Mail Archives: djgpp/2000/03/15/20:55:58

www.delorie.com/archives/browse.cgi

search

Mail Archives: djgpp/2000/03/15/20:55:58

From: Damian Yerrick <Bullshitd_yerrick AT hotmail DOT comRemoveBullshit>

Newsgroups: comp.os.msdos.djgpp

Subject: Re: self-mod code and DJGPP - writable code segment?

Organization: Pin Eight Software http://pineight.8m.com/

Message-ID: <h7cvcs4ucael32pfin6a5nbdo0q1kliadj@4ax.com>

References: <INEPKJNPJEEIBAAA AT shared1-mail DOT whowhere DOT com> <Pine DOT SUN DOT 3 DOT 91 DOT 1000315105955 DOT 17230V-100000 AT is>

X-Newsreader: Forte Agent 1.7/32.534

MIME-Version: 1.0

Lines: 37

X-Trace: /bGnt85RwdBbqme0X4rvwEczZe7IyLvEvzjw2ht8h9jlDBYmCH/dTifOyr1Vr66t1+LnxA+EARy2!OxiHQ+O4YKb/quZiW+4RX9MNkxa2jjmE4zwVnHxM9Tb5TCQmxYGKa5JmZ+hZhTZXL7at7SornO/N!ADW9hVI=

X-Complaints-To: abuse AT gte DOT net

X-Abuse-Info: Please be sure to forward a copy of ALL headers

X-Abuse-Info: Otherwise we will be unable to process your complaint properly

NNTP-Posting-Date: Wed, 15 Mar 2000 15:51:40 GMT

Distribution: world

Date: Wed, 15 Mar 2000 15:51:40 GMT

To: djgpp AT delorie DOT com

DJ-Gateway: from newsgroup comp.os.msdos.djgpp

Reply-To: djgpp AT delorie DOT com

On Wed, 15 Mar 2000 11:04:21 +0200 (IST), Eli Zaretskii
<eliz AT is DOT elta DOT co DOT il> wrote:

>On Wed, 15 Mar 2000, nimrod a. abing wrote:
>
>> I was just curious about this. If the code 
>> segment is not writable, it seems to imply some 
>> sort of immunity to viruses for DJGPP programs.
>
>The viruses don't attach themselves to the protected-mode code produced 
>by DJGPP, they attach themselves to the short DOS stub prepended to DJGPP 
>programs.  And since the COFF header follows that short stub, the virus 
>has good chances overwriting the COFF magic signature, which will cause 
>the startup code refuse to run the infected program.
>
>...
>
>The above-mentioned features do allow an early detection of an 
>infection.  But more importantly, the viruses have
>all but abandoned DOS programs as their target.

Except the master boot record.

>They now concentrate on Windows programs, so 
>any DOS program is probably more safe.

Would the features allow early detection of an infected
RSXNTDJ program?

-- 
Damian Yerrick  http://yerricde.tripod.com/
Comment on story ideas: http://home1.gte.net/frodo/quickjot.html
AOL is sucks! Find out why: http://anti-aol.org/faqs/aas/
View full sig: http://www.rose-hulman.edu/~yerricde/sig.html

This is McAfee VirusScan. Add these two lines to your .sig to
prevent the spread of .sig viruses.  http://www.mcafee.com/

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

From:	Damian Yerrick <Bullshitd_yerrick AT hotmail DOT comRemoveBullshit>
Newsgroups:	comp.os.msdos.djgpp
Subject:	Re: self-mod code and DJGPP - writable code segment?
Organization:	Pin Eight Software http://pineight.8m.com/
Message-ID:	<h7cvcs4ucael32pfin6a5nbdo0q1kliadj@4ax.com>
References:	<INEPKJNPJEEIBAAA AT shared1-mail DOT whowhere DOT com> <Pine DOT SUN DOT 3 DOT 91 DOT 1000315105955 DOT 17230V-100000 AT is>
X-Newsreader:	Forte Agent 1.7/32.534
MIME-Version:	1.0
Lines:	37
X-Trace:	/bGnt85RwdBbqme0X4rvwEczZe7IyLvEvzjw2ht8h9jlDBYmCH/dTifOyr1Vr66t1+LnxA+EARy2!OxiHQ+O4YKb/quZiW+4RX9MNkxa2jjmE4zwVnHxM9Tb5TCQmxYGKa5JmZ+hZhTZXL7at7SornO/N!ADW9hVI=
X-Complaints-To:	abuse AT gte DOT net
X-Abuse-Info:	Please be sure to forward a copy of ALL headers
X-Abuse-Info:	Otherwise we will be unable to process your complaint properly
NNTP-Posting-Date:	Wed, 15 Mar 2000 15:51:40 GMT
Distribution:	world
Date:	Wed, 15 Mar 2000 15:51:40 GMT
To:	djgpp AT delorie DOT com
DJ-Gateway:	from newsgroup comp.os.msdos.djgpp
Reply-To:	djgpp AT delorie DOT com