---( visual payload by mort[MATRiX] )--------------------------------------- This article is for educational purpose only and I AM NOT responsibille for anything nor my english, nor myself,...anyway, enjoy it... ---( forewords )------------------------------------------------------------ I've never used something like payload in my viriis. I've allways thought the best payload will be some fucking bug in my code that will sometime show user: something is bad,... Anyway, time's got changed and i realized there could be something more then code-bugs. There're many type of payloads. This article is about some type of visual payload. I think, good way to start,...for me. I used some graphical pay- load in my aiD virus,... go and check the code,...:) ---( device context )------------------------------------------------------- Normal applications write to their screens with the help of device context. Device context is a structure which is connect to some device. In our case it's screen. Application use device context connected to their 'windows'. I havent seen virii with its own 'window' -> we must get device context of whole screen. Using this code we will get handle of screen context: | push 0 0 0 | push pointer to 'DISPLAY',0 string | call CreateDC(A/W) \\\\\\\\\\\\\\\\\\\\ In eax we have hadle to screen device context. Before i start to explain drawing function i'll show the way to close device context. Close it when u finish the work with it,... | push handle of device context | call ReleaseDC \\\\\\\\\\\\\\\\ ---( drawing - text )------------------------------------------------------- You can either put text on the screen or pixels. First i will mention text functions. I will show only basic function, coz other functions need some deeply explanation and thats not point of this article :)). There's very simple way of putting text on screen - TextOut(A/W) func. | push count of chars to be typped | push pointer to string to be typped | push y possition | push x possition | push handle of context | call TextOut(A/W) \\\\\\\\\\\\\\\\\\\ And now some basic functions to format the text... | push color ;sets color of text | push handle of context | call SetTextColor \\\\\\\\\\\\\\\\\\\ | push mode ;sets background mode of text | push handle of context | call SetBkMode \\\\\\\\\\\\\\\\ mode - OPAQUE = 2 TRANSPARENT = 4 | push color ;sets color of background | push handle of context | call SetBkColor \\\\\\\\\\\\\\\\\ | push points interleaded between chars | push handle of context | call SetTextCharacterExtra \\\\\\\\\\\\\\\\\\\\\\\\\\\\ sets interleading between chars, normally it's null There're some predefined fonts by windows. Not many, but better than nothing. Each font has its handle which we can get by calling: | push font ID | call GetStockObject \\\\\\\\\\\\\\\\\\\\\ where font ID can be: SYSTEM_FONT = 13 SYSTEM_FIXED_FONT = 16 OEM_FIXED_FONT = 10 DEFAULT_GUI_FONT = 17 ANSI_FIXED_FONT = 11 ANSI_VAR_FONT = 12 DEVICE_DEFAULT_FONT = 14 i found only theese,...i havent tested them,... returns handle of font And we set the font by calling: | push handle of font | push handle of context | call SelectObject \\\\\\\\\\\\\\\\\\\ I know thats not many for text functions, anyway using this u can create some payload,... ---( drawing - pixels )----------------------------------------------------- This part is about functions that draws well known types of objects like pixel, circle and so on,... | '- pixels )-------------------------------------------------------------. You can put pixel calling: | | push color | push y possition | push x possition | push handle of context | call SetPixel \\\\\\\\\\\\\\\ To obtain color from possition use: | push y possition | push x possition | push handle of context | call GetPixel \\\\\\\\\\\\\\\ eax holds color of pixel | '- lines )--------------------------------------------------------------. To write line u must use two functions: MoveToEx and LineTo. | | push 0 | push y possition | push x possition | push handle of context | call MoveToEx \\\\\\\\\\\\\\\ sets 'pen' possition to set coordinates - drawing nothing | push y possition | push x possition | push handle of context | call LineTo \\\\\\\\\\\\\ draws line from 'penn' possition to set coordinates You can get current 'pen' possition by calling: | push pointer to POINT structure | push handle of context | call GetCurrentPossitionEx \\\\\\\\\\\\\\\\\\\\\\\\\\\\ returns 'pen' possition in POINT structure: POINT struc x dd ? y dd ? POINT ends u can connect array of points with lines by calling: | push number of points | push pointer to points' array | push handle of context | call PolyLine \\\\\\\\\\\\\\\ This function doesnt set 'pen' possition. To write polyline with setting 'pen' possition use: | push number of points | push pointer to points' array | push handle of context | call PolyLineTo \\\\\\\\\\\\\\\\\ | '- rectangle )----------------------------------------------------------. To draw rectangle use: | | push y - bottom possition | push x - right possition | push y - top possition | push x - left possition | push handle of context | call Rectangle \\\\\\\\\\\\\\\\ To draw some soft rectangle,...:): | push y - ellipse corner | push x - ellipse corner | push y - bottom possition | push x - right possition | push y - top possition | push x - left possition | push handle of context | call RoundRect \\\\\\\\\\\\\\\ | '- ellipse )------------------------------------------------------------. To draw ellipse use: | | push y - bottom possition | push x - right possition | push y - top possition | push x - left possition | push handle of context | call Ellipse \\\\\\\\\\\\\\ | '- some 'pie's' functions )---------------------------------------------. Folowing three functions use the same parameters: | | push y - end | push x - end | push y - start | push x - start | push y - bottom possition | push x - right possition | push y - top possition | push x - left possition | push handle of context | call Arc - draw pure part of ellipse line \\\\\\\\\\\\ | call Chord - draw something like half-moon,...:))) \\\\\\\\\\\\ | call Pie - draw 'pie part',...:)) \\\\\\\\\\\\ ---( closing )-------------------------------------------------------------- Thats all,... I wrote this article, coz i've used my first payload in my aiD virus. I mention only top of windows drawing abillity, coz i know only the top :)),...there're functions to set many type of fonts, pens and whatever connected to text format same as in drawing (eg. Bezier's line). Please feel free to write me any comments... mort[MATRiX] . |\ | |.--. -|-. | || |.--|| | | \ m o r|t . .-'-----'\._''--'-. '--[MATRiX]-------' [mort@matrixvx.org] \\\\\\\\\\\\\\\\\\