Jump to content

Metamorphic code

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by 193.14.40.221 (talk) at 15:09, 7 October 2012 (total cleanup). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Metamorphic code is code that when run outputs a logical equivalent version of its own code in some interpretation. This is similar to a quine, except that the quines source code are exactly equivalent to their own output. Metamorphic code also usually output machine code and not its own source code.

This is used by computer viruses to avoid the pattern recognition of anti-virus software. Metamorphic viruses often translate their own binary code into a temporary representation, editing the temporary representation of themselves and then write the edited form back to machine code again.[1] This procedure is done with the virus itself, and thus also the metamorphic engine itself undergoes changes, which means that no part of the virus stays the same. This differ from polymorphic code, where the polymorphic engine can not rewrite its own code.

Metamorphic code is used by some viruses when they are about to infect new files, and the result is that the "children" will never look like their "parents". The mutated code will do the exact same thing, but the childrens binary representation will typically be completely different from the parents. Mutation can be achieved using techniques like inserting NOP instructions (brute force), changing what registers to use, changing flow control with jumps, changing machine instructions to equivalent ones or reordering independent instructions.

Metamorphic code can also mean that a virus is capable of infecting executables from two or more different operating systems (such as Windows and GNU/Linux) or even different computer architectures. Often, the virus does this by carrying several viruses within itself. The beginning of the virus is then coded so that it translates to correct machine-code for all of the platforms that it is supposed to execute in.[2] It is possible, in theory, for a metamorphic virus to rewrite the temporary representation of itself into another set of instructions, intended for another computer architecture.

Metamorphic viruses

See also

References

  1. ^ [1]
  2. ^ [2]
  • [3] Hunting for Metamorphic
Retrieved from "https://en.wikipedia.org/w/index.php?title=Metamorphic_code&oldid=516487081"