I'm just gonna drop this attachment here, while you're working on some sort of antivirus. The IRC'ers will know what this is for.

A long program. What exactly does it do??


PS: I am officially loving Celtic3

Yep but i need assembly to intercept and store it to a buffer so that my firewall can check it

That leaves the program half done. Does anyone know how to do the other part. Lesson 3 of "28 days" doesn't seem to touch upon it.

[...]
No... You'd have to trace the stack. There is no other way. More than half of the normal asm routines end in a pop instruction, then a RET. The only way to check for stack leaks (and even this is not completely airtight), is to count every pop and push instruction and check whether the numbers are equal.

More than half?

Scanning a program that way would epically fail if the program did anything using SP for anything other than for entries on the hardware stack. Like clearing off the screen buffer. Also, any such scanning program would have to be aware of program flow, which could take a while to scan if the person's doing strange things with the stack in their program. Not saying that all programs are strange and weird, but just letting you know that there are people that would code their programs in the most convoluted way possible. (I'm half an example here)

Have there actually been any kind of malicious programs written for crashing your calc, or is this only for badly written ones, that will crash your calc? The only real way I can see someone writing a virus like this would be a local friend, as most calc sites would most likely not put it up, having tried it out.

Not to discourage, I'm just asking.

Have there actually been any kind of malicious programs written for crashing your calc, or is this only for badly written ones, that will crash your calc? The only real way I can see someone writing a virus like this would be a local friend, as most calc sites would most likely not put it up, having tried it out.

Not to discourage, I'm just asking.

Iambian wrote one that infects all Ion programs you run and IIRC it transmits from calc to calc. BrandonW wrote a program that can really screw up your calc certificate badly. Also Iambian had the Flashcrash program in his sig on UTI before, which deletes the calc OS. Technically, over the internet, an antivirus for calc wouldn't be much useful, because if a virus lands on ticalc.org or on a calc forum, on ticalc it will get taken down and on a forum, people will all know it's a virus. An antivirus like this is more useful at school, if you receive a lot of programs from students or if your calc is at risk of getting left unnatended, otherwise it can be useful if you tend to download calc programs from unsafe sources. It could be very easy to bypass, though, because the author can simply constantly update his virus code so the antivirus can no longer detect it.

Which update do you mean? The antivirus or the viruses?