Need Help

S

shrka

Disciple
Is there any tutorial or guide available so that I could learn about the structure of .exe files and how does viruses exploit these files and insert their code in order to harm systems.

It is not for harming anyone but for knowledge sake ; as I think in order to defend the system against any vulnerability first we should understand how it works.
 
Most of the architectural details of a EXE are not general...
each differ by the way they are compiled,coded & executed..
If u wnt to see the strings / codes use a sftware like W32Dasm...a exe disasmbler....it would let u decode the exe but not modify it..
U wont be able to understand it unless u have a good programming skill..
 
super_saiyan said:
Most of the architectural details of a EXE are not general...
each differ by the way they are compiled,coded & executed..
If u wnt to see the strings / codes use a sftware like W32Dasm...a exe disasmbler....it would let u decode the exe but not modify it..
U wont be able to understand it unless u have a good programming skill..
Click to expand...
I dont agree with that. EXE are binary files. So how can they be different on the same architecture ?? Also a exe is normally divided into sections like code, text, etc. Most viruses follow a similar pattern. They attach to an exe file either at the start or at the end. They then either complete the program routine or crash it. But with proper use of addressing a virus can attach to an exe pretty easily. But signature writers use this thing against them. As the viral code will be in 1 single piece they normally take 20/30 bytes and write the signature. So a scanning anti viral software will detect the signature in binary scanning in exe's.
Also if u are planning to study exe's use the format used now instead of DOS in which the first 2 bytes used to be MZ which was the initials of some guy at Microsoft.

MY suggestion:
1: Study pointers and memory addressing/segmentation etc.
2: Goggle what u want
3: if u want i will post some links but please try yourself first.
 
super_saiyan said:
Most of the architectural details of a EXE are not general...
each differ by the way they are compiled,coded & executed..
Click to expand...
agreed that the codes can be sectioned...but there are exes' that are not sectioned...lame programmers do that....
what i meant is not all exes' work in same way....AFAIk...all virus' work in same way while affect the specific formats...that i agree..
 
^^ Programmers cant affect exe's. They are compiled into object code, linked and then made into exe. It is the implementation on compiler and linker. And all compilers and linkers follow some standards set by the OS architecture. Like in Windows MS follows COFF format while Linux uses ELF. But you can write a program to convert COFF to ELF. Also u will have to take care of all linked dll/libraries.

There are programs that convert COFF to ELF and they would not work for every exe if the formats were different. But standardised formats make it easy for OS to run, compilers to compile etc.

And all exe contain sections like .BSS .CODE .STACK .DATA etc. Open any exe in a IDA pro or any other disassemblem u will know what i mean. The disassember itself seperates it into different tabs.

@shrka : i would suggest u start with studying boot sector viruses. They are easy to understand and code. By the time u get the pointer concept perfectly go with attaching to exe. But then study up a bit.

Electronics 58

EXE Format
 
Back
Top