[Dshield] F-Secure: So who is Diabl0?
security at admin.fulgan.com
Tue Aug 30 17:04:08 GMT 2005
j> I disagree. It's not as easy as you think to just pop open a binary and
j> start changing stuff.
Actually, it is most of the time.
j> What about lengths of data and instructions in
What about it ? What these people do is replace data with data of
equivalent length. Some strings gets padded with 0's and that's about
j> You run into a big problem when what you want to change doesn't
j> fit into the hardcoded structure of the binary you already have, so this
j> doesn't work. Give it a try.
I've done it more than enough (although not for modifying viruses or
worms, mind you: not my kind of "game"). It depends on what you want
to change but many things are no problem at all. Most strings are
null-terminated anyway and structures are often nicely padded within
the binary file.
of course, you can't change a program behavior altogether. But
changing the target botnet, the name of the payload files or things
like that are probably easy to play with.
More information about the list