Lesson 4. Reproduction.
Reproduction of any code resource requires the help of the
File Manager and/or the Resource Manager. The concept is not very simple, but the
execution is very easy. Since the virus itself is simply one code resource (preferably not
more than one), then it can be loaded, added, modified, changed, and saved just like any
other resource. And the fun part of it is, you can do all this to the code you are
currently executing. This is apparently dangerous (Apple warns us about self-modifying
code), but we're not modifying anything about our code; simply our placement. With a few
simple calls we can duplicate ourselves anywhere we wish.
When an executable code resource is called, the pointer to the resource is placed in
register A0. You can use this pointer to reference yourself. A simple line of assembly can
place A0 in any variable you choose. Once you have this variable, you must translate it
into a handle with the RecoverHandle call. Now you have a handle to your own loaded
resource, but you still cannot duplicate it. As a handle to a resource, you cannot use it
to be copied into other files. You 'belong' to your owning file, and are not expected to
go elsewhere. Use the DetachResource call to remove your reference to the file you came
from. After this call, you are simply an executable block of memory floating around with a
handle on yourself (phallic, isn't it?). All you need to have to have total freedom with a
block of memory is a handle to it. You've got this free handle now. Now comes the time to
find the file you have to duplicate yourself to.
The file you find depends on how your virus is designed to work. You can copy yourself
into applications, into desktop files, or into the system. Again, dependent on how your
executing mechanism requires it. Once you have found your file (usually with use of the
File Manager), open up it's resource fork with OpenResFile or any other similar
procreation of it (FSpOpenResFile, etc.). Call AddResource with the required parameters,
then call WriteResource to forcefully write the resource to the file or simply close the
file itself (it will automatically be saved). Your code has now copied itself into another
file. Reproduction! Now just let it sit and wait for it to be called!