Windows and Virus Programming

Posted on May 21, 2013 by

InPursuitThe fine programmers at Microsoft have a problem. To put it simply, their platform is the most heavily targeted by malicious code. However, that is beginning to change.

I have read that Apple has been targeted with viruses recently, though it’s not as frequent, yet. Linux has traditionally been exempt from malicious code attacks but Linux systems are growing in popularity and have become targets. The Android operating system has its viruses and, now, even scripting languages like PHP are starting to see virus activity. I recently read the code of a PHP virus that attaches itself to the program and does some nasty things.

Microsoft programmers, however, have not been idle. I’ve been learning programming on Linux but recently bought a laptop with Windows 8. It’s large enough to let me host multiple Linux operating systems on VirtualBox, so I’ve been playing and having fun.

I’ve also installed Microsoft Visual Studio Express 2012 and been playing with some old school tools of virus programmers with interesting results.

Programs that Delete Themselves

One interesting things virus programmers have been able to do is make their viruses disappear after they’ve done their work. The following code uses the remove() command to delete argv[0], the reference to the program that is running. Effectively, the program deletes itself. I found the original code on several websites and couldn’t compile it under Windows or Linux with a modern OS. I rewrote it as you see here.

This code will run under Linux and the program will delete itself. In Windows, however, it returns a very visible error. Not very good for a virus that wants to remain incognito.

// This program will no longer destroy itself under Windows.
 // Windows returns an error message.
#include<stdio.h>
 #include<conio.h>
 #include<dos.h>
 int main(int argc, char argv[])
 {
 printf("This program will destroy itself when you press a key!\n");
 getch();
 remove(argv[0]);/*array of pointers to command line arguments*/
 return 0;
 }

I became intrigued by this and decided to try another bit of source code from the Internet. This one allows one file to be embedded into another file. After some reworking of the old code, I got it running under Windows. It will embed a program into another program. The program that receives the information can still run and the file can be extracted into an executable program.

Three things to note about this program are that it actually takes the target file and places it into the source (which can be confusing), Windows will not let it put itself into another file and Windows will not run the extracted file.

#include<stdio.h>
 #include<conio.h>
 #include<fcntl.h>
 #include<sys/types.h>
 #include<sys/stat.h>
 #include<stdlib.h>
 #include<string.h>
 #include <io.h>
void embed(void);
 void extract(void);
char buff[1],sname[128],tname[128],dname[128],choice;
 unsigned long int size=0;long int psize=0;int outh,bytes=0;
 FILE *source,*target,*data;
void main()
 {
 while(1)
 {
 system("cls");
 puts("\n\t\t\t\tFILE EMBEDDING UTILITY BY SRIKANTH\n\n\n");
 puts("1.Embed A File 2. Extract A File 3.Exitn");
 choice=getch();
 switch(choice)
 {
 case '1':
 embed();
 getch();
 break;
 case '2':
 extract();
 getch();
 break;
 default:
 exit(0);
 }
 }
 }
void embed()
 {
 puts("\nEnter The Source Filename\n");
 scanf("%s",sname);
 source=fopen(sname,"rb+");
 if(source==NULL)
 {
 puts("\nCannot Open The Source File\n");
 return;
 }
 puts("\nEnter The Target Filename\n");
 scanf("%s",tname);
 outh=open(tname,_O_WRONLY | _O_BINARY);
 if(outh==-1)
 {
 puts("\nCannot Open The Target File\n");
 return;
 }
 printf("\nReading The Source File Please Wait…\n");
 while((bytes=read(outh,buff,1))>0)
 size+=bytes;
 data=fopen("Data.cfg","w");
 if(data==NULL)
 {
 puts("\nCannot Create Configuration The File\n");
 return;
 }
 fprintf(data,"%lu",size);
 close(outh);
 fclose(data);
 target=fopen(tname,"rb");
 if(target==NULL)
 {
 puts("Cannot Open Target File\n");
 return;
 }
 printf("\nEmbedding Please Wait…\n");
 fseek(source,0,SEEK_END);
 while(fread(buff,1,1,target)>0)
 fwrite(buff,1,1,source);
 fcloseall();
 printf("\nEmbedding Completed Successfully\n");
 }
void extract()
 {
 printf("\nEnter The Source Filename\n");
 scanf("%s",sname);
 source=fopen(sname,"rb");
 if(source==NULL)
 {
 printf("\nCannot Open The Source File\n");
 return;
 }
 printf("\nEnter The Target Filename(eg: abc.exe)\n");
 scanf("%s",tname);
 printf("\nEnter The Configuration Filename(eg: DATA.cfg)\n");
 scanf("%s",dname);
 data=fopen(dname,"r");
 if(data==NULL)
 {
 printf("\nConfiguration File Not Found\n");
 return;
 }
 fscanf(data,"%ld",&psize);
 target=fopen(tname,"wb");
 if(target==NULL)
 {
 puts("\nCannot Open The Target File\n");
 return;
 }
 printf("\nExtracting Please Wait…\n");
 fseek(source,-psize,SEEK_END);
 while((fread(buff,1,1,source))>0)
 fwrite(buff,1,1,target);
 printf("\nFile Extraction Completed Successfully\n");
 fcloseall();
 }

Admittedly, a programmer who is good at building virus programs may be able to find workarounds for this and, also admittedly, I may have overlooked something on the second program in trying to get the code to work, but it’s clear that Microsoft added to its operating system in ways that make it harder to use some of the old tricks. This may be why many of the new virus programs are a bit more straightforward and rely on fooling the user into executing them. Viruses are still a big threat under Windows but the face of virus programming is changing in Windows because of the work Microsoft’s programmers do to make it safer to use.

It’s a bit scary that I can run potentially malicious code on Linux systems that won’t work as expected under Windows.

Posted in Computer/Web Programming | 2 Comments

Invoking Javascript on a webBrowser.Document in C#

Posted on May 17, 2013 by

Houston, we have a problem! Invoking Javascript on a page through a webbrowser in a C# application.Houston, we have a new problem!

So, I’m working away at this little project, bemoaning the fact that I can’t get posts to populate in the textarea on this particular social site. My login and logout code works well but there’s a problem with the status updates.

This is one of those text boxes that grows when you click it with the mouse or Tab into it. The problem seems to be a Javascript that needs to be invoked properly for the text box to appear. I want to automate posting, I don’t want to use 0Auth and the API and I want this all to run automatically with no need for human interaction.

Here’s the <script> in the <head> of the page.

<script>window.Bootloader && Bootloader.done(["6HM2D"]);</script>

Here’s the way it appears in <textarea> on the page.

onkeydown="window.Bootloader &amp;&amp; Bootloader.loadComponents([&quot;control-textarea&quot;], function() { TextAreaControl.getInstance(this) }.bind(this)); "

I’m not the Javascript guy but it appears that the script is being called with different options to open the text box in response to a key press or a mouse click. I’ve tried simulating a human entering the data. First, I tried just copying the data into the <textarea> element, followed by having the software click the button. This didn’t work. I followed by trying to simulate a MouseDown event but I’m new to C# and I’m not sure I did it properly. I finally used Focus() to get focus on the <textarea> and found that, if I follow it with putting text into the initial box, the box will grow, the text will disappear and I won’t be able to add anything to it.

What are my possible solutions?

As I see it, I have three possible solutions.

  1. Find a way to convince the program that the text area was clicked so it will expand before entering text.
  2. Find a way to bypass it, entering values and attributes to that <textarea> that will negate the need to do all the clicking and entering.
  3. Use HttpWebRequest to bypass the need for interacting with the webBrowser.

I’ve tried 1 but I may have not been executing it properly. I dove blindly into C# with no training because it is so easy for me to read after learning the syntax for C, C++, Java and PHP. I have not been able to find 2, a way to bypass it but I’m not sure what all their code does. That bring us to 3 and I have not studied HttpWebRequest yet, though I can tell you that will be on my list now.

If you, dear friend, can offer some help with this problem, it would be greatly appreciated.

Posted in Computer/Web Programming | Leave a comment

PHP General Questions & Answers

Posted on May 17, 2013 by

Reblogged from Web Development:

Question1: What are the differences between require and include, include_once?
Answer:
File will not be included more than once. If we want to include a file once only and further calling of the file will be ignored then we have to use the PHP function include_once(). This will prevent problems with function redefinitions, variable value reassignments, etc.

The major difference between include() and require() is that in failure include() produces a warning message whereas require() produces a fatal errors.

Read more… 178 more words

Here's a great explanation of some common questions from people who are learning PHP. The author discusses the differences among the include(), include_once() and require() statements and also talks about the differences between if() and switch() statements. Good food for thought, so I'm reblogging it for my friends.
Posted in Uncategorized | Leave a comment

Logging Out of Facebook in C# Without 0Auth

Posted on May 15, 2013 by

InPursuit

I’ve never done anything in C# before the company bought me this new laptop. The old machine I have that is running Vista won’t install Microsoft’s Visual Studio, so I haven’t been able to run it. I wasn’t aware of how much you can do with their free Express package until I decided, on a lark, to try it.

I am amazed at how easy it is to work in C# with my knowledge of C, C++ and Java. I am by no means proficient in those yet but the combination of knowledge from the different packages transfers easily. So, I’m doing what I proposed for a marketing presentation in college; I’m writing a package to automate tasks on several social media sites.

I want the program to automate tasks the way a human does them, filling out forms and clicking buttons instead of using the APIs of those respective sites. I don’t want the package to need keys for 0Auth because you are inherently restricted in the functionality you can provide by the limitations of the API and the limitations of the agreement you enter into with the sites for interfacing your software with their site.

Houston, I have a problem!

I’ve built the GUI and some basic functionality. Now I’m working on the nitty gritty, interfacing with the web pages through the web browser I plugged into the program. The difficult part of this is learning to navigate the document and interact with the web page. I was up until 7:00 a.m., researching solutions to this problem. I grabbed four hours sleep, then worked on the problem some more until I left to teach in the evening.

Houston, I’ve found some solutions!

I was sitting there with empty code on a button listener, trying to figure out how to write script to log out of Facebook. I read every article I could find, trying code only to erase it. Finally, right before dinner, I found some promising code on the MSDN site. This code had been regurgitated by other programmers but none of it seemed to work. This bit of code was more complete, so I tried it. I placed a message box strategically to tell me if the code was found on Facebook. It worked!

After dinner, I replaced the message box with code I also found on MSDN, changing it to fit my use, clicking the “Log Out” button on the Facebook logout form. Success!

This is the basic code needed to automate other interactions with forms on web pages. I’m providing the complete code for the event listener attached to the button so you can see how it works. The code searches the document for every instance of an “INPUT” element, looks for every one with a “type” of “submit” and checks each one of those for a “value” of “Log Out,” the name of the facebook button the user sees.

I have added more code that is not listed in this article to make this production ready, to make sure the document is fully loaded and to prevent errors in handling. However, the code I’ve listed here works and it takes me a huge leap forward in writing a usable program. I hope it is useful to you.

Facebook application logout using POST instead of 0Auth.

//
// This function is a button’s event listener.
private void button3_Click(object sender, EventArgs e)
{
//
// Check to see if there is a webpage (document) in the browser.
if (webBrowser1.Document != null)
{
//
// If something is there, inititalize the code to search for “INPUT” tags on the page.
HtmlElementCollection elems = webBrowser1.Document.GetElementsByTagName(“INPUT”);
//
// Each time you find an “INPUT” tag, do the following …
foreach (HtmlElement elem in elems)
{
//
// typeStr will get the “type” of each “INPUT” element it encounters.
// If a type is “submit,” check further …
String typeStr = elem.GetAttribute(“type”);
if (typeStr == “submit”)
{
//
// contentStr will get the “value” listed for each “type” in the element.
// If the value is “Log Out,” click that element
String contentStr = elem.GetAttribute(“value”);
if (contentStr == “Log Out”)
{
elem.InvokeMember(“click”);
}
}
}
}
}

Posted in Computer/Web Programming | Tagged , , , , , | Leave a comment

Humans as Finite State Machines

Posted on May 3, 2013 by

Have you ever heard of an infinite state machine? It’s a theoretical concept of a machine that is large enough to hold all the information in the universe, under the assumption that the universe is infinite, of course. What we have in modern computers are finite state machines, devices that are finite in nature and can only hold so much data.

For monotheistic religions like Judaism, Christianity and Islam, God could be described as an infinite state machine. However, we take the concept further. Not only is there something that is able to hold all the information in the universe, this something also created the universe.

What does this say of human beings as we try to understand the universe around us? People grasp for truth and knowledge and, quite often, claim to have found universal truth.  Religious and non-religious people alike have a tendency to proclaim these things they believe as absolute truth, eschewing the beliefs of the people around them.

I’ve heard it said that the human brain can hold about ten terabytes of information. I don’t know if this information is correct but we do know that the human brain can hold a finite amount of information at one time. In fact, the human brain does not store and retrieve information the way a computer does. The things we learn must be learned by repetition; the brain categorizes what is important to remember by frequency of repetition. Those things that are repeated often and in large quantities can be readily and accurately remembered. It is said that college students retain, on average, about 25% of the things they learn in their classes after leaving college, retaining those things they use constantly on the job but forgetting those things they don’t use on a daily basis.

This information draw some very interesting conclusions about the relationship humans have with religion. The first thing is that people, in their finite state, do not have the facility to judge other people and the beliefs they have. What we learn is largely based on experience and we rely on repetition of those things that are important to our survival. Individual human experiences may have commonalities but there are so many things that are singular that we are best able to judge others only in general terms. We do not know the hearts and minds of others and, outside general observation, we are not well equipped to judge specifics of individuals.

This applies not only to religious people but to the non-religious as well. In Christianity, my religion, we are forbidden from judging others. For instance, it is not my place to judge whether an atheist is going to hell for not believing in God. How could I, when I know so little of that person’s motivation? On the other hand, the atheist, or even more to the point the anti-theist, has no place judging Christians, lumping all of Christian experience into the conservative, literal view often expressed by that group as the whole of religion. Likewise, people from different religions are not well-suited to judge each other. Because our ability to know and understand becomes more generalized as we move farther from our particular experiences, we cannot hope to understand the specifics of another’s feelings and motivations. Each person decides what is important based on different situations and circumstances, their brains retaining that which is oft repeated. This includes what they choose to feed into their brains as well as the experiences outside their control during formative years and the lasting impression they have.

This article serves as an admonishment to me first, then more generally to others. Not only is it forbidden in Christianity to judge other people past a certain point, it is scientifically improbable that I can do so with any substantial degree of certainty. It is within my realm to judge what contact I should have with that person, based on what I value and what that person brings to the table. However, beyond that, I must take a more general approach when passing any kind of lasting judgement on another human being, just as others should take a more general approach when drawing conclusions about me.

Like Adam and Eve in the second Genesis story, people put themselves in the position of God. Perhaps the real sin in knowing good and evil is that we assume, incorrectly, that we have the ability to use this knowledge wisely in our relationships with others.

Posted in Uncategorized | Leave a comment

Regular Expression to Find URLs in Java

Posted on March 19, 2013 by

I’ve been learning how to use regular expressions in Java and found that it’s hard to get some of the code working properly from tutorials and places like Stack Overflow. I thought it might be handy to provide a working script in Java that can return multiple URLs from a string.

So, I’ve modified code from Oracle’s tutorial on regular expressions, using a slight variant a regular expression I found on Stack Overflow. This class prompts you to input a string, then evaluates the string, returning all the URLs in the string. It does this by searching for href=”[any characters in the url]” and returning each instance of this in a separate line on the screen.

This code can easily be modified as a starting point for evaluating source code returned by a spider for evaluating links on a website. I hope it is useful for you.

/*
 * THIS WORK IS A DERIVATIVE OF CODE COPYRIGHTED BY ORACLE.
 * YOU MAY USE THIS WORK FREELY UNDER THE CONDITIONS OF THE ORACLE COPYRIGHT.
 * THE AUTHOR OF THE DERIVATIVE CODE DOES NOT REQUIRE ANY FURTHER ATTRIBUTION
 *
 * Copyright (c) 1995, 2008, Oracle and/or its affiliates. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 *   - Redistributions of source code must retain the above copyright
 *     notice, this list of conditions and the following disclaimer.
 *
 *   - Redistributions in binary form must reproduce the above copyright
 *     notice, this list of conditions and the following disclaimer in the
 *     documentation and/or other materials provided with the distribution.
 *
 *   - Neither the name of Oracle or the names of its
 *     contributors may be used to endorse or promote products derived
 *     from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR
 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */ 

import java.io.Console;
import java.util.regex.Pattern;
import java.util.regex.Matcher;

public class RegexURL {
    public static void main(String[] args){
        Console console = System.console();
        if (console == null) {
            System.err.println("No console.");
            System.exit(1);
        }
        while (true) {
            Pattern pattern = 
            Pattern.compile("href=\"(.*?)\"");

            Matcher matcher = 
            pattern.matcher(console.readLine("Enter input string to search: "));

            boolean found = false;

            while (matcher.find()) {
                console.format("%s\n",
                    matcher.group(),
                    matcher.start(),
                    matcher.end());
                found = true;
            }

            if(!found){
                console.format("No match found.%n");
            }
        }
    }
}
Posted in Uncategorized | Leave a comment