
how-to block ads
|
| | | Nonresident viruses can be thought of as consisting of a finder module and a replication module. The finder module is responsible for finding new files to infect. For each new executable file the finder module encounters, it calls the replication module to infect that file.
For simple viruses the replicator's task is to:
Open the new file Check if the executable file has already been infected (if it is, return to the finder module) Append the virus code to the executable file Save the executable's starting point Change the executable's starting point so that it points to the start location of the newly copied virus code Save the old start location to the virus in a way so that the virus branches to that location right after its execution. Save the changes to the executable file Close the infected file Return to the finder so that it can find new files for the replicator to infect.
show feedback form
close
by qazwsx2  last modified: 2006-08-11 01:26:00 |
|