Mail Archives: djgpp/1999/09/16/12:02:49

delorie.com/archives/browse.cgi

search

Mail Archives: djgpp/1999/09/16/12:02:49

From: Eli Zaretskii <eliz AT is DOT elta DOT co DOT il>

Newsgroups: comp.os.msdos.djgpp

Subject: Re: DJGPP viruses (Re: HELP! "invalid page exception"??)

Date: Thu, 16 Sep 1999 12:30:02 +0200

Organization: NetVision Israel

Lines: 18

Message-ID: <Pine.SUN.3.91.990916122941.7654H-100000@is>

References: <37D534CD DOT 9FE72805 AT this DOT newsgroup> <Pine DOT SUN DOT 3 DOT 91 DOT 990908103147 DOT 21899I-100000 AT is> <37D6B63A DOT 68278B19 AT this DOT newsgroup> <Pine DOT SUN DOT 3 DOT 91 DOT 990909092000 DOT 6646I-100000 AT is> <37D7B0BD DOT DE998100 AT this DOT newsgroup> <Pine DOT SUN DOT 3 DOT 91 DOT 990913123223 DOT 8713K-100000 AT is> <7rmlv7$99s$1 AT solomon DOT cs DOT rose-hulman DOT edu> <Pine DOT SUN DOT 3 DOT 91 DOT 990915120355 DOT 27871S-100000 AT is> <7ro50d$e2b$1 AT solomon DOT cs DOT rose-hulman DOT edu>

NNTP-Posting-Host: is.elta.co.il

Mime-Version: 1.0

X-Trace: news.netvision.net.il 937477729 10037 199.203.121.2 (16 Sep 1999 10:28:49 GMT)

X-Complaints-To: abuse AT netvision DOT net DOT il

NNTP-Posting-Date: 16 Sep 1999 10:28:49 GMT

X-Sender: eliz AT is

In-Reply-To: <7ro50d$e2b$1@solomon.cs.rose-hulman.edu>

To: djgpp AT delorie DOT com

DJ-Gateway: from newsgroup comp.os.msdos.djgpp

Reply-To: djgpp AT delorie DOT com

X-Mailing-List: djgpp AT delorie DOT com

X-Unsubscribes-To: listserv AT delorie DOT com

On Wed, 15 Sep 1999, Damian Yerrick wrote:

> > Not true.  Every DJGPP program has a short real-mode stub prepended
> > to it.  As far as DOS (and DOS-based virus) is concerned, a DJGPP
> > program is a very short real-mode program with lots of data attached
> > to it.
> 
> But wouldn't this appended data confuse most viruses to
> high heck?

No, viruses are programs, and programs cannot be confused ;-).

Seriously, though: the stub usually confuses anti-virus software, not
viruses.  What viruses do is still infect the program, but when they
do, they usually overwrite the beginning of the COFF image, and the
program won't run anymore (the stub won't load it).  See section 6.7
of the FAQ for more about this.

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

From:	Eli Zaretskii <eliz AT is DOT elta DOT co DOT il>
Newsgroups:	comp.os.msdos.djgpp
Subject:	Re: DJGPP viruses (Re: HELP! "invalid page exception"??)
Date:	Thu, 16 Sep 1999 12:30:02 +0200
Organization:	NetVision Israel
Lines:	18
Message-ID:	<Pine.SUN.3.91.990916122941.7654H-100000@is>
References:	<37D534CD DOT 9FE72805 AT this DOT newsgroup> <Pine DOT SUN DOT 3 DOT 91 DOT 990908103147 DOT 21899I-100000 AT is> <37D6B63A DOT 68278B19 AT this DOT newsgroup> <Pine DOT SUN DOT 3 DOT 91 DOT 990909092000 DOT 6646I-100000 AT is> <37D7B0BD DOT DE998100 AT this DOT newsgroup> <Pine DOT SUN DOT 3 DOT 91 DOT 990913123223 DOT 8713K-100000 AT is> <7rmlv7$99s$1 AT solomon DOT cs DOT rose-hulman DOT edu> <Pine DOT SUN DOT 3 DOT 91 DOT 990915120355 DOT 27871S-100000 AT is> <7ro50d$e2b$1 AT solomon DOT cs DOT rose-hulman DOT edu>
NNTP-Posting-Host:	is.elta.co.il
Mime-Version:	1.0
X-Trace:	news.netvision.net.il 937477729 10037 199.203.121.2 (16 Sep 1999 10:28:49 GMT)
X-Complaints-To:	abuse AT netvision DOT net DOT il
NNTP-Posting-Date:	16 Sep 1999 10:28:49 GMT
X-Sender:	eliz AT is
In-Reply-To:	<7ro50d$e2b$1@solomon.cs.rose-hulman.edu>
To:	djgpp AT delorie DOT com
DJ-Gateway:	from newsgroup comp.os.msdos.djgpp
Reply-To:	djgpp AT delorie DOT com
X-Mailing-List:	djgpp AT delorie DOT com
X-Unsubscribes-To:	listserv AT delorie DOT com