informis
/
textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
textfiles/virus/DOCUMENTATION/pmew.txt

118 lines
3.7 KiB
Plaintext
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

Phantasie Mutation Engine for Windows <tm> Version 0.00
Written by Burglar in Taipei, Taiwan. (95/07/16)
1. License
You are free to include this Engine in your Windows virii, and
your Windows virii don't injure anything. Injure anything is
prohibited.
2. How to use it
when you want use it, you must declare below at first in code
segment.
EXTRN PMEW:NEAR, PMEW_END:NEAR
Then you write your Windows virii as usual. When you need to
encrypt the code, you just call the Engine. Put the following
instruction in your code:
CALL PMEW
You also need to supply the parameters for the Engine. They are
passed in registers. Results are also passed in registers.
Of course, you must link the PMEW.OBJ module to your Windows virii
!
PMEW_END labeled the tail of your virii that includes the engine,
and you can use OFFSET PMEW_END to get the length of your Windows
virii that includes the engine.
3. Input parameters
All parameters are mandatory. Description follows:
ES:DI => Work space
The Engine needs work space. For placing product (decrypt code
& encrypted code) which is generated by PME/W.
DS:SI => Code to encrypt
On entry, just set DS:SI to point to the code you want to be
encrypted.
CX = Length of code to encrypt
On entry, just set CX to the length of the code you want to be
encrypted.
DX:AX => Relocation fixup information
When your virii has relocation records (such as you may call the
Windows APIs to do something, or your virii will pass control to
host program via intersegment jump, etc.) , you have to pass
pertinent information to PME/W.
Format of relocation fixup information:
Offset Size Description
00h WORD number of relocation items
02h 2N BYTEs relocation items
Offset Size Description
00h WORD offset within segment
ATTENTION!
Your Windows virii must be zero start! (i.e. begin running with
CS:0000)
4. Results
The Engine returns the following values in registers:
(all other except for the listed below will be PRESERVED)
CX = Length of the decryption routine
CX now has the length of decryption routine.
ATTENTION! (mere length of decryption routine)
The product (decryption routine & encrypted code) which generated
by PME/W is placed in Work space (i.e. pointed by ES:DI)
5. Final Notes
SPECIAL THANKS:
qark (for your Windows infection theory & WinSurfer)
quantum (for WinSurfer & grin me !@#$%^&*)
metabolis (for leading vlad magazine & tons of stuff)
malware (for NE format detail)
lookout (for tons of stuff)
kdkd (for tons of stuff & blah.gif - fxxx with horse !@#$%^&*)
horde (for tons of stuff - cvdq.arj)
dread (for giving me a account in Russia)
theora (you are the only one female interested in virii, could you
be my girl friend ?!)
slash (hehe... my teacher & confident)
Well, that's for now. No time for more. No demonstration program
.
Pass the Engine (all files together in an archive) to Windows virii
programmers.
Greetings to all virii programmers
Burglar
Taipei, Taiwan.

Reference in New Issue View Git Blame Copy Permalink