Revision as of 23:39, 18 July 2006 edit Mboverload (talk \| contribs) Extended confirmed users, Pending changes reviewers, Rollbackers 39,898 edits m Limited spellcheck using mboverload's RegExTypoFix, Replaced: \b(B\|b)ecouse\b => $1ecause, using AWB ← Previous edit		Revision as of 02:51, 19 July 2006 edit undo Raz0r (talk \| contribs) 7 edits No edit summary Next edit →
Line 11: == Example == An algorithm that uses, for example, the variables A and B but not the variable C could stay intact even if you added lots of ~~codes~~code that changed the ~~content~~contents inof the variable C. The original algorithm: Line 33: some_random_number The same algorithm, but with lots of unnecessary C-altering ~~codes~~code: Start: Line 58: some_random_number The code inside "Encrypted" ("lots of encrypted code") could then search the code between Decryption_Code and CryptoKey and remove all the code that alters the variable C. Before the next time the encryption engine is used, it could input new unnecessary codes that alters C, or even exchange the code in the algorithm ~~into~~for new code that does the same thing. Usually the coder ~~use~~uses a zero key for the first generation of the virus, ~~this~~making ~~make~~it ~~esasier~~easier tofor him because with this key the code is not ~~crypted,~~encrypted. He then he implements aan incremental key algorithm or a random one. Other polymorphism technic is to autoinject nop (0x90) or other opcodes that ~~dont~~don't alter the algorithm. == See also ==

Polymorphic code: Difference between revisions