Thread: Is Virus a user space program ?

  1. #1
    Registered User
    Join Date
    Aug 2015
    Posts
    9

    Is Virus a user space program ?

    Hello,

    "Is virus (written in C/C++) a user space program (or kernel space)? especially spywares and the ones that steal information"

    I have asked this question a couple of times to many people however haven't got a satisfactory answer.

    I think they are user space as that's the place where they are written and executed. Also because they use System /OS APIs to complete their task.

    Any views and comments are welcome?

  2. #2
    Registered Superuser nul's Avatar
    Join Date
    Nov 2014
    Location
    Earth
    Posts
    53
    Rogue user-space program.
    "Perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away." -- Antoine de Saint-Exupery

  3. #3
    Registered User
    Join Date
    Oct 2006
    Posts
    3,445
    A virus generally begins as a (portion of a) user program, that exploits security flaws in the underlying operating system, to gain administrative and/or root access. A virus may also infect a system when an administrative user executes the virus code in a privileged (administrator/root) process.
    What can this strange device be?
    When I touch it, it gives forth a sound
    It's got wires that vibrate and give music
    What can this thing be that I found?

  4. #4
    Registered User Alpo's Avatar
    Join Date
    Apr 2014
    Posts
    877
    All the ones I've seen are user space, usually they become a problem after gaining privileged access. The initial program only needs to run once, probably gaining access when the user installs or updates something. From there, on Windows at least, you can edit the registry (using advapi32 API) to do incredibly annoying and destructive things.

    One virus on a computer given to me would install a task to the registry (running on login), that would check the existence of several child-virus programs, and their registry entries, and if something was wrong it would essentially repair itself lol.

    That said there must be at least some malicious code capable of running in kernel mode, or else most BIOS wouldn't come with a "secure boot" option, would they?
    WndProc = (2[b] || !(2[b])) ? SufferNobly : TakeArms;

  5. #5
    Registered User ssharish2005's Avatar
    Join Date
    Sep 2005
    Location
    Cambridge, UK
    Posts
    1,732
    Surely this thread should be in "Tech Board"?
    Life is like riding a bicycle. To keep your balance you must keep moving - Einstein

  6. #6
    C++ Witch laserlight's Avatar
    Join Date
    Oct 2003
    Location
    Singapore
    Posts
    27,555
    Good point, and moved.
    Quote Originally Posted by Bjarne Stroustrup (2000-10-14)
    I get maybe two dozen requests for help with some sort of programming or design problem every day. Most have more sense than to send me hundreds of lines of code. If they do, I ask them to find the smallest example that exhibits the problem and send me that. Mostly, they then find the error themselves. "Finding the smallest program that demonstrates the error" is a powerful debugging tool.
    Look up a C++ Reference and learn How To Ask Questions The Smart Way

  7. #7
    (?<!re)tired Mario F.'s Avatar
    Join Date
    May 2006
    Location
    Angola
    Posts
    8,445
    What is Kernel Space? Well, it is an area of memory reserved to run the OS kernel, along with piece of software dubbed device drivers. User Space is the rest of the computer memory and it is not reserved.

    So, can someone write an Operating System? We sure can, otherwise we would have no operating systems. Likewise we have device drivers, which are essentially software written to provide an interface for the hardware functions. So, a virus can be written for -- and executed in -- the kernel space. It can be disguised as a part of the operating system kernel, or as a device driver.

    Are there any such virus? For sure! Many rootkits reside in the kernel.

    Can a virus running on the user space infect the kernel? For sure! That's how most of the kernel virus end up in the kernel. A payload is created to try and trick the victim (or take advantage of an OS bug) to elevate the payload user space privileges and gain access to the kernel memory space, where the virus is then planted.
    Originally Posted by brewbuck:
    Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.

  8. #8
    Registered User
    Join Date
    Aug 2015
    Posts
    9
    @mario : In Linux kernel we can access, read and understand the source code, know its inner working so as to plant a virus in kernel space as have mentioned above. However, in windows we have no access to source code then how such a feat (to plant a virus in kernel) is achieved in windows OS...in that world (windows) all you have are some books which tell you about the internals of windows.

  9. #9
    Unregistered User Yarin's Avatar
    Join Date
    Jul 2007
    Posts
    2,158
    Quote Originally Posted by TheGuy Nextdoor View Post
    @mario : In Linux kernel we can access, read and understand the source code, know its inner working so as to plant a virus in kernel space as have mentioned above. However, in windows we have no access to source code then how such a feat (to plant a virus in kernel) is achieved in windows OS...in that world (windows) all you have are some books which tell you about the internals of windows.
    You don't need access to the source to know how to write Windows kernel software, you need only look around.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Virtual memory in user space (Operting Systems)
    By Elysia in forum Tech Board
    Replies: 21
    Last Post: 05-07-2011, 04:09 PM
  2. Reading a proc file in user space
    By Fillis52 in forum C Programming
    Replies: 3
    Last Post: 12-06-2010, 11:03 AM
  3. user space control for device driver
    By itisravi in forum Linux Programming
    Replies: 5
    Last Post: 03-02-2010, 02:17 PM
  4. space problem with user input
    By codebrawler in forum C++ Programming
    Replies: 5
    Last Post: 01-08-2006, 02:01 PM

Tags for this Thread