Self-replication of programs

The definition of a computer virus is:

Computer virus (computer Virus) is the code that the creator inserts in the machine program to destroy the computer function or the data, can affect the computer use, can copy a set of computer instructions or program code.

This shows that the two major characteristics of computer viruses are affecting the use of computers and self-replication. This article analyzes the practice of self-replication from the Windows platform.

program, essentially a binary file that contains platform-related computer instructions. A running program that is loaded into memory, the executable file on the storage medium is usually not modifiable, but it can access the content. This allows you to copy an executable file by copying the data and creating a duplicate copy of the binary file.

Code omitted partial exception handling in Demo

int CopyFile (const char* srcfile,const char* desfile) {file*fp_in= NULL; file*fp_out= null;longnfilesize= 0;size_trbyte= 0;size_twsize= 0;charcopybuf[1]= {0};fp_in = fopen (SrcFile, "RB"); fp_in) {perror ("open_file_fial"); return-1;} if (!fseek (fp_in,0l,seek_end)) {nfilesize = Ftell (fp_in); fseek (Fp_in,0l,seek_set);} Else{perror ("Get_file_size_fail"); return-1;} if (nfilesize > 0 && (fp_out = fopen (Desfile, "wb+"))) {wsize = 0;while (fp_out && 0 = = feof (fp_in)) {if (Rbyte = Fread (copybuf,sizeof (COPYBUF), 1,fp_in)) {wsize + = fwrite (copybuf,sizeof (COPYBUF), rbyte,fp_out); if (Wsize > 1024x768)//1k When buffer data is saved {fflush (fp_out); wsize = 0;}} Fclose (fp_out);} Fclose (fp_in); return 0;}

The following code copies an executable file of a running program to the current directory

charszapppath[max_path]= {0};charszdespath[max_path]= {0};char*pchar= NULL; GetModuleFileName (Null,szapppath,max_path);//Gets the current program absolute path if (PChar = Strstr (Szapppath, ". exe")) {strncpy (Szdespath, Szapppath,pchar-szapppath); strcat (Szdespath, "_.exe"); if (!copyfile (Szapppath,szdespath)) {//Copy succeeded}}else{// Is it an executable file?}

When you get a copy of an executable file, you can do the following. If this is a DLL it is also similar to processing.

Self-replication of programs