Project3

Due: Tuesday [11/21/2023] @ 11:59 PM (MST)

Objective

This project is meant to get you thinking deeper about important ideas in operating systems and software. It simulates the working process of Virus. This assignment should also give you more practice with using tools like Git, GitHub, Markdown, and even some programming (e.g., C). For this assignment we’d like you to work through the following steps. Please make sure your submission is organized and easy to follow. Your responses should be clear and concise.

1. You should develop program2.c that has to be implemented with the following functionality (64 bit executable is required. if you did 32 bit executable, you receive 85%):
• print a string "hello program2".
• Read encrypted program1 at the last section of retrofiting.exe.
• Decrypt it to get the original program1.exe.
• Create the process in suspended form by using API "CreateProcess", the process to be created is retrofiting.exe
• Get the context of the retrofiting.exe (ImageBase and OEP).
• Uninstaller (NtUnmapViewOfSection).
• Allocate space (by using API "VirtualAllocEx") at the specified location which is "ImageBase" of program1.exe, and the size is the SizeOfImage of program1.exe.
• If the application space is successful, stretch the program1.exe and copy it to the space (by using WriteProcessMemory).
• If the application space fails, but there is a relocation table, apply for space at any position, then stretch, copy, and repair the relocation table of the program1.exe.
• Modify the Context of the program. Change the ImageBase of the Context of the program2.exe to the ImageBase of program1.exe and change the OEP of the Context of the program2.exe to the OEP of program1.exe.
• Set the Context and restore the main thread
• The replacement is successful
2. The source code of program1.exe is to print a string "hello program1".
   • You have to develop program1.c that print the string.
   • Compile program1.c to produce program1.exe.
3. We have to develop a program3.c that first encrypt the virus (in our case, it is program1.exe) by XORing it with 0x40 and then attached the encrypted virus to the end of program2.exe. After it is compiled, producing program3.exe.
4. After running program3.exe, you will get the retrofiting.exe that has the encrypted program1.exe at its last section.
5. If we run the new program2.exe, it first prints "hello program2" and then prints "hello program1".
6. (Bonus) If you apply the techniques from rootkits to project3, you will receive extra 2 points. It will be tested by task manager. If the running program2.exe is hidden from task manager, it means successful.
7. If you apply the techniques from spyware to project3, you will receive extra 2 points. It will be tested by displaying the keystrokes when people press them. If the running program2.exe is showing the keystroke after people press it, one by each press, it means successful.
8. 3 extra points is the maximum.
9. Only source codes and readme file are required to submit. To test your project, first, I will compile your program1.c and get program1.exe. second, I will compile your program3.c and obtain the program3.exe. Third, I will compile your program2.c and get program2.exe. Fourth, I will use program3.exe to encrypt program1.exe and attach it to program2.exe by running the command project3.exe project1.exe project2.exe, which outputs a program named retrofiting.exe. Finally, I will run it and get the output "hello program2" first and then "hello program1".

Instructions On Submitting Your Assignment

Please submit your assignment via your private GitHub repository. Your work for this assignment should be located within a new directory named project3 within your repository. Within this new directory, you should have a README.md written up in valid Markdown for your submission (i.e., project3/README.md), along with any other files you create for this assignment. For general tips on how to write and format your submission, please see the Project Info & Tips page.