To: djgpp AT delorie DOT com Date: Thu, 16 Mar 2000 04:02:04 0000 From: "nimrod a. abing" Message-ID: Mime-Version: 1.0 Cc: broeker AT acp3bf DOT physik DOT rwth-aachen DOT de X-Sent-Mail: off X-Mailer: MailCity Service Subject: Re: self-mod code and DJGPP - writable code segment? X-Sender-Ip: 208.160.246.197 Organization: QUALCOMM Eudora Web-Mail (http://www.eudoramail.com:80) Content-Type: text/plain; charset=us-ascii Content-Language: en Content-Transfer-Encoding: 7bit Reply-To: djgpp AT delorie DOT com On 15 Mar 2000 16:56:31 GMT Hans-Bernhard Broeker wrote: >The essential thing is really security by obscurity, here, I think. >DJGPP and RSXNTDJ compiled apps are too rare to act as the host for >any 'successful' virus. The info on DJGPP compiled apps (COFF image structure, DJGPP prog structure) are not that obscure. They can be found at delorie.com. COFF Specs http://www.delorie.com/djgpp/doc/coff/ DOS exe Specs http://www.delorie.com/djgpp/doc/exe/ And you're right, the virus author must know his 'art' to make a virus that can 'properly' infect a DJGPP program. The problem is, there are still many DOS viruses out there (they diehard2 :-), and these things don't know about the structure of a DJGPP app. So instead of infecting them, the virus destroys the program, which is a bad thing if you don't have the sources to rebuild the program. But hey, maybe those virus authors would make one with GPL'ed source code, eh ;-) And virus authors don't need a big 'market share' to make viruses. There are people who do this kind of thing for fun. Let's just hope no one would try making a DJGPP specific virus... --- nimrod_a_abing ---------------- Hot Windows Tip: ---------------- How to free up at least 300 MB of hard disk space (as seen from the MS-DOS prompt): C:\>deltree c:\windows Delete directory "Windows" and all its subdirectories? [yn] y Deleting Windows... C:\> (don't try this at home kids... not unless you have Linux installation CDs) Join 18 million Eudora users by signing up for a free Eudora Web-Mail account at http://www.eudoramail.com