INT ID
| Function Category
| Offset in IVT
| Intercepted/Used by Virus Code
|
INT 00
| Divide Error CPU Generated
| 0:[0]
| Anti-Debugging, Anti-Emulation
|
INT 01
| Single Step CPU Generated
| 0:[4]
| Anti-Debugging, Tunneling, EPO
|
INT 03
| Breakpoint CPU Generated
| 0:[0Ch]
| Anti-Debugging, Tracing
|
INT 04
| Overflow CPU Generated
| 0:[10h]
| Anti-Debugging, Anti-Emulation (caused by an INTO instruction)
|
INT 05
| Print Screen BIOS
| 0:[14h]
| Activation routine, Anti-Debugging
|
INT 06
| Invalid Opcode CPU Generated
| 0:[18h]
| Anti-Debugging, Anti-Emulation
|
INT 08
| System Timer CPU Generated
| 0:[20h]
| Activation routine, Anti-Debugging
|
INT 09
| Keyboard BIOS
| 0:[24h]
| Anti-Debugging, Password stealing, Ctrl+Alt+Del handling
|
INT 0Dh
| IRQ 5 HD Disk (XT) Hardware
| 0:[34h]
| Hardware level Stealth on XT
|
INT 10h
| Video BIOS
| 0:[40h]
| Activation routine
|
INT 12h
| Get Memory Size BIOS
| 0:[48h]
| RAM size check
|
INT 13h
| Disk BIOS
| 0:[4Ch]
| Infection, Activation routine, Stealth
|
INT 19h
| Bootstrap Loader BIOS
| 0:[64h]
| Fake rebooting
|
INT 1Ah
| Time BIOS
| 0:[68h]
| Activation routine
|
INT 1Ch
| System Timer Tick BIOS
| 0:[70h]
| Activation routine
|
INT 20h
| Terminate Program DOS Kernel
| 0:[80h]
| Infect on Exit, Terminate Parent
|
INT 21h
| DOS Service DOS Kernel
| 0:[84h]
| Infection, Stealth, Activation routine
|
INT 23h
| Control-Break Handler DOS Kernel
| 0:[8Ch]
| Anti-Debug, Non-Interrupted Infection
|
INT 24h
| Critical Error Handler DOS Kernel
| 0:[90h]
| Avoid DOS errors during Infections (usually hooked temporarily)
|
INT 25h
| DOS Absolute Disk Read (DOS Kernel)
| 0:[94h]
| Disk Infection, Stealth (Gets to INT 13 however)
|
INT 26h
| DOS Absolute Disk Write (DOS Kernel)
| 0:[98h]
| Disk Infection, Stealth (Gets to INT 13 however)
|
INT 27h
| Terminate-and-Stay Resident (DOS Kernel)
| 0:[9Ch]
| Remain in memory
|
INT 28h
| DOS IDLE Interrupt DOS Kernel
| 0:[A0h]
| To perform TSR action while DOS program waits for user input
|
INT 2Ah
| Network Redirector DOS Kernel
| 0:[A8h]
| To infect files without hooking INT 21
|
INT 2Fh
| Multiplex Interrupt Multiple use
| 0:[BCh]
| Infect HMA memory, Access Disk Structures
|
INT 40h
| Diskette Handler BIOS
| 0:[100h]
| Anti-Behavior Blocker
|
INT 76h
| IRQ 14 HD Operation Hardware
| 0:[1D8h]
| Hardware Level Stealth on AT and above |
