Dark Slayer Mutation Engine <tm>
                          Version 1.0 <09-28-93>

                                 Written
                                   By
                               Dark Slayer

                      English document by Dark Striker

Who should use DSME?
^^^^^^^^^^^^^^^^^^^^
    If you are virus-writing beginner,you shouldn't use DSME.
    DSME is just for those people who are senior in virus-writing.


How about the Licence ?
^^^^^^^^^^^^^^^^^^^^^^^
    This is a LEAGEL agreement between YOU and DARK SLAYER.

    You may:

       1. Use DSME in your virus writing.
       2. Free copy DSME to those who need DSME to produce viruses.

    You may not:

       1. Use DSME on other program writing.
       2. Modify ,or disassemble DSME.
          All rights in this part are reserve by DARK SLAYER.
       3. Sell DSME to others.


How powerful the DSME is?
^^^^^^^^^^^^^^^^^^^^^^^^^

       The DSME is moudule that can be include in your viruses to
       make them able to produce polymorphic viruses.
       I am preparing senior college admission test in 1994 so that
       I wrote DSME in no time. Thus,it's polymorphic effects might
       not very powerful. Guys,I won't let you down...after my test,
       I'll make it more poweful.Perhaps the next version,DSME will
       have both polymorphic and hideen features.

Who wrote DSME?
^^^^^^^^^^^^^^^

       First,it's my honor to let you know that DSME is made by
       TAIWANESE who live in Taiwan,Keelung Republic Of China.(Not
       the Mainland China!!!)
       I,Dark Slayer,am high school student(17 years old).My goal is
       to build a group which can be the 5th virus group in the world.
       (Maybe you will be one of DARK SLAYER's members after you saw
       this document.) My mission is to let those who write antivirus
       program make their program better.To follow this rule,my viruses
       won't be desturctive.


How can I get the newest DSME version?
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

       Well,about this question,we have plan to set up a BBS in Taipei
       on the begining of Nov,1993.
       You can get DSME from Nowhere Man of [Nuke] by now.
       BTW,if you have any suggestion about DSME,please drop me a line
       in NukeBeta MSG ares of [Nuke]


How can I use it?
^^^^^^^^^^^^^^^^^

       DSME module can be used under MicroSoft Assembler.It maybe can't
       used under TASM or other assembler compilers.

       DSME offers you a subroutines(DSME) and a pointer of program
       ending(DSME_END). You will need DSME_END when you need to get the
       program length.
       In order to use DSME in your virus,you must include the following
       in your source code:


                    VIR_LEN    EQU     OFFSET DSME_END
                      ;This will offer you the length of the virus

                    EXTRN   DSME:NEAR,DSME_END:NEAR

       You can include the following when you want to encryption your
       source code:

                              CALL     DSME


Input parameters of the crypt routine:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

        ES => Work segment (Decryptor + encryted code ,start in ES:0)

            DSME's decryptor code will not over 512 bytes.
            Only you have to do is to reserve memory size (your virus
            lengh + DSME lengh + 512 bytes)
            You should notice this if your virus is resident in memory.

        DS:DX => Code's address to encrypt

            This must point to the code you want to encrypt.

        CX = Length of code to encrypt

            You can use 'OFFSET DSME_END' to get the whole lengh.

        BP = Offset where the decryption routine will be executed

            The decryption routine's offset depends on which kinds of
            file you want to infect it.(Like Friday infects COM files,
            you should set BP to 0100h)

        BL = Decryptor addressing mode

            BL = 0 Don't care addressing mode. (Used to infect COM files)
            BL = 1 Use CS or SS to addressing.(Used to infect EXE files
                   BTW,you must set SS=CS)

Output parameters of the crypt routine:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        DS:DX => Decryptor + encrypted code

            Return from DSME ,DS:DX will point to decryptor + encrypted
            code. This will make writing-function of INT 21h easier.

        CX = Length of decryptor + encrypted code

            This will make writing-function of INT 21h easier,too.

Except these register mentioned above and AX,other registers won't be changed.

About Stack:
^^^^^^^^^^^^

            If your virus halt system all the time and you can't find the
            problem out,maybe your stack is covered by DSME.
            I suggest you use your own stack in your virus source to avoid
            the stack problem.

Final notes.
~~~~~~~~~~~~

            First, I want to thank the Dark Avenger from Bulgaria for his
            nice 'Mutation Engine' program. This fine program has been a
            great source of inspiration for the DSME!

            Second,I also want to thank Ruei-Chiang Huang for his writing
            on THE 3RD WAVE (Chinese Magazine) about 'Mutation Engine'
            interduction.This article cause me to write DSME.

            Check out the sources of DSME-GEN and DEMO to learn more about
            the DSME and how it works.

            Please, remember that the author of the DSME and the Dark Slayer
            virus produce group are not responsible if you use the DSME in
            an illegal or naughty way.


        Good luck.

                                           Dark Slayer