Don't be suspicious
August 29, 2019Redirecting control-flow back to an infected program's original entry-point.
VeXation is an on-going project by @cpu exploring retro computer virus development.
Follow along while I write a portable executable (PE) file infector virus targetting Windows 95 using Borland Turbo Assembler 5.0 and other period accurate 90s hacking/VX tools.
Redirecting control-flow back to an infected program's original entry-point.
Dynamically finding the Win95 kernel32.dll base address and exported APIs.
Using the "delta offset" approach to make the PE infector virus position independent.
Starting on an x86 virus that can inject new sections into PE executables.
Setting up Win95, file sharing, and Borland Turbo Assembler 5.0
A trip back to the 1990s and a journey into Win95 virus development.