Setting up a Win95 dev VM in QEMU.

Redirecting control-flow back to an infected program’s original entry-point.

Dynamically finding the Win95 kernel32.dll base address and exported APIs.

Using the “delta offset” approach to make the PE infector virus position independent.

Starting on an x86 virus that can inject new sections into PE executables.

Setting up Win95, file sharing, and Borland Turbo Assembler 5.0

A trip back to the 1990s and a journey into Win95 virus development.