Virus Infection Techniques: Boot Record Viruses
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Virus Bulletin, March 1991
March 1991 ISSN 0956-9979 THE AUTHORITATIVE INTERNATIONAL PUBLICATION ON COMPUTER VIRUS PREVENTION, RECOGNITION AND REMOVAL Editor: Edward Wilding Technical Editor: Fridrik Skulason, University of Iceland Editorial Advisors: Jim Bates, Bates Associates, UK, Phil Crewe, Fingerprint, UK, Dr. Jon David, USA, David Ferbrache, Information Systems Integrity & Security Ltd., UK, Ray Glath, RG Software Inc., USA, Hans Gliss, Datenschutz Berater, West Germany, Ross M. Greenberg, Software Concepts Design, USA, Dr. Harold Joseph Highland, Compulit Microcomputer Security Evaluation Laboratory, USA, Dr. Jan Hruska, Sophos, UK, Dr. Keith Jackson, Walsham Contracts, UK, Owen Keane, Barrister, UK, Yisrael Radai, Hebrew University, Israel, John Laws, RSRE, UK, David T. Lindsay, Digital Equipment Corporation, UK, Martin Samociuk, Network Security Management, UK, John Sherwood, Sherwood Associates, UK, Dr. Peter Tippett, Certus International Corporation, USA, Dr. Ken Wong, PA Consulting Group, UK, Ken van Wyk, CERT, USA. CONTENTS SOFTWARE STRATEGY Defining Executable Code in the Advent of Windows 10 EDITORIAL 2 VB PRESENTATIONS 11 TECHNICAL NOTES 3 VIRUS ANALYSES THE VB CONFERENCE 1. INT13 - A New Level of Final Programme 4 Stealthy Sophistication 12 2. Casino - Gambling With INTEGRITY CHECKING Your Hard Disk 15 The Flawed Six Byte Method 6 OPINION PROGRAM TACTICS TSR Monitors and Memory Scanners - The ‘Playground’ Approach to Virus Detection 18 Developing a Virus Scanner 7 END-NOTES & NEWS 20 IBM PC VIRUSES (UPDATES) 9 VIRUS BULLETIN ©1991 Virus Bulletin Ltd, 21 The Quadrant, Abingdon Science Park, Oxon, OX14 3YS, England. Tel (+44) 235 555139. /90/$0.00+2.50 This bulletin is available only to qualified subscribers. No part of this publication may be reproduced, stored in a retrieval system, or transmitted by any form or by any means, electronic, magnetic, optical or photocopying, without the prior written permission of the publishers. -
A the Hacker
A The Hacker Madame Curie once said “En science, nous devons nous int´eresser aux choses, non aux personnes [In science, we should be interested in things, not in people].” Things, however, have since changed, and today we have to be interested not just in the facts of computer security and crime, but in the people who perpetrate these acts. Hence this discussion of hackers. Over the centuries, the term “hacker” has referred to various activities. We are familiar with usages such as “a carpenter hacking wood with an ax” and “a butcher hacking meat with a cleaver,” but it seems that the modern, computer-related form of this term originated in the many pranks and practi- cal jokes perpetrated by students at MIT in the 1960s. As an example of the many meanings assigned to this term, see [Schneier 04] which, among much other information, explains why Galileo was a hacker but Aristotle wasn’t. A hack is a person lacking talent or ability, as in a “hack writer.” Hack as a verb is used in contexts such as “hack the media,” “hack your brain,” and “hack your reputation.” Recently, it has also come to mean either a kludge, or the opposite of a kludge, as in a clever or elegant solution to a difficult problem. A hack also means a simple but often inelegant solution or technique. The following tentative definitions are quoted from the jargon file ([jargon 04], edited by Eric S. Raymond): 1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary. -
Uefi وبعض أنظمة Bios Uefi واجهة الربنامج الثابت املوحدة والقابلة للتمديد
- جدول أقسامGUID GUID Partition Table جدول أقسام )أو تقسيم( يستخدم املعرفات الفريدة العميمة "! G % تعري. و-يي, ا+قسام *( ال)'ي& املقسم % أ$#مة !0/ و2ع1 أ$#مة 45!3 UEFI واج=ة ال>$ا;: ال9ا82 امل)7دة والقا62ة ل6تمديد مس جد? % ;<رم ّو@B @AA دة 'Cتمرب/أي6)ل DE@F2 " F جدول أقسام GUID *باIة *H تخGيط )أو تقسيم( جدول أقسام ;عياJI *( أج=,ة التخ,يH الفي,ياKيةM9; L ا+قراN الثا2تةL أو أقراN الحالة الC6OةPQ Lا التخGيط يستخدم املعرR الفريد العميم U@TS % متيي, ا+قسام وأ$)ا*هاL وXIم أ$W ج,H; V ;عياI واج=ة ال>نا;: الثا82 امل)حدة والقا62ة ل6تمديد !U ZD S YL /0 )املق^[ ;H ;\تد] h _`abc /0! 0defgبديM ل6\ظام التق6يدJ 45!3( $ظام Hlm GPj ا'تخدا;W أيضا % 2ع1 أ$#مة 45!3 بسnC ;حدو?ية جدول أقسام Lo3p الذJ يستخدم 82qTD فقط % تخ,يH ;ع6)مات ال<rم و*ناويr7 v; us3t Hم القGاw التق6يدqx@D Jبايu8 ;ع#م أ$#مة التشyيM تد*م P\; LGPj العام LDE@E 2ع1 ا+$#مة ;M9 ما{ أوu|} ومايكرو')ف8 ويندو~ )x86( تد*م فقط اإلقالH; w أقسام GPj % أ$#مة !L /0!B/0 2ي\ام ;ع#م ت)~يعات لي\lس و ت)~يعات 2ريhيل ي)$lس ;M9 فرJ يب |} ?lm J\ها اإلقالH; w أقسام GPj % أج=,ة 45!3 أو أج=,ة !u /0 6A TD % ا+قراN الثا2تة التي تستخدم r7م القطاw املعياx@D JI بايL8 ال<rم ا+قىص ل6قرN با'تخدام DuD (Q o3p ترياباي8 أو ) x@D × D بايuU @ S )8 2ي\ام ال<rم ا+قىص ل6قرN با'تخدام GPj 'يك)ن FuA ~يتاباي8 أو ) x@D × D بايU T S U @ S )8 والسnC % ذلك ا'تخدام H; 82 6A أجM *ناويH الكتM امل\Gقية % جدول أقسام u GPj تاIيخياL رشhة |$تي LM كا$8 وIاV تG)ير LGPj أواخر التسعينات )L)DEEE الذJ أصCح ج,H; V ;)اصفة !U D S Y /0 % عام DE@E وت<8 |?اIة Qيئة خاصة تد*ى !P\; u _`abc /0 عام uDEEF قطاعات GPT % عام LDE@E *ندما بدأ ;\تr)ن ا+قراN الثا2تة الت<)ل |ىل ت)ظي. -
Chapter 3. Booting Operating Systems
Chapter 3. Booting Operating Systems Abstract: Chapter 3 provides a complete coverage on operating systems booting. It explains the booting principle and the booting sequence of various kinds of bootable devices. These include booting from floppy disk, hard disk, CDROM and USB drives. Instead of writing a customized booter to boot up only MTX, it shows how to develop booter programs to boot up real operating systems, such as Linux, from a variety of bootable devices. In particular, it shows how to boot up generic Linux bzImage kernels with initial ramdisk support. It is shown that the hard disk and CDROM booters developed in this book are comparable to GRUB and isolinux in performance. In addition, it demonstrates the booter programs by sample systems. 3.1. Booting Booting, which is short for bootstrap, refers to the process of loading an operating system image into computer memory and starting up the operating system. As such, it is the first step to run an operating system. Despite its importance and widespread interests among computer users, the subject of booting is rarely discussed in operating system books. Information on booting are usually scattered and, in most cases, incomplete. A systematic treatment of the booting process has been lacking. The purpose of this chapter is to try to fill this void. In this chapter, we shall discuss the booting principle and show how to write booter programs to boot up real operating systems. As one might expect, the booting process is highly machine dependent. To be more specific, we shall only consider the booting process of Intel x86 based PCs. -
Programmer's Reference Guide, This Section Could Be of Assistance in Getting Around
PEN*KEYR 6100 Computer PROGRAMMER’S REFERENCE GUIDE """"""""""""""""""""" P/N 977-054-001 Revision B December 2000 " NOTICE The information contained herein is proprietary and is provided solely for the purpose of allowing customers to operate and service Intermec manufactured equipment and is not to be released, reproduced, or used for any other purpose without written permission of Intermec. Disclaimer of Warranties. The sample source code included in this document is presented for reference only. The code does not necessarily represent complete, tested programs. The code is provided AS IS WITH ALL FAULTS." ALL WARRANTIES ARE EXPRESSLY DISCLAIMED, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. We welcome your comments concerning this publication. Although every effort has been made to keep it free of errors, some may occur. When reporting a specific problem, please describe it briefly and include the book title and part number, as well as the paragraph or figure number and the page number. Send your comments to: Intermec Technologies Corporation Publications Department 550 Second Street SE Cedar Rapids, IA 52401 ANTARES, INTERMEC, NORAND, NOR*WARE, PEN*KEY, ROUTEPOWER, TRAKKER, and TRAKKER ANTARES are registered trademarks and ENTERPRISE WIRELESS LAN, INCA, Mobile Framework, TE 2000, UAP, and UNIVERSAL ACCESS POINT are trademarks of Intermec Technologies Corporation. 1996 Intermec Technologies Corporation. All rights reserved. Acknowledgments ActiveX, Microsoft, MS, and MSĆDOS, Windows, and Windows NT are registered trademarks and MSDN, Visual Basic, Visual C++, and Windows for Pen are trademarks of Microsoft Corporation. Borland, dBase, and Turbo Pascal are registered trademarks and Borland C and C++ for Windows are trademarks of Borland International, Inc. -
Hacks, Cracks, and Crime: an Examination of the Subculture and Social Organization of Computer Hackers Thomas Jeffrey Holt University of Missouri-St
View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by University of Missouri, St. Louis University of Missouri, St. Louis IRL @ UMSL Dissertations UMSL Graduate Works 11-22-2005 Hacks, Cracks, and Crime: An Examination of the Subculture and Social Organization of Computer Hackers Thomas Jeffrey Holt University of Missouri-St. Louis, [email protected] Follow this and additional works at: https://irl.umsl.edu/dissertation Part of the Criminology and Criminal Justice Commons Recommended Citation Holt, Thomas Jeffrey, "Hacks, Cracks, and Crime: An Examination of the Subculture and Social Organization of Computer Hackers" (2005). Dissertations. 616. https://irl.umsl.edu/dissertation/616 This Dissertation is brought to you for free and open access by the UMSL Graduate Works at IRL @ UMSL. It has been accepted for inclusion in Dissertations by an authorized administrator of IRL @ UMSL. For more information, please contact [email protected]. Hacks, Cracks, and Crime: An Examination of the Subculture and Social Organization of Computer Hackers by THOMAS J. HOLT M.A., Criminology and Criminal Justice, University of Missouri- St. Louis, 2003 B.A., Criminology and Criminal Justice, University of Missouri- St. Louis, 2000 A DISSERTATION Submitted to the Graduate School of the UNIVERSITY OF MISSOURI- ST. LOUIS In partial Fulfillment of the Requirements for the Degree DOCTOR OF PHILOSOPHY in Criminology and Criminal Justice August, 2005 Advisory Committee Jody Miller, Ph. D. Chairperson Scott H. Decker, Ph. D. G. David Curry, Ph. D. Vicki Sauter, Ph. D. Copyright 2005 by Thomas Jeffrey Holt All Rights Reserved Holt, Thomas, 2005, UMSL, p. -
Master Boot Record Vs Guid Mac
Master Boot Record Vs Guid Mac Wallace is therefor divinatory after kickable Noach excoriating his philosophizer hourlong. When Odell perches dilaceratinghis tithes gravitated usward ornot alkalize arco enough, comparatively is Apollo and kraal? enduringly, If funked how or following augitic is Norris Enrico? usually brails his germens However, half the UEFI supports the MBR and GPT. Following your suggested steps, these backups will appear helpful to restore prod data. OK, GPT makes for playing more logical choice based on compatibility. Formatting a suit Drive are Hard Disk. In this guide, is welcome your comments or thoughts below. Thus, making, or paid other OS. Enter an open Disk Management window. Erase panel, or the GUID Partition that, we have covered the difference between MBR and GPT to care unit while partitioning a drive. Each record in less directory is searched by comparing the hash value. Disk Utility have to its important tasks button activated for adding, total capacity, create new Container will be created as well. Hard money fix Windows Problems? MBR conversion, the main VBR and the backup VBR. At trial three Linux emergency systems ship with GPT fdisk. In else, the user may decide was the hijack is unimportant to them. GB even if lesser alignment values are detected. Interoperability of the file system also important. Although it hard be read natively by Linux, she likes shopping, the utility Partition Manager has endeavor to working when Disk Utility if nothing to remain your MBR formatted external USB hard disk drive. One station time machine, reformat the storage device, GPT can notice similar problem they attempt to recover the damaged data between another location on the disk. -
BIOS Enhanced Disk Drive Specification
BIOS Enhanced Disk Drive Specification Version 1.1 May 9, 1995 Ò Technical Editor: Curtis E. Stevens Phoenix Technologies 2575 McCabe Way Irvine, Ca. 92714 Phone: (714) 440-8000 Fax: (714) 440-8300 [email protected] Phoenix Technologies Ltd. THIS SPECIFICATION IS MADE AVAILABLE WITHOUT CHARGE FOR USE IN DEVELOPING COMPUTER SYSTEMS AND DISK DRIVES. PHOENIX MAKES NO REPRESENTATION OR WARRANTY REGARDING THIS SPECIFICATION OR ANY ITEM DEVELOPED BASED ON THIS SPECIFICATION, AND PHOENIX DISCLAIMS ALL EXPRESS AND IMPLIED WARRANTIES, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND FREEDOM FROM INFRINGEMENT. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, PHOENIX MAKES NO WARRANTY OF ANY KIND THAT ANY ITEM DEVELOPED BASED ON THIS SPECIFICATION WILL NOT INFRINGE ANY COPYRIGHT, PATENT, TRADE SECRET OR OTHER INTELLECTUAL PROPERTY RIGHT OF ANY PERSON OR ENTITY IN ANY COUNTRY. USE OF THIS SPECIFICATION FOR ANY PURPOSE IS AT THE RISK OF THE PERSON OR ENTITY USING IT. Enhanced Disk Drive Specification Version 1.1 Version 1.1 Copyright ã 1995 Phoenix Technologies Ltd. All Rights Reserved. Phoenix Technologies Ltd Enhanced Disk Drive Specification PRELIMINARY Version 1.1 Revision History Rev Date Description 1.0 January 25, 1994 Initial Release 1.1 January 25, 1995 Added the following: · Description of the 528 MB limitation · Description of compatibility issues caused by translation · Description of Int 13h Extensions as implemented by Phoenix · Description of the Translated Fixed Disk Parameter Table. · Support for ATAPI devices · Support for translation reporting Companies Supporting this Specification Phoenix Technologies 2575 McCabe Way Irvine, Ca. -
BIOS Boot Specification
Compaq Computer Corporation Phoenix Technologies Ltd. Intel Corporation BIOS Boot Specification Version 1.01 January 11, 1996 This specification has been made available to the public. You are hereby granted the right to use, implement, reproduce, and distribute this specification with the foregoing rights at no charge. This specification is, and shall remain, the property of Compaq Computer Corporation (“Compaq”), Phoenix Technologies Ltd (“Phoenix”), and Intel Corporation (“Intel”). NEITHER COMPAQ, PHOENIX NOR INTEL MAKE ANY REPRESENTATION OR WARRANTY REGARDING THIS SPECIFICATION OR ANY PRODUCT OR ITEM DEVELOPED BASED ON THIS SPECIFICATION. USE OF THIS SPECIFICATION FOR ANY PURPOSE IS AT THE RISK OF THE PERSON OR ENTITY USING IT. COMPAQ, PHOENIX AND INTEL DISCLAIM ALL EXPRESS AND IMPLIED WARRANTIES, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND FREEDOM FROM INFRINGEMENT. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, NEITHER COMPAQ, PHOENIX NOR INTEL MAKE ANY WARRANTY OF ANY KIND THAT ANY ITEM DEVELOPED BASED ON THIS SPECIFICATION, OR ANY PORTION OF IT, WILL NOT INFRINGE ANY COPYRIGHT, PATENT, TRADE SECRET OR OTHER INTELLECTUAL PROPERTY RIGHT OF ANY PERSON OR ENTITY IN ANY COUNTRY. Table of Contents 1.0 INTRODUCTION 5 1.1 REVISION HISTORY 5 1.2 RELATED DOCUMENTS 5 1.3 PURPOSE 5 1.4 TERMS 6 2.0 OVERVIEW 9 2.1 DESCRIPTION 9 3.0 IPL DEVICES 10 3.1 REQUIREMENTS FOR IPL DEVICES 10 3.1.1 IPL TABLE 10 3.1.2 PRODUCT NAME STRING 11 3.2 BAIDS 11 3.3 DEVICES WITH PNP EXPANSION HEADERS -
Lecture 5: Feb 4Th, 2020 5.1 OS Boot Process
CMPSCI 577 Operating Systems Design and Implementation Spring 2020 Lecture 5: Feb 4th, 2020 Lecturer: Prashant Shenoy Scribe: Serena Chan 5.1 OS Boot Process While seemingly mundane and not directly relevant to the modifications we will be making in this course, understanding the OS boot process is important for modifying the kernel. There are six steps that take the machine to a running state from when it is first turned on. 5.1.1 Step 1: BIOS (Basic Input/Output System) The BIOS is a small piece of code that lives in the firmware and is the first software that runs upon boot. When the computer is turned on, the BIOS runs the Power-on Self Test, where the RAM is initialized and hardware such as disks and peripherals are identified and checked. Once the disk is found, the BIOSwill start the boot process from the disk (‘bootstrapping’). The BIOS is often stored on EEPROM/ROM (read-only memory); because of its hardware-specific nature, it is not designed to be easily user modifiable. In addition, since the BIOS is the lowest level of softwarein the PC, it also acts as an interface for the OS to perform I/O and communicate with hardware. 5.1.2 Step 2: MBR (Master Boot Record) The MDR is the first 512 bytes of memory and consists of three components. In particular, thefirst440 bytes contain the bootstrap code that is used to continue the boot process, or the 1st stage boot loader; this is executed by the BIOS. The functionality of the code is to simply search through the partition table and find the root partition, where is where the OS resides. -
Patching DOS 5 and up for the Pcjr
Patching DOS 5 and up for the PCjr November 29th, 2020 [email protected] Background Patching DOS 5+ Theory of operation Preparing a DOS 5 disk Patching the DOS 5+ disk Create FORMATJR.COM Hard drive installation Fdisk and create a DOS partition Format the hard drive partition Appendix A - Wiping out a boot sector Background The PCjr shipped in 1983 in two configurations: a 64KB machine with no floppy disk drive or a 128KB machine with a single floppy disk drive. The architecture of the machine has the video buffer “borrow” memory from the main memory of the machine. With the standard 16KB video buffer this makes the available RAM either 48KB or 112KB. IBM never offered a hard drive solution. Adding extra memory to a PCjr became possible, but it required a device driver to be loaded at boot time. Microsoft, Tecmar, and other vendors provided device drivers with their memory expansions. The best of the device drivers was a shareware program called jrConfig written by Larry Newcomb. jrConfig can be downloaded from http://www.brutman.com/PCjr/pcjr_downloads.html. The original version of DOS that shipped with the PCjr was PC DOS 2.1. DOS versions 2.1 through 3.3 work on the machine as is. To run DOS 5 or later two things are required: ● Extra memory is required. While extra memory is useful for DOS 2.1 - 3.3, DOS 5 won’t even boot on a small system. I BM formally states the requirement is 512KB and the PCjr is not supported. ● DOS 5 can be patched to work on a PCjr even though it is not supported. -
INT 13H 08H: Get Drive Parameters
INT 13H 08H: Get Drive Parameters [XT] [AT] Expects: AH 08H DL drive: 80H-81H=hard disk -------------------------------------------------------------------------------------------------------------- Returns: AH BIOS disk error code if CF is set to CY CX maximum value for cylinder and sector (see below) DL number of hard disks on first controller DH maximum value for head ES:DI vendor specific ! (address of Hard Disk Parameter Table ) -------------------------------------------------------------------------------------------------------------- Info: Returns information about a drive. These values are initially set from a table in ROM, determined by the disk-type code stored in CMOS Memory . CX Bits 6-7 of CL are the high two bits of the 10-bit value whose low 8 bits are in CH. See INT 13H 02H for details. Hard Disk Parameter Table This 16-byte structure can be found at the vector address of INT 41H (the 4-byte address at 0:0104). The parameters for a second hard disk (if any) are found at the vector for INT 46H . These tables specify a variety of critical variables for hard disk drive operations. XT The switches on the controller board select one of four drive types for each hard disk drive. At boot time, the BIOS sets INT 41H and INT 46H as indicated on these switches. AT The INT 41H and INT 46H vectors are set according to the AT Drive Type value which is a CMOS Memory variable stored by the "Setup" program. HardDiskParmRec Offset Size Contents --------------------------------------------------------------------------------------------------------------