Computer virus programming in assembley part 1
2023-10-9 04:30:12 Author: 0x00sec.org(查看原文) 阅读量:9 收藏

1

This is a tribute to Dr Mark A. Ludwig, he past on in 2011 and we are going to redo his work, update it, provide it in modern programming languages and even extend it by writing articles here and video lectures on youtube .

COMPUTER VIRUSES

A computer virus is a type of malware that, when executed, replicates itself by modifying other computer programs and inserting its own code into those programs.If this replication succeeds, the affected areas are then said to be “infected” with a computer virus, a metaphor derived from biological viruses.

Among the most sophisticated computer programmers, a virus is the weapon of choice for deploying destructive code.The essential feature of a computer program to be classified a computer virus is not its ability to destroy data, but its ability to gain control of the computer and make a fully functional copy of itself. It can reproduce when executed, it makes one or more copies of it’s self.Those copies may later be executed, to create more copies.

Note: Not all computer programs that are destructive are classified as viruses because they do not reproduce and not all viruses are destructive because reproduction is not destructive

TYPES OF COMPUTER VIRUSES
Viruses which infect any application program.
Viruses which infect a specific file.
Boot sector viruses

THE FUNCTIONAL ELEMENTS OF A VIRUS

Every viable computer virus must have at least two basic parts if it is to be called a virus.

  1. It must contain a search routine, which locates new files or new areas on disk which are worthwhile targets for infection.This routine will determine how well the virus reproduces. eg whether it does so quickly or slowly, whether it can infect multiple disks or a single disk, and if it can infect every portion f a disk or just certain specific areas. As with all programs, there is a size vs functionality tradeoff here. The more sophisticated the search routine is , the more space it will take up. so although an efficient search routine is beneficial for the virus to spread faster, it will make the virus bigger and that is not good.

  2. A computer virus must contain a routine to copy itself into the areas which the search routine locates. The copy routine will only be sophisticated enough to do it’s job without being caught. The smaller it is, the better.

Example a virus which infects only COM files can get by with a small copy routine than a virus which infects EXE files.This is because the EXE file structure is more complex, so the virus needs to do more to attach its self to an EXE file.

While the virus only needs to be able to locate suitable hosts and attach itself to them, it is usually helpful to incorporate some additional functionality into the virus like, anti-detection either by the computer user or anti virus programs.Eg the search routine maybe limited in scope to avoid detection. A routine which checked every file on the disk without limit would take long time and cause enough unusual disk activity.Anti detection features may cause the virus to be dormant under certain special conditions. Eg it might activate only after a certain date.

It might activate only if a key has not been pressed for five minutes(suggesting that the user was not there watching his computer)

Note: Search, copy and anti-detection routines are the only necessary components of a computer virus.


文章来源: https://0x00sec.org/t/computer-virus-programming-in-assembley-part-1/37308
如有侵权请联系:admin#unsafe.sh