                         Helpful Virus Writing Tools
                                     By
                                 Horny Toad



This list of virus writing tools is primarily for beginners.  If you are already an accomplished 
programmer, you know what tools that you need to code successfully.  If you are a beginner, look 
at this list and try to acquire everything that I recommend.  There might be other substitutes for 
items on the list that do the same thing, but you will not go wrong if you use my suggestions.  If 
you need help finding where to download these tools, just email me.  But as SPo0ky always 
recommends, get familiar with search engines, they can be very helpful in finding useful stuff on 
the web.

- TASM 5.0 (Assembler) - Borland's Turbo Assembler is the best there is.  I have included an 
old version of TASM in the first edition of the mag, but I strongly recommend that you 
acquire the most up-to-date version.  Version 5.0 has many 32-bit assembly utilities including 
a 32-bit debugger.  There are also many very useful text files in the full-blown version.  
These text files include an in-depth reference on the many versions of assembly and the use 
of TLINK, TD, and TASM.

- SOURCER - by V Communications.  Look for version 4.04 or better.  This program is a 
disassembler.  It allows you to generate assembly code from EXE and COM files.  The output 
code is not optimized, but it does show the basic operations of a program.  It also shows such 
information about the program like the interrupts that the program uses. 

- Good AV programs.  I use a variety of AV programs due to the fact that each of them has 
exploitable weaknesses.  In future editions of the Codebreakers magazines, we will be 
discussing ant-anti-virus programming.

- W32Dasm - by URSoft. For you Windows programmers, this is an awesome disassembler.  
It allows for 16 and 32-bit program disassembly, including the NE and PE file formats.  You 
can easy search through the disassembled code for individual parts of the program listing.  
Get it!

- Ralf Brown's Interrupt List is a must for all assembly programmers.  Simply put, it is the 
most complete documented interrupt list available.  Brown has also included many other 
references for the programmer to use in assembly coding.  This list is very long, so download 
time can be a bitch, but it is well worth it.

- Cicatrix's VDAT is the most awesome collection of virus information around.  Whether you 
get the Windows version or the older ones, you will be guaranteed many nights of good 
reading, virus writing utilities, and very helpful reviews.

- You can never have too much source code.  Collect as much source code as you can find.  Go 
to the Codebreakers site and download our virus collections and other zipped files filled with 
code.  Take a virus a night and look at it, dissect it, and learn the virus writer's techniques.

- Virus Mags - Yes, I am recommending that you read other mags.  Take a look at such mags 
as 40Hex, VLAD, 29A, etc.  The only way that you are going to gain a round knowledge in 
virus writing is to study many points of view.

- Virus Creation Labs - That's right.  They are not evil.  Acquire a few of them, especially the 
ones that are offering windows infections.  You have to put these labs into the right 
perspective (read article 5).  Once you do, they can be used as good tools. 

- Find as much assembly info that you can find.  I have bought many books on assembly that 
have helped me out tremendously.  Download text files.  Join assembly site mailing lists.  
Take a look at how non-virus assembly programs operate.  We, as virus writers, have evolved 
from the simple assembly coders.  You still need to study your roots and understand the inner 
workings of assembly and low level computer applications.

- Go to the many Shareware sites that are on the web and search for assembly utilities, 
sometimes, if you are luck, you will find some treasures.  The other search engines on the net 
such as ftp search engines can also reveal many helpful utilities.


Well, that should be good for starters.  In the next issue of the mag, I will go into detail on 
programs that can help you exploit Windows 95/98.  I didn't want to get too in depth with 32-bit 
stuff yet, for the beginner; it can be kinda confusing.  The above list is in no specific order or 
precedence; I just typed them up that way.  Most of the good stuff that you will need is out there; 
all you need to do is be motivated to find it.  If you ever need any help, you can always write us at 
Codebreakers, we will be glad to help.  Becoming a seasoned pro at virus writing requires the 
development of an effective reference library of utilities and documents about all facets of virii.  
Good luck at collecting the tools of the trade!


Some helpful sites:

http://codebreakers.simplenet.com/  (The CodeBreakers Site (Very helpful!!))
http://cyberstation.net/~cicatrix/frames.htm (Cicatrix's VDAT, Great Virus site)

AV sites:
http://www.mcafee.com/ (mcafee)
http://www.thunderbyte.com/ (thunderbyte <= the BEST!!!)
http://www.datafellows.com/ (f-prot)
(don't download any windows versions of the scanners!!! only DOS!)

Good for searching the web for stuff:
http://www.infoseek.com/
http://www.webcrawler.com/
http://ftpsearch.ntnu.no/ftpsearch
http://filepile.com/nc/start
http://www.shareware.com

http://www.cs.cmu.edu/afs/cs.cmu.edu/user/ralf/pub/WWW/files.html (Ralf Brown Home)
http://www.v-com.com  (Sourcer)



There are literally hundreds of helpful sites on the web that are helpful to the virus programmer.  
Do not be afraid to use the search engines, they can quite a lot of helpful programs, especially 
ones that are buried on people's ftp sites.  I have also found many useful utilities on shareware 
site, including many Windows programming stuff.  Just search around the net bookmarking all 
the best sites that you find.  Go to all the virus sites and save all of their links.  Be creative and 
resourceful, and if you need help finding a particular utility, contact us, we are happy to help.

Have fun!

