2002-03-09 Unfinished excerpt sent to Linux Documentation Project.
2002-03-11 Unfinished excerpt sent to David C. Merrill.
Section One step closer to the edge rewritten & finished.
2002-03-14 Genie escaped the bottle.
Added epigraphs to all chapters, removed one offending paragraph on the way.
Added example for large scale scanning in The plan.
Started The entry point.
Started Credits.
2002-03-15 I predict that today will be remembered until tomorrow.
First working example in The entry point.
Lots of small fixes about everywhere.
Renamed from "The Linux Virus Writing HOWTO" to "The Linux Virus Writing And Detection HOWTO".
2002-03-17 What we do not understand we do not possess.
Added Before we start.
Finished The entry point. Fixed a silly bug in the output of the heuristic scanner.
Started Additional code segments.
2002-03-19 The mosquito exists to keep the mighty humble.
Tuned Freedom is security.
Changed The plan and Patching section headers to make infected executables safe for strip(1). Bug resulted from sloppy reading of the holy text.
Started Remote shell trojan (RST).
2002-03-20 Calm down, it's *only* ones and zeroes.
Finished Remote shell trojan (RST).
2002-03-24 Caution: Keep out of reach of children.
Finished Additional code segments. Had to restructure One step closer to the edge to reuse framework.
2002-03-28 As a computer, I find your faith in technology amusing.
Added In doubt use force to The magic of the Elf.
Added Another theory to Remote shell trojan (RST).
Simplified Additional code segments. No need to align everything to 0x1000.
2002-04-01 Be different: conform.
Changed Target::infection and writeInfection.
Started Doing it in C.
2002-04-06 Deliver yesterday, code today, think tomorrow.
Reworked Introduction and Worm vs. virus.
Progress and lots of fixes on Doing it in C. Had to change writeInfection again.
2002-04-09 Sinners can repent, but stupid is forever.
Added alignment to One step closer to the edge and Additional code segments.
Rewrote Dressing up binary code to emit numbers instead of a string literal. The terminating 0 would have complicated The stub.
Added A section called .text and The stub.
2002-04-13 A doomed ship should sail under a courageous flag.
Renamed document back to original title.
Output is generated through slightly modified ldp.dsl. I like <formalpara> to run the title in the paragraph.
Using <simpara> instead of <para> where possible. Using <inlinemediaobject> instead of <inlinegraphic>.
Finished Doing it in C.
2002-04-18 When you don't know what you are doing, do it neatly.
Using <citerefentry> instead of <command>.
Created A closer look by splitting stuff from The entry point and adding a second scanner.
Started Suspicious code.
2002-04-23 Questionable day. Ask somebody something.
Significantly extended abstract.
The scanners in Turn the pages and Second scan now test the same set of files. This provides a time-warp effect for sequential readers, but makes development easier for me.
Added more links to Paranoid android.
2002-04-25 The clash of ideas is the sound of freedom.
Extended Behind the stages and Feedback.
2002-04-28 There are two ways to write error-free programs; only the third one works.
Testing infections with strip(1). This affects One step closer to the edge, The entry point and Doing it in C. Additional code segments is not strip-safe, but who cares.
2002-05-05 A hacker does for love what others would not do for money.
Doing it in C writes more than just ELF. Modified a lot of text, especially The stub.
All implementations of writeInfection use constant ENTRY_POINT_OFS instead of plain 1.
Inserted chapter The stub revisited.
2002-05-09 Paranoid schizophrenics outnumber their enemies at least two to one.
The title of all listings contains the exact file name. This is generated by fileref.pl.
Added Disassembly to The stub revisited.
2002-05-20 Communicate! It can't make things any worse.
Rewrote src/calc.pl (internal, no visible effect).
Excerpt of glibc sources feature line numbers in Use the Source, Luke
Progress in The stub revisited.
Renamed core.inc to body.inc in Doing it in C.
Renamed directory out to out/i386.
Moved parts of Introduction to new Mirrors.
2002-06-23 All warranty and guarantee clauses become null and void upon payment of invoice.
Lots of changes in The magic of the Elf. Major corrections in The address of main. Rewrote Dressing up binary code. ENTRY_POINT_OFS is now part of generated infection.inc.
Correction in Turn the pages
Finished The stub revisited.
Lots of internal changes. tmp became i386/tmp. Spreading to other platforms is near.
2002-06-30 When a camel flies, no one laughs if it doesn't get very far.
Renamed from "The Linux Virus Writing HOWTO" to "The ELF Virus Writing HOWTO".
Converted SGML files to XML. Moved them into directory xml. Rendering is still done with jade/DSSSL.
Links to other sites are now footnotes.
Revamped Executable and linkable format. Added a lot of links.
Created The languag of evil by splitting The magic of the Elf.
New Magic of the GNU uses hexdump(1) and a quote from LSB.
Things that might make it into the document one day.
Infecting statically linked executables.
Setting up a chroot(1) environment.
Analyzing a real virus with strace(1).
Anti-debugging techniques.
Silvio Cesare's File Virus.
Silvio Cesare's PLT Virus (procedure linkage table).
Subversive dynamic linking to libraries (based on a PDF by grugq).
Have a look on "Armoring the ELF: Binary encryption on the UNIX platform" [1] by grugq.
Refute "networks", [2] "heterogeneous" [3] and "plausibility" [4] hosted at http://cybersoft.com/.
| [1] | |
| [2] | |
| [3] | |
| [4] |