|
Don't quote me on this, as I'm not to familiar with the 9x VX scene.
But it is my understanding the HPS virus used an undocumented int21 routine to access Kernel32.dll, then from there you can find VxDCall.
An overview of how it is done is located here:
h**p://vx.netlux.org/lib/vgy06.html
An analysis of the HPS virus is here:
h**p://www.peterszor.com/hps.pdf
-bg
|