Topic: Good hints in Win64 virus coding?

Hello all,

I used  to be a Win32 virus coder long years ago. Now I would like to start again doing some Win64 virus coding. Unfortunately, I'm old, and I fried parts of my brain by longtime Methoxetamine abusus. Any good tips to help me?

Thumbs up Thumbs down

Re: Good hints in Win64 virus coding?

usb137 wrote:

Hello all,

I used  to be a Win32 virus coder long years ago. Now I would like to start again doing some Win64 virus coding. Unfortunately, I'm old, and I fried parts of my brain by longtime Methoxetamine abusus. Any good tips to help me?

It depends, are you going to use ASM or a higher-level language?

I like to examine and theorize about everything, from Amazon's <quote> impenetrable </quote> ultravisor to autorun viruses (virii?) being technology's version of an STD (Slot Transmitted Disease).
I dabble in Python 2.x and non-stereotypical BATCH (x>50 lines). I also fuck up VMs from time to time.

┬──┬ ︵ /(.□. \)

Thumbs up Thumbs down

3 (edited by usb137 2017-11-13 07:50:32)

Re: Good hints in Win64 virus coding?

Yeniaul wrote:
usb137 wrote:

Hello all,

I used  to be a Win32 virus coder long years ago. Now I would like to start again doing some Win64 virus coding. Unfortunately, I'm old, and I fried parts of my brain by longtime Methoxetamine abusus. Any good tips to help me?

It depends, are you going to use ASM or a higher-level language?

Well, asm of course! I head the best one for Win64-coding is NASM, is that correct?

One thing that kind of irritated me was that the Win64 API requires its parameters to be brought up by registers. As Win32asm coder, it was a stone-written fact to me that everything needs to be brought up at the stack. Perhaps someone knows when that changed? Only by the introduction of Win64 or are there several different calling conventions I don't know of yet?

Although, I'm not completely focused on Assembler. The last virus I had published was this one:

http://ezine.vxnetw0rk.su/mag5/VIEWER/epstein-barr.html

It was released several years after I had written it, was you can easily see: it still completely supports the Win9x system.

But Win64asm is still the way to go. I dream of writing a kernel infector for it, as I did in Win32asm.

Thumbs up Thumbs down

Re: Good hints in Win64 virus coding?

Assembly? I got nothing. Sorry, mate.

I like to examine and theorize about everything, from Amazon's <quote> impenetrable </quote> ultravisor to autorun viruses (virii?) being technology's version of an STD (Slot Transmitted Disease).
I dabble in Python 2.x and non-stereotypical BATCH (x>50 lines). I also fuck up VMs from time to time.

┬──┬ ︵ /(.□. \)

Thumbs up Thumbs down

Re: Good hints in Win64 virus coding?

After a sleepless night, I stumbled upon this wikipedia page:

https://en.wikipedia.org/wiki/Timeline_ … _and_worms

I remember the times around 1995 very well: I was primarily coding in PowerBASIC and learning inline asssembler in there. Then I wrote my first unpublished DOS viruses, and I thought "FUCK! Win95 is coming!". Well, later I learned Win32asm and had something to publish in 29a. Now is the next step in going to 64 bit assembly. Unfortunately, I have many other things to do in my life now (mostly searching a job in my old-fashioned programming scills), but I will try to become a better programmer in the next time. Special sorry goes to Perforin ([email protected]) and r3s1stanc3 ([email protected]) but I couldn't find the time fo install GPG properly on my system (sorry again, but I really needed the time for other things!). I hope I will do so in the near future.

Thumbs up Thumbs down