Anti-Virus Stealth Library [AVSL] For DOS
Version 1.0 - By Gaurav Khanna [20th May, 1998]
WWW : http://www.focus-asia.com/home/vforum/mainmenu.htm
Email : VFORUM@LETTERBOX.COM
-----------------------------------------------------------------------------

----------------
* Introduction *
----------------

Thanks for using AVSL. So, you are developing an anti-virus or you are very
much interested in CLEANING out ANY VIRUS WITHOUT A CLEAN DOS...

Hmmm, well, you have chosen the right stuff. For years, it has been of much
trouble the cleaning of viruses without a clean DOS disk. Nowadays, anti-virus
softwares which claim to do, more often that not...

1) Scan the memory to identify the virus(es) in question,
2) Locate their code and modify it in memory to deactivate the virus(es),
3) And then attempt to clean out the virus.

This approach shall fail miserably if the virus locates itself in a different
memory location other than where it usually does. Moreover, this approach is
of no use for the viruses of the future, for which the anti-virus software's
memory scanning component has to be updated.

So, what do you do? You don't have a clean DOS or you want your anti-virus to
CLEAN OUT ANY KNOWN/UNKNOWN BOOT/PARTITION/EXECUTABLE FILE VIRUS WITHOUT A
CLEAN DOS, irrespective of whether the virus is of past, present or future,
right ? So, here's the magic stuff...

Along with this text file, you have unzipped 6 STLTH_?.OBJ files for each
memory model...

1) STLTH_T.OBJ >> for TINY memory model
2) STLTH_S.OBJ >> for SMALL memory model
3) STLTH_M.OBJ >> for MEDIUM memory model
4) STLTH_C.OBJ >> for COMPACT memory model
5) STLTH_L.OBJ >> for LARGE memory model
6) STLTH_H.OBJ >> for HUGE memory model

Each of these .OBJ files contain a function INIT_STEALTH which you must call
from within your source code (preferably, at the startup or after scanning
the memory for virus) as follows :

/* this is the function prototype */
extern int init_stealth(void);

To call it is simple :

        int a;
        .
        .
        .
        a = init_stealth();

That's it. There are four values returned by it, which are as follows :

0 = stealth routines for DOS and BIOS initialized successfully.
1 = DOS stealth routine initialized successfully, BIOS stealth routine
    initialization failed.
2 = BIOS stealth routine initialized successfully, DOS stealth routine
    initialization failed.
3 = Initialization of stealth routines for DOS and BIOS failed.

This library has been compiled using Turbo C 2.0 and has been successfully
linked and tested with other C programs built using Turbo C 2.0. Still, an
example program, TEST.C alongwith it's executable, is being included for
demonstration/understanding purposes for the users of this library.

-----------
* Linking *
-----------

To link the appropriate library with your source code, provided you have
defined it's function prototype as shown above, you should do as follows :

C:\TC>tcc -mX yourprog.c stlth_X.obj

where :
X = memory model letter(t,s,m,c,l,h)
yourprog.c = name of your main program source file


Your comments/bug reports shall help me a great deal to improve this library.
So, kindly do mail them to me at VFORUM@LETTERBOX.COM. Thanks.

Gaurav
-----------------------------------------------------------------------------
