Hello,
"Is virus (written in C/C++) a user space program (or kernel space)? especially spywares and the ones that steal information"
I have asked this question a couple of times to many people however haven't got a satisfactory answer.
I think they are user space as that's the place where they are written and executed. Also because they use System /OS APIs to complete their task.
Any views and comments are welcome?
Rogue user-space program.
"Perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away." -- Antoine de Saint-Exupery
A virus generally begins as a (portion of a) user program, that exploits security flaws in the underlying operating system, to gain administrative and/or root access. A virus may also infect a system when an administrative user executes the virus code in a privileged (administrator/root) process.
What can this strange device be?
When I touch it, it gives forth a sound
It's got wires that vibrate and give music
What can this thing be that I found?
All the ones I've seen are user space, usually they become a problem after gaining privileged access. The initial program only needs to run once, probably gaining access when the user installs or updates something. From there, on Windows at least, you can edit the registry (using advapi32 API) to do incredibly annoying and destructive things.
One virus on a computer given to me would install a task to the registry (running on login), that would check the existence of several child-virus programs, and their registry entries, and if something was wrong it would essentially repair itself lol.
That said there must be at least some malicious code capable of running in kernel mode, or else most BIOS wouldn't come with a "secure boot" option, would they?
WndProc = (2[b] || !(2[b])) ? SufferNobly : TakeArms;
Surely this thread should be in "Tech Board"?
Life is like riding a bicycle. To keep your balance you must keep moving - Einstein
Good point, and moved.
Look up a C++ Reference and learn How To Ask Questions The Smart WayOriginally Posted by Bjarne Stroustrup (2000-10-14)
What is Kernel Space? Well, it is an area of memory reserved to run the OS kernel, along with piece of software dubbed device drivers. User Space is the rest of the computer memory and it is not reserved.
So, can someone write an Operating System? We sure can, otherwise we would have no operating systems. Likewise we have device drivers, which are essentially software written to provide an interface for the hardware functions. So, a virus can be written for -- and executed in -- the kernel space. It can be disguised as a part of the operating system kernel, or as a device driver.
Are there any such virus? For sure! Many rootkits reside in the kernel.
Can a virus running on the user space infect the kernel? For sure! That's how most of the kernel virus end up in the kernel. A payload is created to try and trick the victim (or take advantage of an OS bug) to elevate the payload user space privileges and gain access to the kernel memory space, where the virus is then planted.
Originally Posted by brewbuck:
Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.
@mario : In Linux kernel we can access, read and understand the source code, know its inner working so as to plant a virus in kernel space as have mentioned above. However, in windows we have no access to source code then how such a feat (to plant a virus in kernel) is achieved in windows OS...in that world (windows) all you have are some books which tell you about the internals of windows.
You don't need access to the source to know how to write Windows kernel software, you need only look around.
