Writing a Mutation Engine and Breaking Aimware

Writing a Mutation Engine and Breaking Aimware(back.engineering)

34 points by disk0 4 years ago | 4 comments

stevekemp 4 years ago |

That's a really fascinating bit of writing. I remember writing "mutation engines" back in the day for x86 virus coding.

In 1993 the virus group Phalcon/Skism from Canada published a polymorphic engine called Dark Angel's Multiple Encryptor or DAME, the writeup of that is still available:

https://ivanlef0u.fr/repo/madchat/vxdevl/vdat/tuda0011.htm

That inspired me to do similar things, playing around with replacing bits of assembly with functionally equivalent alternatives, and using differing encoding of common instructions.

Of course all of this is very obsolete knowledge these days, which is a shame in some ways.

lifefeed 4 years ago | |

I read "The Little Black Book of Computer Viruses" back in the 90s and it was an education in assembler. I wrote a little mutation engine too, it did not perform well!

stevekemp 4 years ago | | |

A lot of times things didn't need to perform terribly well, but at the same time I was reminded recently of some of the tricks - removing "ld de, 0" in favour of "xor de,de", etc, which came up in this past post:

https://news.ycombinator.com/item?id=30941097

So maybe I was wrong, this kind of experimentation and knowledge is still useful.

Computeiful 4 years ago |

The performance hit is quite unacceptable in games such as CSGO. I cannot really think of any competitive game where the performance hit is justifiable.