D y n a m i c s  o f
 S e l f - r e p l i c a t i n g  C o d e  B e h a v i o r

 
  This article is not about Dynamics of Self-replicating Code Behavior.
I just wanted to make sure that you gonna read this article. 8-)
  And now that know what it feels like for the poor guy who realises 
that 'FUCKING_WITH_DOGS.SCR' is not a screen saver, let this
article self-renamed into:


  P o l y m o r p h i s m   u s i n g   X M L 

  
  The code presented here is based on the concept of my SPLVM engine. 
I would like to thank rajaat for giving me the idea of using VBScript 
and XML to implement those stuff. 

  This article is not going to teach you what XML is and how to 
handle XML data with VBScript. I make use of XML  because
it's a good way to handle structured data.

  The code consists of a couple of functions that recursivly 
traverse the xml document tree and produce the output. Let's 
see how it works with a 'hello-world!'-type example. Create a 
file named polyxml.xml and put in the following text:

  <?xml version="1.0"?>

  <all>
	<outtext>Kyle's mom, is a stupid bitch!</outtext>
  </all>

now you have to call the engine with the following code:

	'Variables
	Dim xmlDoc
	Dim parsedDoc
	Dim nodeList
	Dim currNode
	Dim count
	
	'Initialize randomizer
	Randomize 
	
	'Create 1 instance of an XML Object 
	'turn of asynchronous comminication
	'preserve WhiteSpace/tabs/newlines/etc 
	Set xmlDoc = CreateObject("Microsoft.XMLDOM")
	xmlDoc.async = false
	xmlDoc.preserveWhiteSpace = true
	
	'Load the XML document
	xmlDoc.load("polyxml.xml")
	
	'Call the engine and presend the result
	WScript.Echo PolyGenerate(xmlDoc.documentElement)

	
The above code will create an XML Document using the Microsoft XML parser.
Loading the xml from a file is not very usefull for a virus. You can use the 
function loadxml(string) instead. 
(ex: xmlDoc.loadxml("<all><outtext>Hello World!</outtext></all>") )
Run the file polyxml.xml to see the results.

  Now lets make it complex. What about having more words in place of the 
word 'stupid', and select one randomly? Test the following code.
(polyxml1.xml)

  <all>
	<outtext>Kyle's mom, is a </outtext>
	<select>
		<outtext>stupid </outtext>
		<outtext>dirty </outtext>
		<outtext>fucking </outtext>
	</select>
	<outtext>bitch!</outtext>
  </all>

  Load this file in the engine. Get the idea? 
Now let's add a 'all day long' before or after the 'is a * bitch'. 
(polyxml2.xml)

  <all>
    <outtext>Kyle's mom, </outtext>
      <random>
        <outtext>all day long</outtext>
        <all>
          <outtext> is a </outtext>
          <select>
            <outtext>stupid </outtext>
            <outtext>dirty </outtext>
            <outtext>fucking </outtext>
          </select>
          <outtext>bitch</outtext>
        </all>
      </random>
    <outtext>!</outtext>
  </all>


  
  Time to stop for a little bit of explanation here.
Till now we show the <all>, <select>, <random> and <outtext> tags.

  <outtext> is for sending data to the output. It can't contain any 
other tags. The first time the engine reach this element, it send 
it's contents to the output and remove it from the XML document. 
Similary, there is a <code> tag, which is for executing VBScript code.

  <all> is for defining closed blocks. Once our engine visit 
a <all> element, it won't leave it until all the childs under it 
get's evaluated. Then it removes it from the XML document 
(along with all of it's childs of course).

  <select> is for choising one action, between several similar actions.
When the engine reach a <select> element, it will randomly choose one 
child and remove all the others. Then it will evaluate that Child and 
return. If there is no child (which happends if the child was fully 
evaluated and removed), the engine will remove that <select> element. 

  <random> is for grouping together things that can be places in random 
order. The engine will randomly select one child, evaluate it, and return
it's result. This process will keep on, till all of the childs get fully
evaluated (=removed), when the engine will remove this element.

  There is one more tag named <shift>. See an example first and we will 
explain it afterwards:
(polyxml3.xml)  

  <all>
    <random>
      <shift>
	    <outtext>dim CryptLength
		</outtext>
	    <outtext>CryptLength = 16
		</outtext>
      </shift>
      <shift>
	    <outtext>dim CryptKey  
		</outtext>
	    <outtext>CryptKey = "FoD5N8sDtGfdx4jI"  
		</outtext>
      </shift>	
    </random>
  </all>

  Here we want to define two variables and then asign values to them.
Definition must happen before the asignment for each variable, but
we also want the 4 lines of code to be placed in an as random as possiple
order. That's why we use the <shift> tag to tell <random> that
we want to preserve the order of evaluation for some elements, but let
it freelly mix them with all other childs of <random> element.

  <shift> is for preserving the order of evaluation. When the engine 
reach a <shift> element it will evaluate the first child and return 
it's result. One by one, the childs will get fully evaluated and 
removed from the XML document. Once there are no childs left, the 
<shift> element will be removed too.



  Some things you can do to improve the engine is to:
  
  - implement a <outtextnl> tag, that returns the string plus a 
    new line character.
	
  - improve the <code> tag, so that you will be able to write to the
    output string.
	
  - Using an attribute in the <select> tag, so that <select> elements
    with the same attribute get synchronized - evaluating the same N-th 
    child element.
	
  - implement a mechanism to perform backpatching in the output stream.

  exemple in Binaries dirz
  
  
  ANAkTOS[MATRiX]