Programming
RFCs/FAQs
MSDN
SourceForge
SysInternals
ProTools
Hello, Coder!
File Formats

VX
HangUp Team
29A Labs
Vecna
VirusBuster
VX Heavens

Security/Hack
x25 zine
PacketStorm
Insecure.Org
Phrack
LSD Planet
SecurityFocus
Malware
Xfocus
security.nnov.ru

Z0MBiE's HomePage -- Знание является наградой за действие url меняется - говно остается


2005.01.19 | added: zasrakomondohuy
2005.01.09 | added article: polymorphic games
2005.01.05 | added: "rich" info dumper
2005.01.03 | added: libtcc usage example
2005.01.02 | added: tcpswitch 2.00, description
2005.01.01 | Новогоднее поздравление-2005
...
Site Map

Disclaimer

Articles
Креатифф
Compression
AV-related
Internet
Utilities/Programs
Code Pervertor
Revert
w9x/Ring-0
Infection
Libraries/Examples
PGP/RSA-related
Viruses/Trojans
Engines/Mutation
Zines/Projects
UNIX

zasrakomondohuy

 


/* ARTICLES */

 
  Articles: (english)

polymorphic games [eng]
Pervert World Wide [eng]
Permutation Conditions [eng]
Bad File [eng]
Traitor Outlook [eng]
Limiting data transfer speed [eng]
Linux+FreeBSD shellcode [eng]   [src]
Injected Evil (ELF infection) [html] [txt] ~9k   [src]
Solving Plain Strings Problem In HLL [eng] ~15k
Code transformation and finite automatons [rus] [eng] ~24k
VMware has you [eng] ~2k
Hooking winNT/2K/XP API [eng] ~3k
Adding LDT entries in win2k [eng] ~6k
About reversing [eng] ~14k
Opcode Frequency Statistics [eng] ~9k
Disassemblers within viruses [rus] [eng] ~15k
Virus engines: common recommendations [rus] [eng] ~14k
Data encoding in meta viruses [rus] [eng] ~8k
Inside of Avp4 [eng] ~3k
Some ideas about metamorphism [rus] [eng] ~6k
Automated reverse engineering: Mistfall engine [rus] [eng] ~18k   [src]
DRWEB vs AVP: Programmer's Competition [rus] [eng] ~22k
"Delayed Code" technology [eng] [rus] ~11k
Metamorphism p.1 [rus] ~18k [eng] ~31k
Metamorphism and Permutation: feel the difference [eng] ~1k
Win98/INT 2E description [rus] ~15k [eng] ~44k
Entering ring-0 using win32 api: context modification [rus] [eng] ~5k
ring-3 pagetable access (Как поиметь таблицу страниц) [rus] ~33k [eng] ~15k
Трассировка под win32 (Tracing under win32) [rus] [eng] ~9k
LDE32 doc (rus/eng) [rus] [eng] ~2k
KME32 doc (rus/eng) [rus] [eng] ~10k
ETG doc (eng) [eng] ~5k
CMIX doc [eng] ~3k
PRCG doc [eng] ~3k

Articles: (russian)

RAW-сокеты под Win2K/XP [rus] ~8k
Импорты и экспорты [rus] ~5k
About undetectable viruses [rus] [eng] ~7k
Вирмэйкинг: задачи и цели [rus] ~11k
Плугинный вирус 2.00 (описание) [rus] ~24k
О детектировании сложных вирусов [rus] ~5k
ГСЧ в вирусах [rus] ~15k
Методология недетектируемого вируса [rus] ~14k
О том, как наебнуть эвристик [rus] ~9k
О PE файлах и длинах секций [rus] ~12k
Вирусы и черви: что дальше [rus] ~7k
Вирусные технологии: что дальше [rus] ~5k
Пишем вирус под win32 (что-то типа фака-туториала) [rus] ~42k,
example-вирус ~24k
RSA для программиста [rus] ~26k
Детектируем пермутирующий вирус [rus] ~12k
Помехозащищенные вирусы [rus] ~8k
Перспективы развития вирусов [rus] ~10k
finding LDT in memory [rus] ~7k
Пишем в закрытые для записи файлы (имеем шары), w9x/r0 [rus] ~3k
О некоторых методах распространения вирусов [rus] ~4k
Война в ring-0 ч.1 [rus] ~8k
Война в ring-0 ч.2 [rus] ~13k
Война в ring-0 ч.3 [rus] ~8k
Война в ring-0 ч.4 [rus] ~11k
Полиморфизм: что дальше [rus] ~9k
about .CRK/.XCK infection [rus] ~4k
О дисассемблировании и битовых масках [rus] ~13k
Алгоритмы сортировки [rus] ~14k
Ассемблерные фичи [rus] ~18k
CODE PERVERTOR [rus] ~4k
О выравнивании секций в PE файлах [rus] ~4k
Про WININIT.INI [rus] ~4k
Переход в ring0 через TCB [rus] ~3k
21 способ обнулить регистр [rus] ~3k
О пермутации [rus] ~27k

 


/* Креатифф */

 
  Объявления и все такое:

Письмо от представителей андерграунда [rus]

Идеология, сцена и прочие отходы мозгов:

Мой нигилизм [rus]
Эмулятор вирмейкера [rus]
Как написать вирусный журнал [rus] ~8k
О том, как ссучиваются лэйблы [rus] ~4k
Что такое вирус? [rus] ~9k
Психологические вирусы [rus] ~8k
Вирусная сцена -- что это такое [rus] ~6k
Взгляд в будущее [rus] ~21k
Еще раз о сцене [rus] ~4k
Некоторые аспекты публикации исходников [rus] ~6k

Всякая хрень:

антивирусная трагедия [rus]
цензура в сети [rus]
касперский опять спиздил код [rus] ~3k
Несколько слов о книге касперского [rus] ~5k
Каспер изнутри [rus] ~10k
Обзор vx журнала Spawn #1 [rus] ~12k

"хЭккеры", the Хрюкер, Патриарх Всея Сети, Церковь Хэккера, Старпер-ксорящий-ворды-в-уме и все такое:

Исповедь Хэккера [rus]
about ГШХ/UGF (United Guru Forces). хЭккерам посвящается. [rus] ~4k
СПРЫГ-2К: как оно было на самом деле. (тоже про хэккеров) [rus] ~7k
Теория и практика хэккерской магии [rus] ~18k

Изъебства и ART

... [rus]
Хэккерские Задачи [rus]
backtrace [rus]

Новый Апокалипсис [rus]
Смерть последнего хакера [rus] ~5k
Танго "Маздайное" [rus] ~1k
Нить по имени Сергей [rus] ~7k
Пробуждение [rus] ~2k
Сон [rus] ~2k
Сон #2 [rus] ~3k
Добро пожаловать в АД [rus] ~4k

 
 


/* COMPRESSION */

 
  view nrv2[b,d,e] & UPX for code snippets description
download UPX for code snippets/special edition v1.00, ~10k
download UPX for code snippets/special edition v1.50, ~10k   [src]
download UPX for code snippets/special edition v2.00, ~30k
download UPX for code snippets/special edition v3.00, ~40k   [src]
download UPX for code snippets, ~20k
download freenrv2b compression algorithm, ~20k
download freenrv2[b,d,e] compression algorithm(.b is better and slower), ~40k

download static HUFFMAN compression in C, ~33k
download dynamic sfxed HUFFMAN compression in C, ~27k
download another compression in C, ~29k
download HUFFMAN encoding/decoding in asm, ~8k
download LZ-alike compression (context tree+huffman), in C ~5k
 
 


/* AV-RELATED */

 
  download AVPX 3.30 .AVC unpacker (bc++) ~63k
download AVPX 2.00 (tasm) ~16k
download Visual AVPX 1.00, ~170k
download AVP_TROJ -- trojan .AVC generator, ~18k
download AVP false alarms (6905 files), ~241k
download updated AVP false alarm generator, ~32k
download AVP4 .SRU files (secret stuff), ~21k

download UNP_VDB -- .VDB base unpacker 1.02, ~157k, update to 1.03 ~2k
download WEBCONV ~6k -- history.dwb to .bmp convertor, view drweb.gif
see also rvm2_7.arj - 2000 drweb false-alarm files

download aavpatch.zip Anti-Anti-Virus (av patching tool), ~11k
 
 


/* INTERNET */

 
  download IRX Pro 1.07 beta: IRC encryption, ~78k   [src]
download IRX: 256-bit RSA-encryption for IRC (w/bugs), ~374k
download winNT/2K/XP shellcode, ~10k
download Podonok UDP Chat v1: IRC-alike Client/Server (beta-version)
download Podonok UDP Chat v1: sources
download Zombot 1.10 -- IRC bot/backdoor, ~94k
 
 


/* UTILITIES/PROGRAMS */

 
  download "rich" info dumper
download libtcc usage example
download findhash -- api hash collision detector
download HKIT v1.06 -- haxor'z kit   [src]
download IOCODE tool - dumps NT driver level io codes
download exception monitor v1.02 (uses hooklib+sde)   [src]
download win32 Shellcode Constructor 1.03, ~380k [examples]
download tasm .lst to 'char shellcode[]' converter (perl)
download winampx - simple remote winamp control

download winNT/2K/XP stealth stuff, ~48k
download AVP4SRU -- AVP Secret Resources Unpacker, ~58k
download PE EXE/DLL Opcode Frequency Calculator, ~55k
download BPX bypassing, ~6k
download HAXOR tool (kind of bin2inc), ~34k
download MAC time convertor, ~63k
download PE datetime dumper, ~3k
download KBDMOUSE -- win9x: keyboard/mouse enabling/disabling, ~18k
download OTD -- COFF OBJ Time Dumper, ~4k
download PE fixup rebuilder, ~7k
download .COM to executable text convertor, ~69k
download hlpsdump.zip -- *.HLP script dump utility, ~20k
download KEYRUS - z0mbie's keyrus package (+shadowram font loader/editor/fonts/etc), ~120k
download K3 rusification driver, ~12k
download two screen savers (lense & tetris autoplayer, pascal), ~16k
download some graphics demo, ~46k
download src2htm - source to HTML convertor, ~16k
download graf2txt - BMP to text convertor, ~10k
download ps2htm - .PS to .HTML convertor, ~8k
download gifstrip - .GIF file comment stripper, ~8k
view worm.html (netscape 4+ only)
download brainfuck language emulator
 
 


/* CODE PERVERTOR */

 
  download CODE PERVERTOR 1.01 Win32 CommandLine, ~42k
download CODE PERVERTOR 1.01 Win32 GUI (bin & bc++builder srcs), ~240k
download CodePervertor 1.50 asm include file & example, ~5k
download CodePervertor Pro 2.00 Win32 CommandLine, ~49k (special edition)
download CODE PERVERTOR v3.00 for DOS COM/EXE, ~41k

 
 


/* REVERT */

 
  download REVERT 0.30 -- PE EXE to ASM decompiler, pre-release, ~44k
download REVERT 3 -- MISTFALL-based PE revertor/trojanizer, ~139k
download REVERT 4 -- MISTFALL-based PE revertor/polymorphizer, ~245k
 
 


/* w9x/ring-0 */

 
  download UNCALL.INC example (restoring VxDcalls) ~4k
download ntoskrnl.zip: NTKERN services (win98): entering r0 & writing to r/o memory, ~15k
download finding LDT in memory example+article, ~6k
download Entering ring-0 using win32 api: context modification, article+example ~9k
download ring-3 pagetable access, article+examples ~22k
download w9xshare.zip -- writing to readonly files (w9x/r0), article+example, ~6k
download z0mcgate.zip -- entering ring0 via LDT, ~2k
download XDTPROT -- protect IDT/GDT pages (prevent access from ring3), ~4k
download V86 -> RING0 jmp under Win95/98 using DPMI/IDT, ~2k
download entering ring-0 by splicing VMM (win9x), ~2k
download win98: entering ring-0 via TCB example+article, ~4k
 
 


/* INFECTION */

 
  download 1ST-SECTION FILE INFECTOR, library+example, ~10k
download VxD infection, ~32k
download PE file infection example (last section appending, MAPLIB used), ~43k
download FIRE - FAT16 Independent Replicative Emulator (tool, not a virus), ~13k
download ENUNS infection, ~23k
download hlp.zip -- infecting *.HLP files (example/description), ~36k
download RVM#1/rvm1_8.arj - infecting .TPU files
download RVM#1/rvm1_9.arj - infecting .BGI files
 
 


/* LIBRARIES, EXAMPLES */

 
  download tracer32.zip -- win32 process tracer, ~27k
download tracer v2 beta -- .cpp classes   [src]

download VIRSTR library ~7k
download vxl.zip -- VX Library 1.00, ~12k
download regscan.zip -- registry: example of filename/av entries scanner + keyword search tool, ~10k
download ring-0 file-io library ~3k
download .RAR/.ZIP archives infection library+example, ~32k
download MAPLIB 4.01 - .INC library for easy win32 file access (using FileMapping), + automatically clear/restore attrib/datetime, etc., ~5k
download recserch.zip - asm sources of recursive file search (+%path% parsing, etc.), ~3k
download KILLAVXD 1.50 - library + example of how to patch (disable) AV VxDs, ~6k
download random.zip - random number generator (C+ASM), ~2k
download crc stuff (avp/drweb/crc/pe header csum/reversing), ~43k
download ShadowRAM II -- source code to support 50 different chipsets, ~7k
download avlist.zip -- example of finding AV using file mask list, ~5k
download Sound Effects under Win32 - example of generating & playing sound under win32, ~36k
download MCBTSREX DOS-mode: example of how to stay resident via MCB (explained), ~3k
download pecom32.zip -- 32-bit COM files (PE EXE, 318 bytes), ~2k
download http.zip -- example of downloading file via http (wininet.dll), ~1k
download pestat.zip -- PE statistics, ~5k
 
 


/* PGP/RSA-RELATED */

 
  download scrgrab.zip - dos program output grabber, ~3k
download txt2den.zip - PGP output to source convertor (extract D,E,N numbers), ~38k
download howkey.txt - how to create your own RSA key, ~2k
download rsa1.zip - RSA-library (sources in C), ~3k
download rsa2.zip - RSA-library (example & sources in ASM), ~4k
download pgpstuff.zip -- some pgp related stuff (public key & anypgpfile dumper), ~11k
download rsa3.zip - RSA key generator (D,E,N numbers), ~19k
download rsa4.zip - v4.00.b, RSA keygen in ASM + encr/decr tool, ~32k
download RSA v.5.xx -- signing/verifying stuff (128-bit), ~36k
download RSALIB v6.01 -- keygen+modexp, dynamic keysize, offset-independend asm code, ~9k   [src]
 
 


/* VIRUSES/TROJANS */

 
  download w9x-tiny.zip, ~54k
  win9X.132,133,134,140,142,148,149,150,151,152,159,161,162,166,170,180,a,182,184,185,
  187,189,190,a,197,200,204,b,206,209,218,223,230,242 virii (aka Win95.SillyWR.nnn)
download win95.Zombie virus, ~115k
download win9X.Z0MBiE-II (Twinny) virus, ~63k
download win9X.Z0MBiE-3 virus, ~5k
download win9X.Z0MBiE-4 (Zofo) virus, ~9k
download win9X.KME.Z0MBiE-4.b (ZMorph) virus, ~37k
download win9X.Z0MBiE-4.c (ZMorph) virus, ~37k
download win9X.Z0MBiE-4.d (Zom) virus, ~15k
download win9X.Hooy virus, ~38k
download Z0MBiE-5 (W95.Bistro) virus, ~95k
download win9X.RPME.Z0MBiE-6.a (ZPerm) virus (win9x permutating), ~42k
download win9X.Z0MBiE-7 (ZPerm) permutating virus, ~21k
download Z0MBiE-6.b virus (win9x polymorphic(CODEGEN)+permutating(RPME)), ~49k
download win98.Z0MBiE-8 (Damm) virus, ~16k
download win9X.Examplo (win32-example virus), ~21k
download win9X.LDE.Examplo (win32-example virus), ~9k
download win9X.Z0MBiE-10.a virus (==ZMyst; based on CODEGEN,ETG,LDE,RPME,MISTFALL), ~89k
download Mistfall.Z0MBiE-10.b virus, ~92k
download Mistfall.Z0MBiE-10.c virus + Mistfall engine 1.02, ~118k
download Mistfall.Z0MBiE-10.d virus, ~142k

download 007JB virus, ~25k
download M1 virus, ~61k
download ZHello virus, ~13k
download TP_COM virus, ~16k
download PGPMorph-1 virus, ~69k
download PGPMorph-2 virus, ~108k
download pascal HLL virus example, ~5k
download eicar.zip -- EICAR trojan, ~5k
view Z0MBiE.32 -- TSR, EXE-overwriter
view Trojan.18 -- non-TSR, MBR/BOOT/CMOS-overwriter ;-)
 
 


/* ENGINES, MUTATION */

 
  length-disassembler:

download XDE v1.02 -- extended length disassembler   [src]
download ADE32 v2.02 -- instruction disassembler, ~51k
download ADE32 v2.03c -- update to instruction disassembler, ~6k
download LDE-32 v1.04 -- Length-Disassembler Engine, ~29k
download LDE-32 v1.05 (update), ~3k
download LDE-32 v1.06 (update), ~5k
download LDE-32 Demo -- example of disassembling/permutating engine, in C, ~7k

reversing:

download MISTFALL 1.01 -- PE EXE/DLL reversing&infecting engine for Win32, ~52k
download MISTFALL 2.00 beta -- .cpp classes   [src]
download MF2/TRACER2/other engines test (beta) win32 gui

permutation:

download RPME 1.20 -- Real Permutating Engine for Win32, ~50k
download AZCME04 - permutating engine in C - DOS .COM self-rebuilding permutating file, ~30k
download AZCME32c - permutating engine in C - win95 PE EXE self-modifying (register exchange) file, ~137k

polymorphic:

download KME-32 v1.01 -- Win9X/NT R0/R3 universal poly engine, rus./eng. docs, ~57k
download KME v3.50 -- update, ~29k
download KME v5.52 -- highly improved, ~75k   [src]
download EXPO 1.01 poly engine -- example infector, using ETG/CODEMIXER/LDE32, ~15k
download PGPME-32 build 001a + example, ~65k

additional data generation:

download CODEGEN 1.60 -- code generator, ~9k
download CODEGEN 2.00 (ASM/CPP) -- code generator, ~18k
download ETG 1.00 (ASM), Executable Trash Generator, ~7k
download ETG 2.00 (ASM/CPP), Executable Trash Generator, ~12k
download PRCG 1.00: polymorphic recursive cycle generator +example, ~8k

other:

download CODE MIXER 1.50, ~9k
download DSCRIPT -- code to debug-script convertor (asm subroutine) +example, ~5k

api hook/injection-related:

download HOOKLIB & SDE engines (win32, ADE-based, .txt inside)   [src]
download HOOKLIB 1.03 /linux (uses XDE 1.01)   [src]

 
 


/* ZINES, PROJECTS */

 
  download RVM #1, ~629k / view Contents / view ShadowRAM, ~8k
download RVM #2, ~318k / view Contents
download Total Zombification #1 e-zine, 755k / view Contents
Plugin Virus Project v1.00 -- inside of TZ#1
download Plugin Virus Project II build 30, см. описание
 
 


/* UNIX */

 
 
download INFELF v1.02 -- ELF infection utility (win32/linux/freebsd) ~97k   [src]
download Linux+FreeBSD bind shell/shellcode/INFELF snippet ~5k   [src]
download tcp switcher -- for back-connect programs, win32/linux   [src]
download tcp switch 2.00, description   [src]