i have posted this a few days ago, and i have got no answers yet, so i decided to try again, while my previous post is getting down to the bottom of the page. :)

well, i have found some virus source codes in pure 16-bit assembly language on the web (not sure whether they were done by reverse-engineering), most of them date back the early 1990s and even 1980s, i suppose they were written to run in dos and don't work well under windows (32-bit).

well my question this time is whether viruses are written in pure higher level languages or still often in pure assembly nowaday (after year 2000)in order to infect executable files and boot sectors? i am curious about whether higher level languages can strongly empower the viruses in spreading and destroying. as i know assembly language can control the hardware up to the level like moving the head of the hard drive, while c/c++ is not very good at doing this.

also i believe a virus compiled in asm is much smaller (essential for viruses) & able to run faster then in higher level languages.

ps. just to clarify, i am asking since i am curious about how things work. actually, i am thinking of looking for a job in software security (or the like) after i graduate.

thanks a lot for the inform :-)

Yes, Virii are still coded in assembly language. Some Virii are coded in C too. Check this out:

http://www.sirkussystem.com/vxdocs/ps-vir1.txt

i dunno, i think some viruses could possibly be programed in Visual basic...theres commands that shut down the computer, delete/overwrite/or read files without user verification....registry read/write without verication...you can even hide the program from the task manager. Also, if you put code in the Private sub form_terminate() then you can make those commands run when the program is removed from memory. it seems microsoft could have programed its own death...not that i would do that!

LOL... That could be possible eaw8806. But some systems don't have the Runtime file needed for VB 6.0. There would just be a message box saying that the runtime file is needed. So you can't really unload the virus to other people.

thanks to both of you for the inform.

well, i have a look at the link, but i think the author is memtioning about dos viruses, and the code fragments are all written in 16-bit asm, so i assume those viruses won't work well, probably not work at all if they are to infect the portable executable (.EXE) files under 32-bit windows. and well, the TSR technique mentioned there, i think, might not work well under windows all well. i was told that in windows, programs can archieve this by doing:
1. create another thread
2. program without supplying a user interface.
3. something else that i don't know

actually, i suspect will int 27h (terminate & stay resident) work under 32-bit windows (i am not sure about this point).

well, i know little about programming in visual basic, but i think visual basic can not produce boot viruses, and can not (?) trap interrupts (eg. int 13h)

anyone has any ideas ?

See your previous post for my reply to your response.

borelli34