How to Build your First "Hello World Virus"

Let's annoy fellow co-workers! Run a Hello World Virus on their computers...

By Zarko Gajic, About.com Guide

See More About:

* delphi for fun

* callback functions
* handling windows messages
* executing programs and files
* try/except/finally

""Hello World" Fun Virus Build using Delphi"

Sponsored Links

Cryptography for DelphiThe easiest way to add Cryptography functionality to

your application.www.rapware.nl

virus validationGMP/GLP compliant services for biopharmaceutical

drugswww.newlab.de

Software DevelopmentERP, MRP, Data Conversion, CRM Start project today

909-634-3700Bahatech.Com
Delphi Ads
Delphi Kill Computer Virus Delphi Source Code Tourism in Delphi Delphi 7
Component

While this article uses the term "virus", the code demonstrated here is not a
virus or any other form of malware. If you use this program to annoy your co-
workers - you may have to deal with the repercussions!

Who said programming cannot be fun? Let's create a simple "memory eater"
that executes itself an unlimited number of times - thus consuming all the
Windows memory :)

The "Hello World VIRUS" we will build in this article is, of course, not a true
virus. We'll create a totally useless application that executes itself when it gets

executed. What a weird idea :) 1996

Here are the topics you will learn by building your first (Hello World) Virus:

* Execute applications from Code,

 * Send Parameters to applications being executed from code,
* Use Windows CallBack procedures,
* Get the Class Name and the Caption of a Window if you know its Handle,
* Send and Handle a Custom Message

"Hello World" VIRUS!

In the OnCreate event of the main (only form) form a ShellExecute method is
called to execute another application from code - this time, the calling
application - itself. When you run the virus for the first time, the Virus will
execute itself and another instance will be created. The second instance, again,
executes itself by creating the third instance, the third instance runs the fourth
instance ... get the point?

Ok, ok. Let's build a fair virus. The Virus will execute itself only a limited
number of times. The last instance will clean up the system by terminating all
the running instances.

procedure THelloWorldVirusForm.FormCreate(Sender: TObject) ;

//How many times to execute this application - "virus"?
const
MAXExecuteCount = 55;
var
execCount : integer;
begin
execCount := 0;
if ParamCount > 0 then execCount := StrToInt(ParamStr(1)) ;

1996
if execCount < MAXExecuteCount then
begin
infoLabel.Caption := Format('Clone Nr: %d',[execCount]) ;

//run itself again

execCount := 1 + execCount;
ShellExecute(Application.Handle,'open',PChar(Application.ExeName),PChar
(IntToStr(execCount)),'',SW_SHOW) ;
end

else199
6
begin
//Let's be fair .. kill all clones...
Application.MessageBox('Hello, Scared?',PChar(Application.Title)) ;
Caption := 'I will close normally';
KillClones;
Application.MessageBox('System secured!',PChar(Application.Title)) ;
end; end;

The MAXExecuteCount constant determines the maximum number of times the

virus will execute itself. Another instance is started using the ShellExecute
method - by passing the EXE name of the Virus itself and the current instance
count. When the virus is run, the ParamCount is used to check if any
parameters are passed to the program (execCount

variabl ;2001 e holds this number). If it is less

then MAXExecuteCount the Virus executes itself again. A random number is

used to position the window erratically on the screen (download full source).

When MAXExecuteCount is reached, since this is not a bad virus, the last
instance ensures that all the running instances are terminated.

The KillClones function uses a Windows callback mechanism to enumerate all

top-level windows and search for the Hello World Virus instances:

procedure THelloWorldVirusForm.KillClones;
var
cloneHandle : THandle;
cloneHandles : TStringList;
sHandle : string;
begin
cloneHandles := TStringList.Create;
 try
EnumWindows(@EnumWindowsFunc, LParam(cloneHandles)) ;
for sHandle in cloneHandles do

begin 1996
cloneHandle := StrToInt(sHandle) ;
if cloneHandle <> self.Handle then SendMessage(cloneHandle, WM_CloneQuit, 0, 0) ;
end;
finally
cloneHandles.Free;
end;
end;

;2001
The EnumWindows fills a TStringList with the handles of the running Virus instances. A simple for
loop is used to send a custom message to the Virus instance.

function EnumWindowsFunc(Handle: THandle; List: TStringList) : boolean ; stdcall;

var
className: array[0..255] of Char;

caption: array[0..255] of Char

begin
;2001
GetClassName(Handle, className, SizeOf(className)-1) ;
GetWindowText(Handle, caption, SizeOf(caption)-1) ;

if ((className = 'THelloWorldVirusForm') AND (caption = 'HelloWorldVirusForm')) then

List.Add(IntToStr(Handle)) ;

Result :=True;

end;
1996
The Virus handles the custom message by calling Application.Terminate.

const
WM_CloneQuit = WM_USer + 2901; //"random" number
...
procedure Quit(var Msg : TMessage) ; message WM_CloneQuit;
...
procedureTHelloWorldVirusForm.Quit(var Msg: TMessage) ;
begin
Application.Terminate;
end;

Final WARNING: do NOT execute the Hello World Virus from the Delphi IDE, build the code and
start the program from the Windows Explorer. If you run the application from the IDE - one instace
will be left running. Use the Task Manager to terminate it.

Let's Get Nasty ;^)

Let's say we forget to include the "cleanup" code. Why not hide the TaskBar button, hide the Virus
from Task Manager, produce a memory leak, etc ...
Source Code

* Download

Discuss

* Post your questions, concerns, views and comments to this article.

Related Articles

* W32/Induc-A - The Delphi Virus. Will Your Applications Be Affected?

* West Nile Virus - Protect Against West Nile Virus
* Close Previous Application Instances / Ensure One Instance Running using De...
* Will I have recurrent episodes of genital herpes?
* Code 1 virus

Zarko Gajic

Zarko Gajic
Delphi Programming Guide

* Sign up for my Newsletter

* My Blog

* My Forum ;2001
Sponsored Links

C++ ProgrammingStay on top of trends in parallel computing. Read our expert blog!
www.drdobbs.com/Go-Parallel

Viral Antibodies/ProteinsInfluenza A, HIV/SIV, SARS-CoV, HBV Recombinant Viral Proteins, &

Morewww.immune-tech.com

InfoPower StudioAdvanced data controls for Delphi Advanced DBGrid,

Maskingwww.woll2woll.com/InfoPower.html

Iframe Malware RemoverRemove Malware from live websites CMS, HTML, PHP, ASP, Files and
morewww.SeedCoreGroup.com

Communications for DelphiMessage-based communication tool for Delphi and C++Builder

projectswww.eldos.com/MsgConnect

Orchid Virus TestFast and easy orchid virus testing Detect ORSV/CymMV in
minuteswww.agdia.com

Advertisement
Explore Delphi Programming
Must Reads

* First Time Here? What is Delphi?

* How to Start a New Delphi Project
* Delphi Tutorials / Online Courses
* Delphi Tips, Tricks, Code Snippets
* What Happened to "Borland Delphi"?

Most Popular

Virtual Key CodesExecute External Program, FileNetwork traffic monitorA Beginner's Guide to
DelphiDate/Time routines - Delphi Programming
See More About:

* delphi for fun

* callback functions
* handling windows messages

* executing programs and files

* try/except/finally

By Category
;2001