Viruses: DIY..?!

closed account (z0XLy60M)
For purely ethical and educational purposes...
How does in c++ language, does a virus work ..?

How to make one on my own..?
For purely ethical and educational purposes...
How does in c++ language, does a virus work ..?

It modifies an executable so that the virus specific code is executed before the actual code of the application. It has nothing to do with C++.

How to make one on my own..?

You open your IDE and write it.
closed account (z0XLy60M)
Okay, Mr. obvious...


but " write" what...?

I was looking for a program , or source code or at least an algorithm
i don't think someone will give you source code for virus in here...
closed account (3qX21hU5)
If you want a virus program so bad just click on some of the spam mail you get in your email all the time...

but " write" what...?

The virus.

or at least an algorithm

I already told you how the "algorithm" works.

Seriously, what's the point of asking these questions if you know nothing about programming yet? Even if you had some source code, you wouldn't understand what it does. Before thinking about running a marathon, it might be advisable to get out of your mother's womb first (then learning how to crawl and how to walk) - for you, that means learning how to program.
Last edited on
@Athar,

I agree the OP has not framed his question in a manner that would invite a serious reply. I hope that I can do better because I am interested in the answer to his/her question. I would like to eventually contribute to anti-virus research/work.

So, say I have a simple program that writes the line "My name is Jack."

1
2
3
4
int main()

cout << "My name is Jack." << endl;
return 0;


How would I write a virus that takes over the code and writes instead "My name is Jill."?

What I have so far is only pseudocode.

1) Read the lines of the target code.
2) Find lines contain cout.
3) In those lines, input strings between the quotation marks.
4) Search for the string "Jack".
5) Replace the target string with the string "Jill".
6) Release the target code to execute itself.

How is this pseudocode expressed in C++ code?
A virus doesn't do anything with the source code, since an executable doesn't contain the C++ source code inside it.

A lot of them will "attach" themselves to the runtime of another program and will get executed when the regular program is ran.
personally i would use a logic bomb...
@thundeman

If you're looking to understand how certain pieces of choice software work, you will need to dive very, very, very, very deeply into low level constructs. Areas of interest for you would be: Understanding the C run-time library (or JVM, or whichever you're targeting), (various) PE formats (bytecode files, etc), (various flavors of) assembly level instructions, and how (various) operating systems / virtual machines interact with programs.

If you ever want to make something that won't be instantly detected and removed by even ancient antivirus products, then you will have to do much more research than I think you're aware of...and by the time that you do that, there will probably still be a huge demand for people with that kind of knowledge outside of the 'dark side'.

Hope that was helpful.

@nathan10
"What I have so far is only pseudocode..."

Pseudocode (or any code) doesn't matter in this case. To change the program behavior (in your simplest of cases), you'll have to modify the actual executable file. How this is done "safely" varies for each format that you want to work with. The easiest way would be to use a hex-editor and change the string value (and pray that the strings aren't decrypted at run-time). If the strings aren't available for editing, you'll have to search the PE for the correct assembly region that decrypts the string, find out how it decrypts it, and then change the value at which the decryptor is reading. Hopefully by doing that you didn't mess up any offsets further down in the file that you will also need to fix. Of course, there are tools available that facilitate this, but you won't get links from me.

^^ This can be automated through a C++ program, but the process would be specific to the exact build of the target software. Even if the target source is recompiled using a different optimization (or even perhaps a different seemingly unrelated compiler setting, such as whether the build was done by more than a single core), your program would crash and burn.

^^^ You should also pray that the PE files aren't packed and/or protected...that's another field all in itself.

^^^^ Long story short --- unless you're willing to put a few months / years into it, give up.

@Scorpic
"A lot of them will "attach" themselves to the runtime of another program and will get executed when the regular program is ran. "

OEP redirection is quite detectable nowadays. :P
Last edited on
Topic archived. No new replies allowed.