52 lines
1.7 KiB
Plaintext
52 lines
1.7 KiB
Plaintext
|
|
|
|
ûirogen's VPCSCAN v2.93 Signature Extractor v1
|
|
Ä8-23-94ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
|
|
|
After writing ûirogen's TBSCAN.SIG Phile Reader, I decided to go ahead
|
|
and write a similar utility for Virex PC's VPCSCAN. It wasn't nearly
|
|
as phun, but none-the-less here it is. Should be self-explanitory and
|
|
work phine. Note that this will only work with version 2.93, you'll
|
|
need to change the offsets in the source code and recompile for newer
|
|
versions.
|
|
|
|
|
|
To use: Run VPC293SG with VPCSCAN.EXE in the same path, - you may want
|
|
to redirect the output to a phile.
|
|
|
|
|
|
Technical Info
|
|
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
|
|
|
There really isn't any encryption involved, however every byte of the
|
|
signatures is incremented so that VPCSCAN won't detect it's own
|
|
signatures. The names and signatures are stored in null separated
|
|
fields, which is really useless considering that some of the viral
|
|
signatures contain 0s too. I used a logic-type approach to determine
|
|
if a new field was beginning, or if the null was just part of the virus
|
|
signature. I'm sure there's a structure of pointers somewhere, but I
|
|
don't pheel like phooling with it.
|
|
|
|
|
|
|
|
Call now, call today
|
|
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
|
|
|
If you're looking for more of the NEWEST and BEST virus and hacking
|
|
information call the Adjacent Reality at 615.586.9515. Imagine, a board
|
|
without the normal bullshit. No, I don't have 5 gigs, two nodes,
|
|
4 megs of ram, or really kewl 30k ANSIs ..
|
|
|
|
|
|
|
|
Bis spater
|
|
ûirogen
|
|
|
|
|
|
History
|
|
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
|
v1 - 08-23-94 - Original Release for VPCSCAN v2.93
|
|
|
|
|
|
|