informis
/
textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
textfiles/virus/DOCUMENTATION/ps-mpc.txt

319 lines
12 KiB
Plaintext
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

PS-MPC
Pretty Slick Multimedia Personal Computer
(WRONG!)
Phalcon/Skism Mass-Produced Code Generator 0.91á
Created by Dark Angel
17 August 1992
"It's not a bug, it's a feature!"
TABLE OF CONTENTS
TABLE OF CONTENTS i
DEDICATION i
DISCLAIMER ii
PURPOSE ii
WHAT IS THE PS-MPC? 1
USING THE PS-MPC 1
NO ACTIVATION ROUTINES 1
WHY NO IDE 2
SOURCE CODE AVAILABILITY 2
PROBLEMS 2
FUTURE ENHANCEMENTS 2
HISTORY OF VIRUS TOOLKITS A
DEDICATION:
The author hereby releases this program and its source code into the
public domain as "freeware." All code generated by the program must,
however, retain the designation of said program, although all other parts
may be modified at the user's discretion. The author dedicates this
program to both the virus and anti-virus communities, both of which profit
from the introduction of the Phalcon/Skism Mass-Produced Code Generator.
Thanks are due to NoWhere Man for his excellent program VCL, which
served as the inspiration for this package.
PS-MPC Documentation - i - Phalcon/Skism 1992
DISCLAIMER
This program may cause either the intentional or unintentional
disruption of normal brain wave activity of the user due to the extreme
shock quality of the program. The author hereby absolves himself of all
liability. Persons with pacemakers beware!
The code produced by the Phalcon/Skism Mass-Produced Code Generator
is not designed to be damaging; however, the author is not responsible for
incidental damages caused by use of the program. Further, the author is
not responsible for damages caused by changes to the code generated by the
PS-MPC. The author does not condone the illegal spread of executable code
created in part by the PS-MPC. All source code and executable files
created with the aid of the PS-MPC must be distributed with the recipient's
full knowledge of the contents. Malicious use of the code is strictly
prohibited.
PURPOSE
The Phalcon/Skism Mass-Produced Code Generator is not designed to
create malicious code; rather, it is a learning tool from which a person
may learn to write effective viral code. The code generated by the PS-MPC
is highly optimised for both size and speed and is therefore the code
generated can be used by the fledgling virus writer as a model for future
endeavours.
PS-MPC Documentation - ii - Phalcon/Skism 1992
WHAT IS THE PS-MPC?
The Phalcon/Skism Mass-Produced Code Generator is a tool which
generates viral code according to user-designated specifications. The
output is in Masm/Tasm-compatible Intel 8086 assembly and it is up to the
user to assemble the output into working executable form. The features of
the PS-MPC include the following:
o Over 150 encryption techniques, randomly generated during each run of
the PS-MPC
o Compact, commented code, much tighter than VCL
o COM/EXE infections
o Both resident and nonresident viruses
o Two types of traversals for nonresident viruses
o Three types of high memory residency routines for TSR viruses
o Optional infection of Command.Com
o Critical error handler support
USING THE PS-MPC
The syntax of the PS-MPC is simple:
PS-MPC <file1> <file2> <file3>...
The parameters given to the PS-MPC are the names of the configuration
files. For example, to create two separate viruses using the configuration
files FOOBAR1.CFG and FOOBAR2.CFG, simply type "PS-MPC FOOBAR1.CFG
FOOBAR2.CFG" at the prompt.
The configuration file is a text file containing a set of parameters
which define the output of the PS-MPC. A sample configuration file,
SKELETON.CFG is included with the package. This configuration file
contains all the acceptable parameters to the PS-MPC. It also includes the
defaults to each of these parameters. The configuration file is self-
explanatory, so there is no need to go into further detail at this time.
When the Generator has completed creating the source code file/s,
simply assemble the output file/s with your favorite assembler/linker
combination. A multi-pass assembler is recommended. Masm is a poor choice
for an assembler; try Tasm. Masm requires the code to include extra
segment overrides which unnecessarily add to the code length. Masm 6.0 may
fix these problems (I'm not sure since I don't have it). Tasm, on the
other hand, is an excellent, fast, multipass assembler far superior to
Masm.
When linking resident viruses, it is important to have EXE2BIN or an
equivalent. For ease of coding, resident viruses are generated with org 0.
However, TLink refuses to generate a COM file from the OBJ. Simply create
an EXE file and run it through EXE2BIN. Note that some options are not yet
available with resident viruses. This will be fixed in the next release.
NO ACTIVATION ROUTINES
I have not included any activation routines in the package simply
because I do not think the power of creating potentially-destructive
viruses should be in the hands of persons incapable of coding a simple
activation routine in assembly. If you can rip a simple FAT-annihilator
out of another trojan, then I cannot stop you from doing so. But just
remember that the most memorable viruses are not necessarily those that
cause the most damage, but are usually those that have unusual activation
PS-MPC Documentation - 1 - Phalcon/Skism 1992
routines.
Upon finding activation conditions, the PS-MPC will generate a short
stub for the activation routine. This is located immediately after the
code for the restoration of the executable files. It is identified by the
label "activate" and is followed by a return. Insert your own activation
routine between those two lines.
WHY NO IDE (Integrated Development Environment)
Everyone agrees that Microsoft Windows is for cripples. Obviously,
you, the user of the PS-MPC, are no cripple, so you need no puny IDE with
colourful, deluxe windows to aid you. If you are a cripple, go ahead and
create the configuration file in your favorite Windows text editor. Hell,
port the code to the Macintosh and you can be truly crippled (although
you'll have your pretty windows and icons).
SOURCE CODE AVAILABILITY
This program is distributed with full source code. Although the
source should be self-explanatory, I have gone back and commented several
portions in order to facilitate understanding. The program was written in
Turbo C 2.0 and compiled in the tiny memory model. Make sure the unsigned
characters option is on or else the code will not compile properly. It is
in the Options/Compiler menu. I trust that you will not hack this program
and call it your own. Source code is available only because I think it
will aid in your understanding of the program.
If you make any improvements to the source code, please show me a
copy; I may incorporate the changes into the next release of the PS-MPC.
Please note the changes in the source.
PROBLEMS
This program was written hastily. The bulk of the coding was
completed in under two days. Features were added by the process of
accretion during the following week. Needless to say, the code is now
extremely unmanageable. If there is enough interest in the package, I will
rewrite it in order to alleviate the strain caused in maintaining such
code. This will help in adding features as the need arises.
Version 0.91á is somewhat better coded than 0.90á, but I will be
continuing to work on improvements as time permits. Please report any bugs
to me and I will send you a fixed version as soon as I can.
FUTURE ENHANCEMENTS
As you may have already noticed, this is a pre-1.0 release version of
the Generator. There are several features which I wish to add before
version 1.0. These include, but are not limited to limited stealth
techniques, padded-EXE infections (shorter routine), and better
documentation(!). A few surprises will be thrown in as well. I do not
plan on increasing the size of the PS-MPC.COM file dramatically, so with
every addition will come code to keep the increase in file size to a
minimum. I do not intend to devote too much time to the project as I
personally don't actually use the generator to spew out code for the group.
PS-MPC Documentation - 2 - Phalcon/Skism 1992
HISTORY OF VIRUS TOOLKITS
The first known virus toolkit was called VCS, or Virus Construction
Set. This program generated a new virus each time it was run. However,
there were no code differences at all between any two viruses generated by
VCS. All viruses generated were 1077 bytes in length and all could be
detected with the identical scan string. The advantage in this approach
was that the user needed absolutely no knowledge of 8086 assembly to take
advantage of this program. This program of limited usefulness spawned only
one well-known variant called Manta. It is not even worth mentioning here.
The second virus toolkit was CrazySoft, Inc.'s Dark Avenger Mutation
Engine (MtE). This magnificent work of Bulgarian coding allowed virus
authors to create viruses with an almost limitless number of decryption
routines. Although the author needed to know how to write 8086 assembly
code, no knowledge of the inner workings of MtE save the entry parameters
was needed to use this toolkit. It has since spawned several viruses,
including Dedicated, Pogue, Fear, and Groove.
The next virus toolkit to be released was VCL, or Virus Construction
Laboratory. This was written by NoWhere Man of NuKE. This toolkit allowed
the user many options, including the creation of parasitic COM infectors,
spawning EXE infectors, trojan horses and logic bombs. Since it could only
handle parasitic infections of the COM file format, it was of limited
usefulness. Additionally, it incorporated only one decryption formula,
once again limiting its usefulness. Further, the initial release included
a quirky installation program which failed to install properly under
certain conditions. However, this package contained a colourful IDE
loosely based on the Borland interface. This IDE was incredibly simple to
use and even the average Joe could understand how to use it without
understanding 80x86 assembly. Unfortunately, the activation routines
included with the package were of limited usefulness. Most of these
involved manipulating the BIOS memory area at segment 40h.
PS-MPC Documentation - A - Phalcon/Skism 1992
Reference in New Issue View Git Blame Copy Permalink