Helpful Virus Writing Tools By Horny Toad This list of virus writing tools is primarily for beginners. If you are already an accomplished programmer, you know what tools that you need to code successfully. If you are a beginner, look at this list and try to acquire everything that I recommend. There might be other substitutes for items on the list that do the same thing, but you will not go wrong if you use my suggestions. If you need help finding where to download these tools, just email me. But as SPo0ky always recommends, get familiar with search engines, they can be very helpful in finding useful stuff on the web. - TASM 5.0 (Assembler) - Borland's Turbo Assembler is the best there is. I have included an old version of TASM in the first edition of the mag, but I strongly recommend that you acquire the most up-to-date version. Version 5.0 has many 32-bit assembly utilities including a 32-bit debugger. There are also many very useful text files in the full-blown version. These text files include an in-depth reference on the many versions of assembly and the use of TLINK, TD, and TASM. - SOURCER - by V Communications. Look for version 4.04 or better. This program is a disassembler. It allows you to generate assembly code from EXE and COM files. The output code is not optimized, but it does show the basic operations of a program. It also shows such information about the program like the interrupts that the program uses. - Good AV programs. I use a variety of AV programs due to the fact that each of them has exploitable weaknesses. In future editions of the Codebreakers magazines, we will be discussing ant-anti-virus programming. - W32Dasm - by URSoft. For you Windows programmers, this is an awesome disassembler. It allows for 16 and 32-bit program disassembly, including the NE and PE file formats. You can easy search through the disassembled code for individual parts of the program listing. Get it! - Ralf Brown's Interrupt List is a must for all assembly programmers. Simply put, it is the most complete documented interrupt list available. Brown has also included many other references for the programmer to use in assembly coding. This list is very long, so download time can be a bitch, but it is well worth it. - Cicatrix's VDAT is the most awesome collection of virus information around. Whether you get the Windows version or the older ones, you will be guaranteed many nights of good reading, virus writing utilities, and very helpful reviews. - You can never have too much source code. Collect as much source code as you can find. Go to the Codebreakers site and download our virus collections and other zipped files filled with code. Take a virus a night and look at it, dissect it, and learn the virus writer's techniques. - Virus Mags - Yes, I am recommending that you read other mags. Take a look at such mags as 40Hex, VLAD, 29A, etc. The only way that you are going to gain a round knowledge in virus writing is to study many points of view. - Virus Creation Labs - That's right. They are not evil. Acquire a few of them, especially the ones that are offering windows infections. You have to put these labs into the right perspective (read article 5). Once you do, they can be used as good tools. - Find as much assembly info that you can find. I have bought many books on assembly that have helped me out tremendously. Download text files. Join assembly site mailing lists. Take a look at how non-virus assembly programs operate. We, as virus writers, have evolved from the simple assembly coders. You still need to study your roots and understand the inner workings of assembly and low level computer applications. - Go to the many Shareware sites that are on the web and search for assembly utilities, sometimes, if you are luck, you will find some treasures. The other search engines on the net such as ftp search engines can also reveal many helpful utilities. Well, that should be good for starters. In the next issue of the mag, I will go into detail on programs that can help you exploit Windows 95/98. I didn't want to get too in depth with 32-bit stuff yet, for the beginner; it can be kinda confusing. The above list is in no specific order or precedence; I just typed them up that way. Most of the good stuff that you will need is out there; all you need to do is be motivated to find it. If you ever need any help, you can always write us at Codebreakers, we will be glad to help. Becoming a seasoned pro at virus writing requires the development of an effective reference library of utilities and documents about all facets of virii. Good luck at collecting the tools of the trade! Some helpful sites: http://codebreakers.simplenet.com/ (The CodeBreakers Site (Very helpful!!)) http://cyberstation.net/~cicatrix/frames.htm (Cicatrix's VDAT, Great Virus site) AV sites: http://www.mcafee.com/ (mcafee) http://www.thunderbyte.com/ (thunderbyte <= the BEST!!!) http://www.datafellows.com/ (f-prot) (don't download any windows versions of the scanners!!! only DOS!) Good for searching the web for stuff: http://www.infoseek.com/ http://www.webcrawler.com/ http://ftpsearch.ntnu.no/ftpsearch http://filepile.com/nc/start http://www.shareware.com http://www.cs.cmu.edu/afs/cs.cmu.edu/user/ralf/pub/WWW/files.html (Ralf Brown Home) http://www.v-com.com (Sourcer) There are literally hundreds of helpful sites on the web that are helpful to the virus programmer. Do not be afraid to use the search engines, they can quite a lot of helpful programs, especially ones that are buried on people's ftp sites. I have also found many useful utilities on shareware site, including many Windows programming stuff. Just search around the net bookmarking all the best sites that you find. Go to all the virus sites and save all of their links. Be creative and resourceful, and if you need help finding a particular utility, contact us, we are happy to help. Have fun!