I have no great love for those individuals who create virus programs to wreck havoc on the work of others and I have always wanted to design a way for an application to check itself for infections prior to running. Last year (1992) I created a unit called "virusCheck.p" which would allow Applications to do a "self check" to see if they have been infected with any viruses. I have since enhanced this unit and renamed it "virusCheckPlus.p". The archive that this ReadMe file is part of contains all of the original files plus the enhanced files. The enclosed files will not protect all applications against all viruses but they should allow developers to add some measure of protection to their programs. The files included are:
•virusCheck.p--This is a Think’s Pascal unit which contains the routines necessary to allow an Application to check its resources for changes to the kind and number of specific resources that were originally. Before an application is compiled for the last time this unit should be included in the project and a line similar to the following added close to the beginning of the mainline:
if not(ApplicationCanRun) then
begin
{Do any Clean-up here}
Halt;
end;
The next time your application is launched it will check its resource fork for a resource which contains a list of resource types and counts. The default is a resource of type “Vchk” with an ID of 128. The virusCheck.p unit also needs ALRT and DITL resources both with an ID of 6000, automatically added by "Vaccinate", to display the necessary dialogs if a virus is detected. After your program is compiled as an application for the last time it should be protected with the program "Vaccinate" (see below). This little program will take a look at the Application's resource fork and create a resource of type "Vchk" with an ID of 128. Every time that the Application is launched it will compare its current resources against the information stored in the "Vchk" resource and alert the user if a discrepancy is found. If you wish to see the structure of this resource the resource fork of "Vaccinate" contains just such a resource. "Vaccinate" does a self check each time it is launched to see if it has been infected by a virus since it was last compiled. As stated above the default 'resource check' resource type is "Vchk". This can be easily changed by you for further protection.
•Vaccinate--This program will add all of the necessary resources to any application that uses the VirusCheck.p unit so that the Application can do a self check whenever it is launched. This program should be used on the final form of the application which uses the VirusCheck.p unit. Any application that was compiled with code similar to the following will not run until it is updated with "Vaccinate".
if not(ApplicationCanRun) then
begin
{Do any Clean-up here}
Halt;
end;
•Vaccinate.rscs--This is the resource file used by Vaccinate.
•Vaccinate.p--This is the source file which was used to build the application "Vaccinate". It is included only for those programmers who wish to know how "Vaccinate" operates.
•VirusCheckPlus.p--Similar to VirusCheck.p except that it will add a extra measure of protection by checking not only the types and counts of resources used by an application but also the sizes of the various resources. This unit is my latest creation and I feel that it adds an extra measure of protection for developers because it will also detect those viruses which only add code to an existing resource. It checks the size of all resources except MENU resources. The size of MENU resources are not checked in the current version of "Vaccinate Plus" because of the possibility of inactive menu choices at the time the menu bar is created.
•Vaccinate Plus--This program will add all of the necessary resources to your those applications that use the VirusCheckPlus.p unit so that it can do a self check whenever it is launched. This program should be used on the final form of the application which uses the VirusCheckPlus.p unit. Any application that was compiled with code similar to the following will not run until the application is updated with "Vaccinate Plus".
if not(ApplicationCanRun) then
begin
{Do any Clean-up here}
Halt;
end;
•Vaccinate Plus.rscs--This is the resource file used by "Vaccinate Plus".
•Vaccinate Plus.p--This is the source file which was used to build the application "Vaccinate Plus". It is included only for those programmers who wish to know how "Vaccinate Plus" operates.
I use Think Pascal in developing my programs and include the following lines in all my applications:
{$IFC DEVELOPMENT}
{$ELSEC}
MenuAbout; {The following call must be after IApplication}
if not (ApplicationCanRun) then
begin
{Any necessary clean-up code}
Halt;
end;
{$ENDC}
The variable "DEVELOPMENT" is a compiler variable which is set to "TRUE" when I am developing my application and to "FALSE" when I am compiling my program as an Application. I normally do this through the "Compile Options" command under the "PROJECT" menu, but this variable can be set within the program's source code if you desire. After I compile my program as an Application I use either "Vaccinate" or "Vaccinate Plus" to protect it. Be advised that the call to "ApplicationCanRun" must be made after all appropriate ToolBox managers are initialized. Otherwise, if a virus is detected your application will not display the necessary dialogs. If you are using Think's Pascal these tools are initialized automatically unless you specifically turn this compile option off with the compiler directive: {$I-}. If you are using OOP Pascal the call to "ApplicationCanRun" should be made after the Application is initialized with "IApplication" (Think's OOP library) to insure that the necessary ToolBox managers have been initialized.
I have been using these virus protection units in my programs for quite some time now and have not detected any problems. HOWEVER, IF YOUR PROGRAM ALTERS ITS RESOURCE FILES IT THE PROGRAM'S RESPONSIBILITY TO CORRECT THE "Vchk" RESOURCE SO THAT THE APPLICATION WILL RUN CORRECTLY THE NEXT TIME IT IS LAUNCHED. OTHERWISE, THE APPLICATION WILL SEE THESE CHANGES AS A POSSIBLE VIRUS INFECTION. Rather than write these procedures, I have included all of my source files in this archive so that you can see how the "Vchk" resource was created. This should allow you to write an efficient procedure tailored to your application. In the future I hope to write a generic procedure to accomplish this for all applications that use my Virus Protect units.
These files are free. I ask only that you keep them together along with this Read Me file.
If you want to see how the Virus Protect units function do the following to a BACK-UP copy of either "Vaccinate" or "Vaccinate Plus".
1. Create a BACK-UP copy of either "Vaccinate" or "Vaccinate Plus" if you have not done so.
2. Use ResEdit to duplicate one of the resources, for example, DLOG 128.
3. Save the file and Quit ResEdit.
4. Launch the altered copy of either "Vaccinate" or "Vaccinate Plus".
5. If all goes well you should be presented with a dialog which informs you that the program has been possibly infected by a virus. Your only option at this point is to abort the program.
6. Don't forget to Trash the altered copy "Vaccinate" or "Vaccinate Plus".
If this ReadMe file gets separated from the files discussed above all files can be obtained by writing me at the address below. Please send a disk.
Comments are welcome. My E-mail address is PatrickG21 (America Online) or 4247 Vernor Rd. Attica MI 48412 (U.S. Snail Mail).
