Writing a Mutation Engine and Breaking Aimware
back.engineeringThat's a really fascinating bit of writing. I remember writing "mutation engines" back in the day for x86 virus coding.
In 1993 the virus group Phalcon/Skism from Canada published a polymorphic engine called Dark Angel's Multiple Encryptor or DAME, the writeup of that is still available:
https://ivanlef0u.fr/repo/madchat/vxdevl/vdat/tuda0011.htm
That inspired me to do similar things, playing around with replacing bits of assembly with functionally equivalent alternatives, and using differing encoding of common instructions.
Of course all of this is very obsolete knowledge these days, which is a shame in some ways.
I read "The Little Black Book of Computer Viruses" back in the 90s and it was an education in assembler. I wrote a little mutation engine too, it did not perform well!
A lot of times things didn't need to perform terribly well, but at the same time I was reminded recently of some of the tricks - removing "ld de, 0" in favour of "xor de,de", etc, which came up in this past post:
https://news.ycombinator.com/item?id=30941097
So maybe I was wrong, this kind of experimentation and knowledge is still useful.
The performance hit is quite unacceptable in games such as CSGO. I cannot really think of any competitive game where the performance hit is justifiable.