Been doing a little reading.. have a newfound interest in polymorphism.

Unfortunately most of the examples I see are intertwined with replication/infection, OS hooks, etc, which I don't really have any interest in learning.

Can anyone recommend a good resource for polymorphism? IE one where you could learn about it without having to learn about replication/infection in detail?

May be a dead end.. nevertheless one I think worth exploring a little.

Any reformed VX'ers out there want to use their powers for good?

dn

I don't think polymorphism is what you are looking for... as it doesn't really apply here.

You want info on self modifying (recursive!) code.

Unless polymorphism can apply to that, I've always used it in the context of overloaded function calls.

Think he's referring to polymorphism in the context of virii. There's a few assembler objects floating around that you can attach to code which *I think* basically encrypt/decrypt your code, and use the self-modifying aspect to change the fingerprint of the encryption and decryption methods every time they run.

Mainly they take advantage of the fact that, at the machine code level, there's often multiple ways to do the same thing that all use different opcodes and so the produce a different fingerprint.

not polymorphism in the oop sense of multiple inheritance, no, in the viri sense

polymorphicizing code.. but without the infection/replication stuff, and what i have found they are discussed together

wondered if there was a document on polymorphising alone

dn

http://www.soft-analysts.com/virus_polymorphism.php

this one deals with creating polymorphic engines for virii but could be used for any piece of software:

http://vx.netlux.org/texts/html/i31t.html

This one too (talks about creating PME usable by any software):
http://vx.netlux.org/texts/html/i30t.html

Google search I performed my have more useful links:

http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=utf-8&q=polymorphism+hide+engine+-oop+-java+-inheritance&btnG=Google+Search

thanks vx.netlux was what I found before, very interesting.. but ultimately not very useful unless you wanted to learn to write virii, which I don't

i'll check the first link you posted,


thanks

dn

The thing is... These articles discuss Polymorphic Engines and creating PME. PME do not have to be used in Virii even if virii are discussed in the same article.

I downloaded some code for one PME (over my head currently) and read the docs and the creator even asks that it not be used for virii creation. ROFL.

Another link (Even includes an article on creating PME in c++):
http://www.ebcvg.com/category.php?cat=3&p=1

Ultimate Mutation Engine is the one I downloaded and read.

Anyway... Guess you can see that I think this may be the way to go for a keysniffer. I will continue reading and posting stuff I find... Learning as I go but I am sure someone here already has the coding knowledge to understand these now.