eisbaer
5b54291b73
|
||
|---|---|---|
| pic-peter | ||
| LICENSE | ||
| README.md | ||
| aaa.c | ||
| aaa.h | ||
| export.c | ||
| export.h | ||
| infect.c | ||
| infect.h | ||
| main.c | ||
| make_write.c | ||
| pe.h | ||
| peb.c | ||
| peb.h | ||
| stdfuncs.c | ||
| stdfuncs.h | ||
| stub.asm | ||
| test.c | ||
| virus.c | ||
| virus.h | ||
| winfuncs.h | ||
| zzz.c | ||
| zzz.h | ||
README.md
This is my virus writing framework. Everything is position independent. (that's why strings are so stangely formated ;) ) You can load it everywhere in memory and still call stdlib or winapi functions and all the other functions like infect_devices() and so on.
To compile it use the following order of source files: gcc aaa.c main.c rest zzz.c
The compiling process is a bit hacky because we need to make gcc put the start() function at the beginning of the .code segment and the end() function at the end of the code segment. That way we can calculate the virus size while executing and don't have to use a hard coded size. A second advantage is the above mentioned position independence of the virus resulting from that.
peb.c calculates the address of the kernelDll in memory export.c and stdfuncs.c are used to get the addresses of winapi and stdc functions. infect.c and virus.c do what the names make you expect. the pic-peter folder is the PEter library in pic.
This code is not a ready to compile virus but rather some c code for virus exchangers/writers to look at and take ideas from.