Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

There was definitely some interesting stuff in the DOS virus era. One of the "Priest" / "Little Loc" viruses (can't remember which one right now) exploited a vulnerability in the tracing code in the ThunderByte "TBCLEAN" utility to detect when the virus was being run under single-step. It would "break out" of TBCLEAN and destroy data. (ThunderByte didn't correctly emulate / "virtualize" every instruction that could expose the trap flag. There was also a vulnerability to allow you to override their single-step interrupt handler.) Priest also ended up using what he learned when he found that vulnerability in the ISR trace code in "Natas" to bypass TSR anti-virus by locating the original BIOS and DOS entry points (by executing a call under single-step and emulating / virtualizing instructions that expose the trap flag to avoid detection.) I've wondered if his techniques might actually be prior art for some of the various patents on virtualizing x86.


Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: