Mail Archives: djgpp/2000/03/15/21:07:35

www.delorie.com/archives/browse.cgi

search

Mail Archives: djgpp/2000/03/15/21:07:35

Date: Wed, 15 Mar 2000 16:11:25 +0100

Message-Id: <200003151511.QAA21524@acp3bf.physik.rwth-aachen.de>

From: Hans-Bernhard Broeker <broeker AT physik DOT rwth-aachen DOT de>

To: djgpp AT delorie DOT com

Subject: Re: self-mod code and DJGPP - writable code segment?

X-Newsgroups: comp.os.msdos.djgpp

In-Reply-To: <INEPKJNPJEEIBAAA@shared1-mail.whowhere.com>

User-Agent: tin/1.4-19991113 ("No Labels") (UNIX) (Linux/2.0.0 (i586))

Reply-To: djgpp AT delorie DOT com

Errors-To: dj-admin AT delorie DOT com

X-Mailing-List: djgpp AT delorie DOT com

X-Unsubscribes-To: listserv AT delorie DOT com

In article <INEPKJNPJEEIBAAA AT shared1-mail DOT whowhere DOT com> you wrote:
> On Tue, 14 Mar 2000 09:53:35   Eli Zaretskii wrote:
>>
>>On 14 Mar 2000, Alistair_P SHILTON wrote:
>>
>>> I was wondering if it is possible to link self-modifying assembler
>>> code to DJGPP.  When I try, I get an error message.  So I checked
>>> the documentation, which says that the code segment is not writable.

> I was just curious about this. If the code 
> segment is not writable, it seems to imply some 
> sort of immunity to viruses for DJGPP programs.

Not really. The fact that CS=DS in DJGPP programs means that you can
still write into the code, by using the DS segment selector, as
detailed in other answers to that question.

> And I also read from somewhere in the FAQ that DJGPP programs have
> the ability to detect if their COFF image becomes corrupted.

Yes. But that test is not too hard to fool, either, if the virus
writer knows his art... but so far, no virus author has ever bothered
to create a virus hosted by DJGPP programs, yet. Not even as a 'proof
of concept' implementation.

The protection against viruses in DJGPP programs is mainly in the fact
that viruses don't understand anything about the structure of a DJGPP
program, and so instead of 'properly' infecting one, they tend to
break its structure.

So far, this has allowed for early detection and killing of at least
two viruses. I should know: I collected the samples from people
reporting they had the 'Check for Viruses' messages from DJGPP, but
definitely *no* (known) virus on their system, analyzed the viral DNA
and reported it to the agencies.

> With so many viruses spreading around, does this mean that DJGPP
> programs are safer from viruses?

A little. But that's not really safety by immunity, but safety by
obscurity. DJGPP-compiled apps are (still) not suitably widely spread
to 'host' a virus population. The real basis of viruses is a *big*
market share of the the hosting platform. That's why M$ Word and Excel
viruses are so widely spread, but there is little or no relevance to,
say, an AMIPro virus.

-- 
Hans-Bernhard Broeker (broeker AT physik DOT rwth-aachen DOT de)
Even if all the snow were burnt, ashes would remain.

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

Date:	Wed, 15 Mar 2000 16:11:25 +0100
Message-Id:	<200003151511.QAA21524@acp3bf.physik.rwth-aachen.de>
From:	Hans-Bernhard Broeker <broeker AT physik DOT rwth-aachen DOT de>
To:	djgpp AT delorie DOT com
Subject:	Re: self-mod code and DJGPP - writable code segment?
X-Newsgroups:	comp.os.msdos.djgpp
In-Reply-To:	<INEPKJNPJEEIBAAA@shared1-mail.whowhere.com>
User-Agent:	tin/1.4-19991113 ("No Labels") (UNIX) (Linux/2.0.0 (i586))
Reply-To:	djgpp AT delorie DOT com
Errors-To:	dj-admin AT delorie DOT com
X-Mailing-List:	djgpp AT delorie DOT com
X-Unsubscribes-To:	listserv AT delorie DOT com