flat assembler
Message board for the users of flat assembler.
 Home   FAQ   Search   Register 
 Profile   Log in to check your private messages   Log in 
flat assembler > Feedback > Discussing Viruses and AVs

Goto page 1, 2  Next

Should discussion and posting of virus-related subjects and code be allowed on the forum?
Yes
70%
 70%  [ 29 ]
No
29%
 29%  [ 12 ]
Total Votes : 41

Author
Thread Post new topic Reply to topic
gunblade



Joined: 19 Feb 2004
Posts: 209

Discussing Viruses and AVs

Well, if you havent seen it already, there was a discussion which started off in the DOS section, after someone posted virus code, and asked a question about it's workings. That thread was moved to Heap, and has continued for 3 pages. So here is a poll, just to see what is the general view of people on the forum.

I've included the basic choices in the poll. I know a lot of people will be more in an area in between, rather than just yes or no. For that reason, you can post any comments you may have along with your vote. Smile

So now, Vote vote vote! Wink
Post 29 Nov 2005, 22:57
View user's profile Send private message Reply with quote
Matrix



Joined: 04 Sep 2004
Posts: 1171
Location: Overflow

but we shouldnt support suspicious projects though,

anyway, as we were talking about, knowledge can be used at either bad or good, we can just hope someone out there not writing format drive virus to damage our work, programs, data...
Post 30 Nov 2005, 02:41
View user's profile Send private message Visit poster's website Reply with quote
vbVeryBeginner



Joined: 15 Aug 2004
Posts: 885
Location: \\world\asia\malaysia

em.. does the result of this poll would change peoples' mindset or perspective? esp vortex and tomasz?

this is what actually happening from our history till now. "different opinion" and " 'face' problem 面子問題" Very Happy guess life is like that.

maybe we could add one more section to discuss "sensitive" code (virus, antivirus, patcher, reverse engineering and ...). and only people who got 10 posts (adult Laughing ) or higher could view that section. just my 2 cents.
Post 30 Nov 2005, 13:53
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7109
Location: Slovakia

so people will spam to get to *top secret* section?
Post 30 Nov 2005, 14:22
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
decard



Joined: 11 Sep 2003
Posts: 1095
Location: Poland

I voted "no", but actually I don't care if viruses will be discussed here. Personally I'm not interested in viruses at all.
Post 30 Nov 2005, 14:48
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7109
Location: Slovakia

decard: too bad, you would learn that "mov" doesn't rewrite ZF Twisted Evil

Code:

;from strlib.inc
        mov     ecx,dword[esp+20+12]    ; mov ecx,[pos]
        jz      @f
        rep     movsb
  @@:



(sorry if it's JohnFound's code, i don't know now, but lot of code there is apparently yours)


Last edited by vid on 30 Nov 2005, 15:18; edited 1 time in total
Post 30 Nov 2005, 15:12
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
MazeGen



Joined: 06 Oct 2003
Posts: 953
Location: Czechoslovakia

I, personally, don't mind such code on this forum, if the code is simple and virtually not much dangerous (I count simple DOS virii as very little of dangerous).

On the other side, one AVer from one big local AV company once said to me: never wrote any, even very simple, virus or something, or you lost your chances to be employable in this area. Therefore, I don't want to be designated as virii supporter. For this reason, I also never discuss topics on (more or less legal) cracking boards.

I also doubt that sooner or later this forum would be known as high quality forum with support for virus writers and it might discourage another asmers, fasm newbies to ask here about fasm, for similar reasons I mentioned above.

As for vbVeryBeginner's suggestion of the special section, it would always need constant monitoring, so it is also question of good-class moderator. I don't think number of posts would forbid real virus-writer to post in such section.

I voted "no", but it is more complicated.
Post 30 Nov 2005, 15:16
View user's profile Send private message Visit poster's website Reply with quote
gunblade



Joined: 19 Feb 2004
Posts: 209

Heh, this poll has no purpose, it's not to try to force people to believe one thing or another, it's just to see what the general view on the discussion of virus code is. I expected to see more yes'es than is shown, but it is kind of a hard question to say yes or no to. As theres always contributing factors, like the questions asked on the code, and the alterior motive of the poster.

Thanks for voting and your comments, interesting to read.

gunblade
Post 30 Nov 2005, 16:27
View user's profile Send private message Reply with quote
decard



Joined: 11 Sep 2003
Posts: 1095
Location: Poland


vid wrote:
decard: too bad, you would learn that "mov" doesn't rewrite ZF Twisted Evil

Code:

;from strlib.inc
        mov     ecx,dword[esp+20+12]    ; mov ecx,[pos]
        jz      @f
        rep     movsb
  @@:



(sorry if it's JohnFound's code, i don't know now, but lot of code there is apparently yours)



I don't know whose code is this. But I'm sure that every code YOU wrote when you were learning assembly was perfect.
Post 01 Dec 2005, 13:57
View user's profile Send private message Visit poster's website Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4634
Location: Argentina

Are you sure the code is wrong? Note that the call to StrPtr sets that flag.

Code:
        stdcall StrPtrebx
        mov     edi,eax
        mov     ecx,dword[esp+20+12]    ; mov ecx,[pos]
        jz      @f
        rep     movsb


Code:
proc StrPtr         ; proc StrPtr [hString]
        mov     eax,[esp+4]             ; mov eax,[hString]
        test    eax,$ffff0000
        jnz     .finish                 ; It's pointer, go to finish.

        cmp     eax,[StrTable.count]
        jae     .notfound
        push    ebx
        mov     ebx, [StrTable.ptr]
        mov     eax, [4*eax+ebx]
        pop     ebx
.finish:
        ret     4 ; ZF = 0
.notfound:
        xor     eax,eax
        ret     4 ; ZF = 1
endp

Note when EAX = 0, ZF is 0 too. However it's not a safer code if future modifications to StrPtr are planned.
Post 01 Dec 2005, 14:59
View user's profile Send private message Reply with quote
OzzY



Joined: 19 Sep 2003
Posts: 1029
Location: Everywhere

I think viruses are a very good way to learn assembly. This way I've learned ASM. VX zines are very good stuff. Spread viruses is lame stuff.
I voted 'yes'.
Post 01 Dec 2005, 18:23
View user's profile Send private message Reply with quote
vbVeryBeginner



Joined: 15 Aug 2004
Posts: 885
Location: \\world\asia\malaysia

if yes then how should we discuss it (without posting a virus sample?)?
if no, then perhaps, some people please make an announcement so everybody know. so some virus thread wouldn't be deleted without an explanation.

thank you.
Post 01 Dec 2005, 19:47
View user's profile Send private message Visit poster's website Reply with quote
Matrix



Joined: 04 Sep 2004
Posts: 1171
Location: Overflow

i have some suspicious files too, keylog, backdoor... left from system cleaning, but i wasn't thinking to post them somehow anywhere...

vbVeryBeginner,
if you post some virus.exe files, there is a chance of this board becoming some kind of virus source, and anyone can just download and spread your virus, imagine in school... for example.
Post 01 Dec 2005, 22:11
View user's profile Send private message Visit poster's website Reply with quote
Tomasz Grysztar
Assembly Artist


Joined: 16 Jun 2003
Posts: 6824
Location: Kraków, Poland

vbVeryBeginner,
you should post perhaps some disassembly, personal analysis and thoughts instead of not disarmed binary. Show you are the one of assembly programmers. Wink
Post 02 Dec 2005, 08:56
View user's profile Send private message Visit poster's website Reply with quote
vbVeryBeginner



Joined: 15 Aug 2004
Posts: 885
Location: \\world\asia\malaysia


Tomasz Grysztar wrote:
vbVeryBeginner,
you should post perhaps some disassembly, personal analysis and thoughts instead of not disarmed binary. Show you are the one of assembly programmers. Wink



k, thanks tomasz, Wink
glad to see life can keeps on going now.
Rolling Eyes
Post 02 Dec 2005, 11:44
View user's profile Send private message Visit poster's website Reply with quote
RedGhost



Joined: 18 May 2005
Posts: 444
Location: BC, Canada

well, my main "programmer" projects are game hacks (cheats) this involve reverse engineering the game engine or gfx api (opengl, d3d) and detouring, patching etc, even though its re and usually against the games license i don't really consider it malicous and don't like malware so i voted no

maybe it should be allowed only if the virus is very out of date, and for very old/older os's, i realize alot of people still use dos, but just nothing too relevant to todays os's

_________________
redghost.ca
Post 03 Dec 2005, 04:25
View user's profile Send private message AIM Address MSN Messenger Reply with quote
jdawg



Joined: 26 Jun 2005
Posts: 39

I think that posting virus code is a good thing for two reasons. One if the right people saw it, they might review their own code, and find that they themselves have coded a virus, then work to fix it. Second, there is no knowledge that is not power. If you want to fight something, like viruses then you have to know how they are built in order to properly combat them.

Of course, this is assuming that there are still good people capable of possessing this knowledge without feeling the urge to use the code themselves.
Post 03 Dec 2005, 09:42
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7109
Location: Slovakia


decard wrote:
I don't know whose code is this. But I'm sure that every code YOU wrote when you were learning assembly was perfect.


Hey, don't get angry... i was joking
Post 05 Dec 2005, 10:24
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
decard



Joined: 11 Sep 2003
Posts: 1095
Location: Poland

hehe, that's ok, everybody does mistakes anyway.
Post 05 Dec 2005, 13:09
View user's profile Send private message Visit poster's website Reply with quote
edfed



Joined: 20 Feb 2006
Posts: 4160
Location: 2018

in my opinion viruses and other crashing oriented programms don't have a reason to be
not that computer is a tools to make easier the tasks of every days
so i hate viruses

to make a good virus protection i think that we can devellop a new type of partition whith protections included in every cluster or sectors

so i let you think about
Post 28 Feb 2006, 11:54
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page 1, 2  Next

< Last Thread | Next Thread >

Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Main index   Download   Documentation   Examples   Message board
Copyright © 2004-2018, Tomasz Grysztar.
Powered by rwasa.