The tools used with my "A dive into the world of MS-DOS viruses" talk
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github init Jan 2, 2019
benx86 make code slightly more respectable Jan 2, 2019
int20h-gdb-trace init Jan 2, 2019
jobserver init Jan 2, 2019
recordandtrace make code slightly more respectable Jan 2, 2019
remotegdb init Jan 2, 2019
webui Quick fixes to WebUI to allow it to be --mirror'd in wget Jan 2, 2019
README.md Where to find a rendered version of WebUI Jan 4, 2019

README.md

A Deep Dive into the world of MS-DOS viruses

title

These are the tools that I wrote as a part of my talk, These are not fully intended to be used, however you can happily take bits from them if you need them as long as you respect the licence.

It's worth mentioning that none of this code should be considered that great, it's mostly been written in a rush to get the talk done.

WebUI

This it the UI to view and inspect the database. You can find a prerendered version of it all here: https://dosv.benjojo.co.uk

BenX86

I don't know why you would want this, but the program is designed to interact with webui to pull code down, and then submit new subtasks to be completed, it does this by using a very bad x86 emulator to find date/time variations in the code path.

Jobserver

this is the core of the system, this allows many programs and servers to work on tasks, This also runs the SQLLite3 database.

RecordandTrace

this is the program that deals with testing a sample, gets jobs from jobserver and submits to it after it's done.

int20h-gdb-trace

Simple version of the tracer.

Requirements

Capstone:

apt install libcapstone-dev

flv2rec:

apt install python-pip pip install flv2rec

QEMU:

apt install qemu

WARNING, I can't confirm if this works on any other version of qemu other than Debian 9's, I know this sounds nuts, but trust me on this one

Fatboy:

Compile it from https://github.com/John-K/fatboy and install it to /usr/bin/