
	Where results make sense

Topic: Polymorphic code

Related Topics

Polymorphism

Security cracking

In the News (Wed 9 Dec 09)

Northern Trust

Marvin Harrison

Peter Chernin

Gary Locke

Match Play

Penelope Cruz

Mickey Rourke

AR Rahman

Danny Boyle

Hugh Jackman

	Polymorphic code
		The code inside "Encrypted" could then search the code between Decryption_Code and CryptoKey[?] and remove all the code that alters the variable C. Before the next time the encryption engine is used, it could input new unnecessary codes that alters C. Start: GOTO Decryption_Code
		The code in there will remove all the codes that alters C. Then it will input new codes that alters C at other (random) locations in the crypto-algorithm.
		If the code is trying to replicate itself (in the case of a computer worm or computer virus) it will need to encrypt the code inside "Encrypted" before it sends it away.
	www.ebroadcast.com.au /lookup/encyclopedia/po/Polymorphic_code.html (394 words)

	[No title] (Site not responding. Last check: 2007-09-17)
		Depending upon the nature of the variations and the structure of the polymorphic routine, each increase in power may be accompanied with only a minimal sacrifice in code length.
		For example, a polymorphic routine may decide that the decryption routine is to use word-length xor encryption with bx as the pointer register, dx as a container for the encryption value, and cx as the counter register.
		An alternate approach is for the polymorphic routine to simultaneously encode both the encryption and decryption routines.
	www.textfiles.com /virus/datut006.txt (1340 words)

	Centralized TCP Server
		Polymorphism: Polymorphic code encryption encrypts different parts of a binary file using different encryption algorithms and different keys, and applies different encryption algorithms and different keys to different instances of the same software program.
		Synchronous code decryption decrypts a basic code unit immediately before the CPU's control is transferred to it, whereas asynchronous code decryption decouples the timings of run-time code decryption and CPU control transfer.
		The resulting dynamic code relocation capability breaks the long-held convention that a function in a program could be uniquely identified by its entry point, and significantly increases the level of difficulty in reconstructing a control flow graph from an instruction execution trace.
	www.ecsl.cs.sunysb.edu /sphinx/index.html (859 words)

	[No title]
		The basis of Win32 polymorphic viruses is an internal engine that can produce an endless string of new decryptors that change the appearance of the virus body (but not the data area).
		Despite their complexity, and in part because of it, polymorphic viruses are essentially a dead-end as a class of viruses.
		Obviously, this becomes ever more difficult as each new good polymorphic code is used in a virus and subsequently found in the wild, and countermeasures for it are created and published.
	articles.techrepublic.com.com /5102-6264-1047975.html (976 words)

	[No title] (Site not responding. Last check: 2007-09-17)
		Although polymorphism is independent of encryption, it is easier to use encryption to hide the main body of the virus and implement a polymorphic decryptor.
		Implementation of Polymorphism on the Intel 80x86 In almost every case we have examined, the polymorphic engine exploits the fact that certain computations can be performed using different registers and instructions.
		Polymorphic engines can also rely on the availability of instructions that are coded using the same opcodes.
	www.textfiles.com /virus/yetiser_ (2114 words)

	Polymorphic code - Wikipedia, the free encyclopedia
		A more known polymorphic virus was invented in 1992 by the Bulgarian cracker Dark Avenger (a pseudonym) as a means of avoiding pattern recognition from antivirus-software.
		Usually the coder uses a zero key for the first generation of the virus, making it easier for him because with this key the code is not encrypted.
		Another polymorphism technique is to autoinject NOP (No Operation) or other opcodes that don't alter the algorithm.
	en.wikipedia.org /wiki/Polymorphic_code (471 words)

	Polymorphism viruses - Dev Shed
		A polymorphic virus is one that produces varied (yet fully operational) copies of itself, in the hope that virus scanners will not be able to detect all instances of the virus.
		Cascade) are not termed "polymorphic," as their decryption code is always the same and thus can be used as a virus signature even by the simplest, signature- driven virus scanners (unless another virus or program uses the identical decryption routine).
		Polymorphic viruses were created with the explicit intent of being able to adapt and reproduce in ways other than simple cloning.
	forums.devshed.com /windows-help-34/polymorphism-viruses-269233.html (2409 words)

	Polymorphism - Wikipedia, the free encyclopedia
		In general, polymorphism describes multiple possible states for a single property (it is said to be polymorphic, or polymorphous).
		Polymorphism (computer science), a mechanism allowing a given function to have many different specifications, depending on the type(s) to which it is applied, or, more specifically, Polymorphism in object-oriented programming
		Polymorphism (plant science), the ability of a plant to produce both quiescent and dormant seeds.
	en.wikipedia.org /wiki/Polymorphic (176 words)

	[No title]
		All a.s which effectively makes the polymorphic definitions second-class (i.e., note that functions can't take/return a polytype, and that products only range over monotypes, etc.) Another way to see this is that the only polymorphic definitions are introduced by "let" expressions.
		Note that one option that can minimize these costs is to cache the instantiations of polymorphic code so that we don't necessarily have to generate specilized code for each client.
		The advantage of this approach is that polymorphic code is fast and programmers don't have to deal with anything.
	www.eecs.harvard.edu /~greg/cs256sp2005/lec15.txt (1982 words)

	The Living Polymorphic Virus (Site not responding. Last check: 2007-09-17)
		The replicator for natural life is the gene, made up of DNA; equally, Eugene Spafford of Purdue University notes, “the code that defines the virus is a template that is used by the virus to replicate itself” (Spafford, 1997).
		Each polymorphic progeny requires a new detection program; that is, each child copy of Stanfurd looks different than the other copies, thereby undercutting a predator’s ability to compare catalogued viral signatures with abnormal code on the host system.
		The polymorphic virus is more reproductively “fit” precisely because its offspring survive and thrive in greater numbers relative to its competitors.
	www.stanford.edu /group/STS/techne/Fall2002/waddell1.html (2237 words)

	Chameleon code gives hackers advantage - 12 July 2001 - New Scientist
		But according to K2, the Vancouver-based hacker who developed a version of polymorphic code to highlight the weaknesses of networks, there is no way to defend against camouflaged script.
		Presenting his polymorphic code at DEFCON, the annual hackers' convention in Las Vegas this week, K2 told New Scientist there is a good chance that hackers are already using similar techniques to gain access to company networks.
		He has never heard of polymorphic code being used, but the idea is familiar in computer security circles.
	www.newscientist.com /article.ns?id=dn1000 (514 words)

	SANS Institute - Intrusion Detection FAQ: What is polymorphic shell code and what can it do?
		The primary goal of this analysis is to inform the intrusion detection analyst that “polymorphic shellcode” does exist and may currently be in use by attackers to compromise systems.
		Unfortunately, the source code for 2.0 isn’t released yet so it’s difficult to tell what types of defenses are being worked on.
		The primary goal of this analysis was to inform the intrusion detection analyst that polymorphic shellcode does exist and may currently be in use by attackers.
	www.sans.org /resources/idfaq/polymorphic_shell.php (4022 words)

	Securitoo, solution antivirus, contrôle parental, firewall
		The virus has polymorphic ability: the virus code is encrypted by polymorphic loop in infected PE files, COM droppers and ever in boot sectors.
		When PE executable files are accessed, the virus checks their internal formats, writes its code to the end of the file and modifies the file PE header to get the control when infected files are executed.
		The virus boot code is polymorphic one, it is written to the boot sector of the disk.
	www.securitoo.com /fra/pages/infovirus.php?nom_page=fono.shtml (1189 words)

	Polymorphic Code Resources In C++
		Polymorphism differs from top-down programming, however, in that it produces designs that are reusable outside the context of the original structure.
		To support polymorphism in stand-alone code, this code must be split into two parts: a declaration part and an initialization part.
		Although the code for the example shows how to use polymorphism for window definition functions, you can use the same technique to write any type of code resource: menu definitions, list definitions, control definitions, and even drivers.
	developer.apple.com /dev/techsupport/develop.mactech/issue_04/polymorphic.html (2657 words)

	C# Frequently Asked Questions : Why aren't reference types polymorphic?
		The code itself is no nearer to know anything about what they contain, but happily accepts it.
		Referring to the original code, instead of declaring d1 and d2 as Dog type, you could declare them to be object type.
		The code you write would have no similarity to the code that is generated, which is unexpected to say the least.
	blogs.msdn.com /csharpfaq/archive/2004/04/08/110241.aspx (2953 words)

	F# Manual
		This choice stems from the fact that the facility is nearly always used for local abbreviations, and many programmers are surprised to find that the abbreviations become part of the published interface of their module, and sometimes even stop using abbreviations as a result.
		These are correctly polymorphic in the sense that you may write new polymorphic code that manipulates these values.
		These are not truly polymorphic in the sense that the F# compiler must be able to infer the exact.NET array types manipulated by any code you write.
	research.microsoft.com /fsharp/manual/ml-compat.aspx (1643 words)

	[No title] (Site not responding. Last check: 2007-09-17)
		There is a tradeoff between the ease of usage of polymorphic code and ease of interfacing to code generated by other processors.
		Interfacing to code generated by other processors is simplified if the global entities have a straightforward translation to their corresponding names in the ÒobjectÓ code.
		Unfortunately, the simplest form of syntax for the usage of polymorphic code provides no means of distinguishing different instantiations except implicitly based on the types of the instantiations.
	members.aol.com /wclodius/97-117.txt (1558 words)

	J!NX Forums - [Java]Simple Port Scanner as a Learning Project
		Uh actually yes it is. In computer terminology, polymorphic code is code that mutates while keeping the original algorithm intact.
		In programming terms polymorphism is the ability of objects to act depending of their run-time type.
		Polymorphic code was invented in 1992 by the cracker Dark Avenger (a pseudonym) as a means of avoiding pattern recognition from antivirus-software.
	www.jinx.com /forum/topic.asp?TOPIC_ID=14260 (1550 words)

	CMSC 214 - Project #4 FAQ (Site not responding. Last check: 2007-09-17)
		There is probably a problem with the BST or DLL code somewhere - in particular you should examine EVERY line of code of your BST class (or DLL class) to make sure that it is correct "POLYMORPHIC CODE".
		Polymorphic code is code that is designed to work with base class POINTERS or REFERENCES and never create an actual base object (as a local variable or passed in by value).
		Think about POLYMORPHISM and what this means and draw very detailed pictures and trace through the code and hopefully you'll find where the problem(s) may be.
	www.cs.umd.edu /class/fall2004/cmsc214/Projects/P4/proj4.faq.html (1491 words)

	Virus File Macro Virus Companion. Cluster Virus Batch File Viruses. Source Code Polymorphic Virus Stealth Fast Slow ...
		The virus code is usually contained in a dropper in such a way that it won't be detected by virus scanners that normally detect that virus (i.e., the dropper program is not infected with the virus).
		Virus code which has been published but not actually found spreading out of control is not usually regarded as being in-the-wild.
		A program or code that replicates; that is, infects another program, boot sector, partition sector, or document that supports macros, by inserting itself or attaching itself to that medium.
	www.2privacy.com /www/viruses/virus-glossary.html (3308 words)

	blog.ncircle.com: CanSec West, Second Day: "Advances in Exploit Technology" (revised) (Site not responding. Last check: 2007-09-17)
		I would imagine that it would be possible to design algorithms capable of deciphering polymorphic code based on the same principles of "BinDiff"...
		It appeared to be a concept for generating random OP codes that do not impact the process or shell code in a negative way.
		The shell code must be placed in a location that is equal to or above the highest perceived return address.
	blog.ncircle.com /archives/2005/05/cansec_west_sec_1.htm (401 words)

	What are viruses, worms and trojans and the importance of using virus scanning software
		The code signature is a unique series of bytes that distinguishes virus code from other portions of a file or data.
		As with other concealment techniques, code signature encryption is not specific to one type of virus.
		As with stealth techniques, code signature mutation is not specific to one type of virus.
	www.bowzerbird.com /viruswarpath/whatarethey.html (2548 words)

	PMC Ciphers, Inc. - The Polymorphic Cipher: Basics of Polymorphic Encryption (Site not responding. Last check: 2007-09-17)
		As the key generation function is polymorphic, the linear combination function required to conduct this kind of attack must be polymorphic, too.
		The author requests comments on the name and on the new postprocessing mode, as well as on this paper: It is possible to recompile the keystream generator after the encryption of each block or after several blocks have been processed.
		Self-compiling crypto code has the advantage that at least the sector number can be used to recompile the complete key generator.
	www.ciphers.de /technology/polymorphic_cipher_theory_part3.php (2592 words)

	I Was Just Wondering About Polymorphic Code...
		i wanted to write a polymorphic code that would change itself every run but i faced one big problem..
		and what i want is to make the code change it's physical file(it's own exe file) whilst running which seems impossible since windows just says the file is being used by another process...
		Jun 21 2005, 12:11 AM just as nolimit says that would be the solution and for the local machine just use code on this board to make a new exe in runtime, and when the process finished delete the old one.
	www.governmentsecurity.org /archive/t15131.html (488 words)

	Fromadia -- Feed Your Brain! NOW! :D
		use of such a module is for writing so-called "polymorphic" viruses.
		Although polymorphism is independent of encryption, it is easier to use
		Polymorphic viruses of varying degrees of complexity have appeared in the
	www.fromadia.com /categoryread.php?catid=18 (1900 words)

	Writing Polymorphic Code
		currently i'm working on a polymorphic backdoor and although it is almost finished i still have one little "problem":(
		the code looks like hell and it is totally integrated in the program.
		The same site also has tutorials about polymorphism and more advanced techniques,too, which are included in virus magazines...
	www.datastronghold.com /archive/t14726.html (280 words)

	polymorphic code - rohitab.com - Forums
		cram this code in a module and compile it.
		(code included in zip, with packed exe too!)
		« Next Oldest · Source Codes · Next Newest »
	www.rohitab.com /discuss/index.php?showtopic=6696 (173 words)

	Viruslist.com - Virus.Win9x.Fono.15327
		While installing memory resident the virus VxD code hooks IFS (Installable File System) API calls and INT 13h V86 chain, as a result the virus intercepts both file and disk access calls.
		The virus COM droppers contain pure virus code encrypted with polymorphic engine.
		The virus code in the infected PE files has the same target as in COM droppers: to create and register the virus VxD file in the system.
	www.viruslist.com /eng/viruslist.html?id=3027 (1150 words)

Try your search on: Qwika (all wikis)