Lesson 1. Basic Principles.
A computer virus, by definition, is a piece of
processor-executable code that can reproduce itself within it's environment. In the
Macintosh system, an object called a resource can contain executable code. Most common
executable resources are of type 'CODE', along with others such as 'DRVR', 'CDEF', 'WDEF',
'INIT', and so on. These resources are loaded into memory and 'jmp'ed to to be executed
(an assembly language term for jump). Note that not only these types listed above can
contain code. The trick is to get the virus code loaded and called by 'accident'.
There are many places where code resources are loaded and executed. For one example, at
the launch of an application, the CODE resource with ID=0 is loaded (the jump table), and
then jumps to the first listing in it's table. As another example, a 'CDEF' resource is
called to draw certain controls (ID=0 for buttons, checkboxes, and radio buttons; ID=16
for scroll bars, etc.). Another example: an 'INIT' resource is called at startup time if
the file which contains it is in one of the special system folders. There are numerous
other places within applications, and even within system software itself, where code is
loaded and called. Each virus uses a trick with one of these methods to get itself called.
Some of these methods are described in more detail below.
Once the virus code is executed, it's main responsibility is to duplicate itself. This in
itself is a fairly easy process. Since your executable code resource is already loaded
into memory, you can use a few popular toolbox calls to place it into any other file or
application that would suit your needs (where it would also have the chance of being
executed). After the duplication is complete, the virus may do any other task it deems
necessary.
One of the reasons why viruses crash is that their reproduction or startup code is not
compatible with other systems and/or machines, not that their damage system actually did
any damage. If you write code following the Inside Macintosh rules and code defensively,
you should be able to write a clean piece of code that travels without problems. Always
code defensively: it's your work out thereÉ you want to be proud of it. Read below to
find some tips on doing just that.
Virus testing is a very difficult process, in that your own system is constantly infected,
possibly numerous times with older versions of the virus. There are methods to the
madness, so again, read on.
A few of the catches to writing a virus is being aware of the methods used by
virus-protection software. If simply written, a virus could be caught very quickly and not
have much effect beyond your own system. If the methods are thought out and the patches
made by the protection software are understood, then a virus could at least require
software companies to update their existing detection methods. Every virus to date has
been able to be detected and destroyed, so don't feel bad.
Is everybody happy? Then let's go!