowledgments
---------------
Nowhere Man would like to thank the following people for their
help in the creation of V.C.L.: Rock Steady, Kato, Rigor Mortis,
Hades, Leeking Virus, The DarkMan, Dark Angel, Mirage, Doomgiver,
Ender, and any one else I forgot to mention. Thanks for all of
your assistance and suggestions.
Greets go out to all [NuKE] members, Southern Corrupted
Programming, Phalcon/SKISM, and all virus-writers and -lovers
everywhere.
Jeers go out to John, Ross, Pat, Aryeh, Vesselin, Dennis,
Paul, and any others who profit off our work. This should more
than keep you busy for a while... A special "Fuck You" to James
Dahan, a.k.a Fat Cat (must be pretty fat since he's a one-man
"vigilante" group!). Go back to the litter box that you crawled
out of.
Conclusion
----------
Well, here it is, Virus Creation Laboratory, a program to
change forever the way virii are made. Have fun with it, but
remember to always be careful with anything your produce with it,
and be responsible in your treatment of viruses and other
potentially harmful programs. After working on this project for so
long I'm sorta' sick of all of this, so these docs are a bit
smaller than I was hoping to make them; if you have any questions
not answered by the documentation or on-line help I can be reached
at the sites listed above; I'm always willing to help. I hope you
like this program; if you do, you'll be interested in other fine
products produced by Nowhere Man and [NuKE], available at a
respectable h/p/v board near you. Thanks for your continuing
support, and enjoy!
-- Nowhere Man, [NuKE] '92
------------------------------------------------------------------------------
Look (and look out) for these fine warez by Nowhere Man:
** C-Virus My first virus, the program that proves
that C *can* be used to write good virii.
With full C source, automated creation
files, and docs. Version 3.0. Available
now.
** Itii-Bitti The world's smallest virus for it's
abilities, Itti-Bitti has all of the bells
and whistles of the fancier virii, but
Strain A is only 161 bytes (two less than
Tiny) and Strain B is only 99. With full
assembler source and docs. Available now.
** DeathCow-B A lame virus based on the original
DeathCow, a Minimal-46 variant. Made
smaller, it measures only fourty-two bytes.
With full assembler source and docs.
Available Now.
** Miniscule The world's smallest functional virus,
Miniscule is only thirty-one bytes long!
Comes with fully-commented assembler source
(great for learning the tricks of the
trade). Available now.
** Nowhere Utilities A group of fine utilities to assist you in
the development and distribution of trojans
and virii. Also great for just having
around when you need them. Check it out.
Version 1.0. Available now.
** Version 2.0 arriving late summer '92 **
** Code Zero A nice little appending .COM infector I
wrote with V.C.L. to show off it's
capabilities. Somehow Patricia Hoffman
got her hands on it, and the rest is
history. Available now.
** Kinison Another .COM appender created with V.C.L.
dedicated to the memory of Sam Kinison.
On the anniversary of his tragic death
in an auto accident Kinison "screams" at
your hard disk with devistating results.
Available now.
** Succubus One of the Undead series of [NuKE] virii,
Succubus is a non-overwriting .COM infector
written using V.C.L. When all files are
infected it gives your hard drive the
Kiss of Death then plays a funeral march
in rememberance. Cute. Available Now.
** V.C.L. Virus Creation Laboratory, the ultimate
virus utility. You choose the options,
the effects of the virus, infection rate
and type, etc. and it does the rest! No
more messy assembler coding or tedious
debugging. Also produces trojans and
logic bombs. Full professional-quality
IDE, too. A major work to redefine the
virus world. Version 1.0. THIS PRODUCT.
Reference in New Issue View Git Blame Copy Permalink