“I cannot make you understand. I cannot make anyone understand what is happening inside me. I cannot even explain it to myself." – The Metamorphosis, Franz Kafka
Metamorphism
Articles
- Advanced Metamorphic Techniques in Computer Viruses
- by Philippe Beaucamps, 2008
- History of polymorphic and metamorphic viruses. Analysis of METAPHOR. Good introduction to metamorphism.
- Theme: Metamorphism
- by Bennie, 1999
- A quick article about metamorphic engines. Even though it’s written in 1999, and it’s definition of a “good metamorphic engine” is not achieved by most of the engines on the scene, the definition should be interpreted as “basic engine” today.
- Metamorphism in practice or “How I made MetaPHOR and what I’ve learnt”
- by The Mental Driller, 2002
- This article is pretty complete as it covers almost all of the areas of a modern metamorphic virus. Classical, a must read.
- Automated reverse engineering: Mistfall engine
- by Z0mBie, 2001
- Mistfall engine is still used in recent studies to re-build morphed executables. Good information about modifying an existing assembly & PE file.
- Recompiling the metamorphism
- by herm1t, 2012
- Inspirational article by herm1t about self-compiling metamorphic viruses and their effectiveness. I like how he points out the importance of the higher level abstractions and what you can do with them, and praises higher level languages than assembly.
- Metamorphic Software for Buffer Overflow Mitigation
- by Xufen Gao, 2005
- A study for building metamorphic engine against stack overflow exploits. It has concept definitions, techniques and source code for a simple metamorphic software.
- Chomsky Hierarchy and the Word Problem in Code Mutation
- by Second Part To Hell, 2008
- Second Part To Hell talks about formal language theory in a mutation engine with examples from MetaPHOR. Word problem is when the antivirus scans a file and finds out the formal grammar of a metamorphic engine. Inspiritional to build complex and exponential syntaxes.
- The Design Space of Metamorphic Malware
- by Walenstein, Mathur, Chouchane M.R, & Lakhotia A, 2007
- Talks about the existing metamorphic engines and how they’re usually designed with some design pro’s and con’s. Good introduction but nothing so original or exciting here.
- The Molecular Virology of Lexotan32: Metamorphism Illustrated
- by Orr, 2007
- This is a very good article analyzing classical and yet original Lexotan32. It shows how Lexaton encodes special flags for its engine as the author calls it Genotypes.
- The Viral Darwinism of W32.Evol
- by Orr, 2077
- Another sweet analysis from Orr. There are many instruction substitutions that are revealed in this article, be careful while implementing them though, they modify lots of register and you need to handle register assignment right.
- Source code (in assembly)
- Recompiling the metamorphism
- Some ideas about metamorphism
- Meta-Level Languages in Viruses
- Metamorphism (part 1)
- Metamorphism
- Diablo
Source codes
- Benny’s Metamorphic Engine for Win32
- Language : Assembly
- Author : Benny
- Source code of his BME32 with some descriptions
- Introductory Primer To Polymorphism in Theory and Practice
- By Opic, 1998
- TMC (Tiny Metamorphic Engine)
- Language : Assembly
- Author : Ender
Obfuscation
Articles
Source codes
- Advances in ELF Binary Encryption
- Making C compiler generate obfuscated code
- kryptonite-obfuscater
- pescrambler
- llvm obfuscator
- Binary code obfuscation through C++ template metaprogramming
- Movfuscator
- REpsych
Polymorphism
- “Do polymorphism” tutorial
- An idiot guide to writing polymorphic engines
- by Trigger [SLAM], 1997
- Advanced polymorphic engine construction
- Polymorphism and grammars
- Guide to improving Polymorphic Engines
Disassembling
- Writing disassembler
- by mdew, 2009
- An overview of disassembler functionalities, is not close to complete but show some basic disassembled structures.