Win Api and assembler virus coding.

[SigmaStrain]

Okay, I'm going to be completely honest. I've taken up virus writing. I know, it's wrong but I don't care ;) lol but seriously I have a question about winapi calls and 32 bit assembler.

Most of the tutorials I have come across only deal with the coding of 16 bit DOS viruses. I'm looking to begin the coding of a 32 bit windows virus. So far, I've only been able to code a simple over-writer and that's hardly cool at all. My main questions are as follows:

1. Is there any way to open a file in 32bit assembler without using WINAPI function calls?

2. How do I change the current working directory using either WINAPI function call or some other method in 32bit assembler? (I could probably do a quick search but it's 1 in the morning and exams are tomorrow)

3. Assuming I have used WINAPI function calls to open a file and I have stored the file handle in a variable called hFile, how exactly do I go about overwriting certain parts of the file as opposed to just the beginning?

4. Is there still a disk transfer address in 32bit windows?

Any help would be greatly appreciated.

[nullArray]

I know, it's wrong but I don't care

*sigh*

[SigmaStrain]

oh come on. I didn't ask for tips on "writing a virus and then infecting a lot of people" I mostly want to learn this for the sake of learning it.

[digip]

oh come on. I didn't ask for tips on "writing a virus and then infecting a lot of people" I mostly want to learn this for the sake of learning it.

http://msdn.microsoft.com/en-us/default.aspx

http://www.google.com/webhp?hl=en

Good luck.

[nullArray]

http://msdn.microsoft.com/en-us/default.aspx

http://www.google.com/webhp?hl=en

Good luck.

*cheer!*

[SigmaStrain]

Thanks. In my search I was actually directed through many of those website (especially google lol) and was able to learn quite a bit and even find some legitimate source code examples =). But seriously, I did come here for some help or maybe a push in the right direction and I understand that this is not a black hat forum or anything but I don't really see the point in treating someone like some sort of idiot just because they asked a simple question about a topic that might not be 'legit' by your standards.

If you must know, I intend to learn how to code viruses for the simple sake of learning in order to increase my overall programming ability.

Please, if you have any legitimate suggestions I would love to hear them. If you don't have anything to add then please leave this topic alone.

Thank you.

[aeturnus]

Okay, I'm going to be completely honest. I've taken up virus writing. I know, it's wrong but I don't care ;) lol but seriously I have a question about winapi calls and 32 bit assembler.

Most of the tutorials I have come across only deal with the coding of 16 bit DOS viruses. I'm looking to begin the coding of a 32 bit windows virus. So far, I've only been able to code a simple over-writer and that's hardly cool at all. My main questions are as follows:

1. Is there any way to open a file in 32bit assembler without using WINAPI function calls?

2. How do I change the current working directory using either WINAPI function call or some other method in 32bit assembler? (I could probably do a quick search but it's 1 in the morning and exams are tomorrow)

3. Assuming I have used WINAPI function calls to open a file and I have stored the file handle in a variable called hFile, how exactly do I go about overwriting certain parts of the file as opposed to just the beginning?

4. Is there still a disk transfer address in 32bit windows?

Any help would be greatly appreciated.

I'll begin by saying that I didn't really read your post, or the subject. I did read your questions however, and I think it's awesome that you have the audacity to ask for help on something you openly admit that you could figure out yourself but you're simply too lazy (see number 2). So keeping with the spirit of this topic that you've all ready set up, here are my answers, in no particular order (Sure, I could probably number them accordingly, but really, it's 10:30PM and I don't have anything to do tomorrow). And what is an over-writer? I think, in general, you tend to use phrases and terms you don't really understand. You should probably avoid doing that.

A. Assume functions like fseek don't exist, you can just do what you know. Read the buffer, then write it out modding the area you want.

B. Not sure what you're looking for here.

C. The API call will be the same no matter the language you use. Including statements like "is there an API I can use in assembly" is silly.

D. Sure, but it really depends on where you cut off the WinAPI.

[H@L0_F00]

Thanks. In my search I was actually directed through many of those website (especially google lol) and was able to learn quite a bit and even find some legitimate source code examples =). But seriously, I did come here for some help or maybe a push in the right direction and I understand that this is not a black hat forum or anything but I don't really see the point in treating someone like some sort of idiot just because they asked a simple question about a topic that might not be 'legit' by your standards.

If you must know, I intend to learn how to code viruses for the simple sake of learning in order to increase my overall programming ability.

Please, if you have any legitimate suggestions I would love to hear them. If you don't have anything to add then please leave this topic alone.

Thank you.

You will get no help here for legal and moral reasons... You admitted you were creating a virus (first mistake) then you asked for help creating one (second mistake) and then, even though you realized that nobody will help you, you asked for help again (third mistake)...

Nobody will/should help you here... that would associate them with you and therefor making themself an accomplice to your virus making. Who knows if you are going to try to infect other computers with this "virus"... Nobody should believe you.

good day sir

[stingwray]

God! What a load of complete idiots you have here.

There is nothing wrong with writing viruses, releasing them into the wild and trying to cause damage is the problem. If you find this interesting SigmaStrain then keep going at it.

As for the rest of you, shut up if you don't have anything constructive to say. I'm looking very hard at nullArray. The guy asked good and complete questions. You want to get your little flame stick out for the person that posts "I want to write viruses, how?" then sure, and I'll join you. But the guy has taken a little time to think about his question and structure his post. Thats more than I normally see on this forum.

As for H@L0_F00, I'll remember your post here for this question, and make sure that I flame and don't answer your question in any of your threads from now on. Because well I don't think anyone can trust you, for being you.

I'm sorry SigmaStrain that I don't know much in the area that your asking for help in, i try to stick to the Linux/BSD/OSX platforms and ignore Win32. Good luck with your project though, and if no one is knowledgeable about it here or no one but idiots carry on posting then I hope you find the answers through your own research.

[SigmaStrain]

Ok I would like to thank those who politely answered my questions (lol seems like not many people at the moment) and before continuing I would like to state a few things.

I know a lot about the subject I am speaking of and already have developed several viruses (none released of course) and that was back in the DOS days. I decided to re-visit this area in order to learn a thing or two about The Win32 architecture and some other select things.

An overwriter is a virus that does not perform any delta offset calculation and does not attempt to hide itself in any way. The virus simply opens a file and writes itself into the file and then closes the file. Pretty simple to understand from the name. And yes, if you google it (which someone very kindly suggested earlier) then you would find it. Here, I'll make things easy on you and include the URL of a TUT I found (TUT means tutorial for those interested).

http://mirror.sweon.net/madchat/vxdevl/vdat/tumisc25.htm

;) take a good read

And legal/moral issues?? LOL don't make me laugh, please, On a forum that openly discusses "gaining root access on windows 2000" or makes videos about "usb hacksaws" what a joke. I can't remember (don't feel like going back to see the person who said that) who said that but please, could you be any more... Dare I even say?

Listen people. I don't know where you got your manners from but I have been very polite with you and asked a very simple question. I wanted to know about WINAPI functions. (Btw if you read my post you'll see that I never asked if there was an API for assembly the person who suggested that needs to put his glasses on and actually READ) Yes, the intended purpose is to write a virus. I will not be dishonest with you and I don't really care if you judge my endeavors or not. I was even kind enough to politely ask that if you didn't have anything to add then to just leave this post alone. I don't really know where you got the idea that you should openly insult me for a question.

Also, you'll excuse me for asking a quick question at 1 in the morning after studying for exams all day and doing a ton of research on the subject myself.

Listen, I don't know where all of this hostility is coming from and, to be honest, I'm kind of new on these forums so I would like to take the time to apologize for any wrong doing that I may have committed or any offensive or rude behavior that made some of you on this forum lash out at me so fervently.

I sincerely hope that if someone has any answer, they will post it. Otherwise, I'd rather not be flamed by people I'm just getting to know.

Thank you for your time.

[aeturnus]

I know a lot about the subject I am speaking of and already have developed several viruses (none released of course) and that was back in the DOS days. I decided to re-visit this area in order to learn a thing or two about The Win32 architecture and some other select things.

It doesn't seem like you do, and that might be the source of your problem finding help here. Also, are you looking to learn about the Win32 architecture or the Win32 API? You might be better served by the OSR pages if you're looking for architecture help.

An overwriter is a virus that does not perform any delta offset calculation and does not attempt to hide itself in any way. The virus simply opens a file and writes itself into the file and then closes the file. Pretty simple to understand from the name. And yes, if you google it (which someone very kindly suggested earlier) then you would find it. Here, I'll make things easy on you and include the URL of a TUT I found (TUT means tutorial for those interested).

http://mirror.sweon.net/madchat/vxdevl/vdat/tumisc25.htm

Seems pretty useless by today's standards. I guess that kind of thing was helpful back when you knew something about computers, eh?

Listen people. I don't know where you got your manners from but I have been very polite with you and asked a very simple question.

No you haven't. And I think you essentially got the same sort of courtesy you gave.

I wanted to know about WINAPI functions.

Then you got your answer from whoever suggested the MSDN. It really is the best resource for how to use the WinAPI, including function prototypes, articles, examples, etc.

Also, you'll excuse me for asking a quick question at 1 in the morning after studying for exams all day and doing a ton of research on the subject myself.

Boo hoo. You did some research and were all tuckered out. Cry me a river.

I'd rather not be flamed by people I'm just getting to know.

Then maybe don't start a topic you know will get you flamed? Regardless of how you feel about the topic, you know how others feel about it, and should have expected responses like those from H@L0_F00 (it doesn't appear to me that anyone before him was openly hostile). Maybe you were a bit too quick to retaliate?

[SigmaStrain]

I have been courteous. I thanked you for your time and politely asked for some assistance. I am obviously new to these forums and I didn't know it would be an obvious flame topic. I'm white hat and just trying to learn. Obviously, from your responses, this forum doesn't really tolerate virus coding topics (at least the users don't) From now on I will be more careful about what I ask about and make sure it doesn't bother anyone.

Basically, I can't ask any questions about things I am truly interested in because that would be just wrong. Apparently. Clearly, you have shown me that saying please and thank you and apologies for harm done is still a very disrespectful way to conduct oneself. And, along those lines, posing a very specific question is grounds for belittlement and just plain rudeness because you obviously broke some unwritten rule that you weren't aware of so therefor you're quite the rude one.

Thank you. I have been officially given my first crash course in what Hak5 is all about... or at least when it comes to virus coding. As I said earlier, I will be more careful in the future.

Thank you for your generous replies =).

[aeturnus]

Thank you for your generous replies =).

I'm sure I can't speak for everyone, but from me: Np, glad to help :)

[SigmaStrain]

Boo hoo. You did some research and were all tuckered out. Cry me a river.

sigh... just can't win here...

[rikkymowse01]

^_^ Hey, here is a link to any and all info you may want regarding this subject including source code examples. Enjoy. vx.netlux.org