HPAVC

home *** CD-ROM | disk | FTP | other *** search

/ HPAVC / HPAVC CD-ROM.iso / pc / VXAVTOOL.ZIP / EXEC-VIR.ZIP / ROSEGOAT.ZIP / ROSEGOAT.DOC < prev

Wrap

Text File | 1997-10-14 | 5.9 KB | 137 lines

─--───════════════════════════════════════════════════════════════════──--── ──-─═[ ROSE's GOAT File Generator ■ (c) 1994-97 by ROSE, Ralph Roth! ]═-──── ─--───════════════════════════════════════════════════════════════════──--── ROSE Softwareentwicklung, Dipl.-Ing. (FH) Ralph Roth ■ See ROSEBBS.TXT Purpose ─--───════════════════════════════════════════════════════════════════──--── Senseless creation of programs which are of no use for anyone - Anyone? Except for viruses which should infect these files (called baits or goats). The generated sample files are suitable for all viruses floating around, if you are an expert you'll know that there are: *.COM infectors -> /COM Header viruses (Pure) -> will infect standard EXE files /EXE Zerohunter -> use /Filler=0 to generate suitable files COM viruses expecting a JUMP or a CALL statement -> /JMP or /CALL Same, but NO JUMP or CALL -> /Trash Length Retro viruses -> use /dec=13 or /dec=17 Anti bait viruses -> /HEX, /ROM and /ASC Tremor/N8fall, Junkie -> /start=60000 /end=12000 N8Fall/Neuroquila -> touch rose*.* /T:1.2.1988 or Updater /Vir Anti Zerohunting -> /RANDOM Checking ZM/MZ bug -> /ZM Infection bug in IVP -> for this reason ROSEGOAT generates only files with a filename length 7.3 in the "standard way" Anti bait viruses -> option /trash etc... To get quickly infected samples ROSEGOAT generates a batch file called TESTIT.BAT which executes all sample files... Self-Checking ─--───════════════════════════════════════════════════════════════════──--── If you got the file ROSEGOAT.COM - it is selfchecking (infection/hacking). TBScan and F-Prot limited heuristic aproach may flag a false positive - but who cares about that? License ─--───════════════════════════════════════════════════════════════════──--── This product is released as FREEWARE - if you want to support me you can do the following: - send me suggestions and improvements for ROSEGOAT - send me new viruses VirScan Plus (VSP) can not detect - write a documentation for ROSEGOAT (ask first if you are the first one) - register my virus scanner VirScan Plus - send me postcards, infected samples, letter bombs, money or flames.... Parameters/Options ─--───════════════════════════════════════════════════════════════════──--── Options are NOT case sensitive. You can use the slash "/" or the hyphen "-" to start an option. Options can be set using the environment variable ROSEGOAT (set ROSEGOAT=...). To unset an option set by setting ROSEGOAT=... you can use the a "-" at the end of the option (for example: set ROSEGOAT=/Jmp -> rosegoat /jmp-). Usage ─--───════════════════════════════════════════════════════════════════──--── Usage: ROSEGOAT [Basename] [(-|/)option(s)[(:|=)Value]] Set ROSEGOAT=[/Options] Options ─--───════════════════════════════════════════════════════════════════──--── Basename Base for the filenames. Default ROSE. See below comments about max. length of filenames. /? /H Show this short help. /ASC Use ASCII chars for goat file numbering. /CALL Write a call at the beginning of the code (COM and EXE). /COM Generate only COM files. Default: /COM and /EXE /EXE Generate only EXE files. /FILLER=x Fill the file with the pattern `x`. Default: $90 = NOP /HEX Use hexadecimal goat file numbering. /JMP Write a jump at the beginning of the code (COM and EXE). /RANDOM Fill the file with random patterns. /ROM Use Roman style goat file numbering. /TRASH Write random trash instructions at the beginning of the code. For this purpose ROSEGOAT has a simple mutating engine included. Only the first 3 bytes are altered with each goat file. Overwrites the options /JMP & /CALL. /ZM Use ZM instead of MZ in EXE headers. /START=x Start with filesize `x`. Default: 10000, Max=63000 /END=x Stop goat file creation if filesize is less than `x`. Default=500 bytes. Smallest possible size COM=160, EXE=672 /DEC=x Decrement the filesize by `x` bytes. Default=350, Min=1 Numeric values are accepted in decimal and hex notation. For hex values use the Dollar sign, e.g. /Filler=$90 or -start:$ed00 Aborting ─--───════════════════════════════════════════════════════════════════──--── Hit a key to stop the goat file generation at any time! If there's not enough free disk space left, ROSEGOAT will stop to create further goat files. Anti Goat File Viruses ─--───════════════════════════════════════════════════════════════════──--── Some viruses like CriCri won't infect files including the character 'V' or digits. For this reason you can use the options /ROM, /HEX and /ASC. You can not mix these options! /ROM - numbers the goat files in Roman counting style (I cann't translate it correctly). E.g. I, II, III, IV, V, VI etc. Because the created numbers quickly grow, the basename is truncated to 2 characters. /HEX - hexadecimal numbering. Use this for generating up to 65000 sample files! Counting is done from 0000 to FFFFh. 4 characters base name. /ASC - Numbering using ASCII letters starting at 'A' up to 'U'. You can use the full basename of 7 characters. E.g. rosegoat mygoats /asc will generate mygoatt.com, mygoatu.exe, mygoasa.com etc. The author ─--───════════════════════════════════════════════════════════════════──--── Refer to the file ROSEBBS.TXT for PGP key, address, email etc. If not included delete the whole package and request the original one.