informis
/
textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
textfiles/virus/DOCUMENTATION/ivp.txt

276 lines
13 KiB
Plaintext
Raw Permalink Blame History

|**************************************************************************|
| Beta For Version 2.0. For YAM members only. DO NOT DISTRIBUTE!!! |
|DO NOT REMOVE ANY PARTS AND DISTRIBUTE! EVERYTHING MUST BE KEPT IN WHOLE!|
| Please Report Any Comments/Bugs/Suggestions To ADMIRAL BAILEY!! A.S.A.P. |
|**************************************************************************|
ÜÜÜÜÜÜÜÜÜÜ ÜÜÜÜ ÜÜÜÜ ÜÜÜÜÜÜÜÜ
Û ±² Û Û Û Û Û Û °± ßÜ
ßÜÜ ²° ÜÜß Û Û Û Û Û ±ÛßÜßÜ Û
ÜÜÜ Û °± Û Û Û Û Û Û ²° ÜÜÜß ÜÜÜ
Û°±²Û Û ±² Û Û Û Û Û Û °± Ûß Û²±°Û
ßßß Û ²° Û Û Û Û Û Û ±² Û ßßß
Üßß ±² ßßÜ Û ²°± Û Û ²° Û
Û °± Û Û °±² Û Û °± Û
ßßßßßßßßßß ßßßßßßß ßßßß
-/- INSTANT VIRUS PRODUCTION KIT -\-
v1.7
By Admiral Bailey [YAM]
ÄÄÄ[ TABLE OF CONTENTS ]ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
þ Disclaimer
þ Intro To The IVP
þ Features in the IVP
þ How To Use The IVP
þ About the Configuration File
þ All about the routines.
þ A Note About the Code Produced
þ In Case of Errors
þ Future Enhancements
þ Greets Goin' Out To...
ÄÄÄ[ DISCLAIMER ]ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
Admiral Bailey and the Youngsters Against McAfee (YAM) are not responsible
for any damaged in whole or in part done by the Instant Virus Production Kit,
or any code that is generated by the IVP.
ÄÄÄ[ INTRO TO THE IVP ]ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
Welcome to v2.0 of the Instant Virus Production Kit. Over the last few
months I have gotten a lot of suggestions from different people. I have
tried to encorporate them all in order to suit the needs of the users. I
have also added in a couple of options that I though would be useful. Well
anyways enjoy. And if you ever want to get a hold of me you can reach me on
The Full Moon (YAM WHQ).
ÄÄÄ[ FEATURES IN THE IVP ]ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
Here are a list of the features in the IVP.
WERE THERE BEFORE
~~~~~~~~~~~~~~~~~
þ .EXE/.COM file infection (also has both)
þ Trojan support
þ Directory Changing (Dot Dot Method)
þ Encryption On Everything
þ Error Handling
þ COMMAND.COM infection
þ Overwriting Option
þ Random Nop generator
- Sticks nops at the beginning randomly to prevent McAfee from
making a direct scan string.
ADDED IN SINCE v1.0
~~~~~~~~~~~~~~~~~~~
þ Fixed up the code generated.
þ Minimum/Maximum file size checking
þ Infection Counter
þ Random First Pointer
- Where you see the pop XX/sub XX,offset is all random. Another
Anti-McAfee thing.
þ Random encryption.
- Yet more anti-scanner features. About 4 different encryption
routines randomly used. Not to mention the changing of
registers.
þ Automatic Virus Compilation. If you want a quick one.
þ Fixed up code.
þ ID code for both .COM and .EXE infectors.
þ Choice of size for compiled file.
þ User enters strings to be displayed.
þ Controlled Activation.
þ Use of routines.
ÄÄÄ[ HOW TO USE THE IVP ]ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
Its really not that hard. All you do is edit out the configuration file
that has been included to match your specific needs. When done, execute the
IVP with the name of the configuration file on the command line. The rest is
self explanitory.
ÄÄÄ[ ABOUT THE CONFIGURATION FILE ]ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
Below is a detailed explanation of each option that is available in the
configuration file. The format of each option is a letter with a equal sign
and the option following. A sample configuration file is included. Also be
very careful with the syntax in the IVP configuration file. When I made the
program read the file I did it in a non error checking way. That means that
it doesn't really check if a command is wrong if a command is missing or a
command has the wrong syntax. So make sure you enter everything and its done
correctly or the virus that is produced may not compile.
þ A - Specifies the name of the author.
- Ex. "A=Admiral Bailey"
þ B - Specifies if you want the virus to replace INT 24h. If yes then any
- writes to a write protected disk will be ingnored and aborted.
- Ex. "B=Y"
þ C - Specifies if you want your virus to infect COMMAND.COM.
- If no then any 8 character file ending in 'ND' will not be infected.
- Ex. "C=N"
þ D - Specifies if you want the virus to change directories.
- If yes then the directory changing will be done the '..' way. Where
- the virus will step up one directory closer to the root each time.
- Ex. "D=Y"
þ E - Specifies if encryption or no encryption is to be used.
- No encryption reduces the size of the virus.
- Ex. "E=Y"
þ F - Specifies the file name that all the output will be written to.
- Ex. "F=TEST.ASM"
þ G - Specifies what to do with the file.
- O=Overwriting, A=Appending
- Ex. "G=O" or "G=A"
þ H - Specifies the largest size of a file to infect. Ex. If you specify
- 3000 then your virus will not infect any file over 3000 bytes.
- Put a zero here to disable this option.
- Ex. "H=64000"
þ I - Specifies what type of files to go for.
- C=Com, E=EXE, B = Both (Exe and Com), T=Trojan
- Ex. "I=B"
þ J - Specifies the smallest size of a file to infect. Its the opposite of
- above.
- Ex. "H=20"
þ K - Specifies if you want an infection counter and if so how many files
- maximum should the virus infect each time run.
- Ex. "K=5" - infect 5 files each time run.
þ L - Specifies if you want the IVP to automatically compile your virus into
- a working .COM file. You must specify the path of the TASM.EXE and
- TLINK.EXE. If you don't want it to compile then put a '0' instead of
- the path.
- Ex. "L=c:\tasm" or "L=0"
þ M - This option allows you to specify what size you want the virus to be
- when compiled. Good for when you want to hide the virus in a big file.
- Don't be stupid and enter a stupid size. Be resonable. Ex. don't enter
- a size of 300 when you know that the virus alone will be bigger then
- that. Use something like 24000 for a 24k file. Whatever you choose
- the file size will come out to be your size + size of the virus.
þ N - This allows you to enter the strings you want displayed. For each line
- you want displayed enter a new command. For example:
N=Hello World!
N=How are you today?
- would display
Hello World!
How are you today?
- You can enter a maximum of 5 lines. If you want more then edit out the
- source that is produced. Also if you use an apostrophe then the
- program may give an error when compiling. Use two apostrophe's to
- correct this problem.
þ O - Now these are a set of instructions ranging from O1 to O7. They are
- all for the activation. You specify the conditions here. More
- explanation is in the CFG file.
þ P - With this option you are allowed to include routines into your virii.
- See the section on routines for more info.
þ V - Specifies the name of the virus.
- Ex. "V=A Test Virus!"
þ W - Is for the ID code used by virii.
- It can only be (and must be) two characters.
- Ex. "W=AB"
ÄÄÄ[ ALL ABOUT THE ROUTINES ]ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
Different routines in a virus are practically what make a virus unique.
It's not that it can infect COM or EXE files. It's that it will display
entertainment to the victim. For example the CASINO virus. The most unique
virus I have ever seen. It destros the FAT table and keeps a copy in
memory. Then forces the victim to play a game. If the victem loses. Bingo.
Hat's off to the writer of that. Anyways in this version of the IVP I have
an option where you can include routines into your virii. Even with all
these options the source may still need some editing to produce a quality
virus. You can use the routins provided or you can create your own. All
routines are put into the activate procedure. From there they can be
activated if you use the activation routines or not. To get the routines
working perfectly you will have to have the syntax in the configuration file
perfect or else it will screw up. I will fix this problem in later versions.
But for now this is how it goes. You may specify more than one routine. To
do this just repeat the command. Up to a maximum of five routines may be
used.
Config File Syntax
~~~~~~~~~~~~~~~~~~
'P' is the routine command. With this at first you specify the name of the
file (Ending in .RTN) that contains your routine. This file MUST be located
in the routines directory for the virus to compile. The syntax MUST be
perfect for this to work. First you must specify the P command with the
filename of the routine. After that you will have to declare any registers
with any values your routine needs. These declarations must be inclosed
within a :START and an :END command. (NOTE: START & END must be in upper
case). The syntax for register declaring is as follows: register,value.
Anything different and the source will not compile properly. Do not put any
comments between the P command and the :END command. It will mess up the
source also. If your routine uses no registers then don't declare any.
An example of all this is as follows:
; Phasor routine with 5 shots.
p=phasor.rtn
:START
cx,5
:END
Creating Your Own Routines
~~~~~~~~~~~~~~~~~~~~~~~~~~
You would be able to figure this out even without the doc's but for all the
idiots out there that insist here we go. To create your own routine just
write it up in regular assembly code and put it into a file with the
extention of .RTN. Then stick this routine into the Routines Directory with
the others. If your routine needs any special register values then make note
of them. Other wise your routine is ready for use. Feel free to create
routines of your own and distribute them as a routine add on. Just be sure
to give credit where credit is due.
ÄÄÄ[ A NOTE ABOUT THE CODE PRODUCED ]ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
As I said before .. all the code produced from the IVP may not be 100%
perfect or 100% perfect. Some may compile but when run it may not work. If
you ever come across this problem then contact myself or a fellow YAM member
and give him a sample of the config file you were using. And I will try to
fix this problem. So I just have a couple a notes about the code.
TROJANS
~~~~~~~
If you put encryption on it the code produced will not be encrypted the
first time. To get an encrypted copy do the following. Change the value in
the encryption value. Load the file into debug. Keep a record of the value
in the cx register. Trace the program through the encryption routine after
the return statement. Clear the bx register and put the value back into cx.
Then type 'w' and write the file back to disk. Now you have a working
encrypted copy of the Trojan. To do this you will need a knowledge of debug.
VIRII
~~~~~
All encrypted Virii should be run at least once to get another file
infected with a copy of the encrypted virus. Use the dummy file to infect
and get an encrypted file. Make sure it is the right size.
ÄÄÄ[ IN CASE OF ERRORS ]ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
The IVP has not been tested fully. Just a basic test on different sources
produced. So I do not guarantee that the sources produced are 100% workable.
Its just here to help you to create your own, ahh who cares. Have a blast
creating new varients. But if there is an error then contact me and tell
me the error and give me a copy of the Config file. Also if you have any
enhancements to the code feel free to let me know.
ÄÄÄ[ FUTURE ENHANCEMENTS ]ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
You will see what will be put in in the next version. Whatever I do put
in I will try to keep in mind to keep the size down. One thing is TPE
(Trident Polymorphic Encryption) compatibilities. MTE is almost 100%
scannable and this is a new and better one. And Debug/Dissassembler killing.
Thanks to Napoleon.
ÄÄÄ[ GREETS ]ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
Greets going out to...
Soltan Griss - Can't wait to see the funky add on's.
Napoleon - Whassup Z. Anyways keep the suggestions comming.
YAM Members - Hey guys...
Gompa - What's up... thanks for spreading v1.0.
And everyone else..
- ADMIRAL BAILEY [YAM] -
Reference in New Issue View Git Blame Copy Permalink