The tools used with my "A dive into the world of MS-DOS viruses" talk
Clone or download
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github init Jan 2, 2019
benx86 make code slightly more respectable Jan 2, 2019
int20h-gdb-trace init Jan 2, 2019
jobserver init Jan 2, 2019
recordandtrace make code slightly more respectable Jan 2, 2019
remotegdb init Jan 2, 2019
webui Quick fixes to WebUI to allow it to be --mirror'd in wget Jan 2, 2019 Where to find a rendered version of WebUI Jan 4, 2019

A Deep Dive into the world of MS-DOS viruses


These are the tools that I wrote as a part of my talk, These are not fully intended to be used, however you can happily take bits from them if you need them as long as you respect the licence.

It's worth mentioning that none of this code should be considered that great, it's mostly been written in a rush to get the talk done.


This it the UI to view and inspect the database. You can find a prerendered version of it all here:


I don't know why you would want this, but the program is designed to interact with webui to pull code down, and then submit new subtasks to be completed, it does this by using a very bad x86 emulator to find date/time variations in the code path.


this is the core of the system, this allows many programs and servers to work on tasks, This also runs the SQLLite3 database.


this is the program that deals with testing a sample, gets jobs from jobserver and submits to it after it's done.


Simple version of the tracer.



apt install libcapstone-dev


apt install python-pip pip install flv2rec


apt install qemu

WARNING, I can't confirm if this works on any other version of qemu other than Debian 9's, I know this sounds nuts, but trust me on this one


Compile it from and install it to /usr/bin/