Subject: Subverting opponents to copy yourself From: rjc@hal.gnu.ai.mit.edu (Ray) Organization: ^ Date: 15 Nov 91 19:20:55 GMT Message-ID: <20286@life.ai.mit.edu> A while ago I read about "artificial life" in comp.theory.cell-automata my main interest being the Tierra papers. The author describes some of the programs that had evolved (parasites) that lacked the code to copy themselves. What they did was scan around looking for other cells and then use other cell's copy routine to copy itself. Hence it duplicated faster since it only needed to copy 22 or so bytes vs 80. This gave me an idea for corewars. How about a program that subverts others into impstomping for it,copying it and then dieing. I have seen other "virus" redcode programs but none of them did what real viruses do, and that is to use the target for it's copying rather than just subverting it to a bombing run. Well I wrote such a program around September but haven't had a chance to debug/test it and I'm hoping someone can check this out for me. I have 3 versions of corewars on my machine (Amiga) but they are all unusable. 2 of them are the old ICWS standard without the autodecrement address mode, some don't have "equ" and the other one is in german. I found a Unix curses based one, but it's not an up to date ICWS assembler/simulator. The other on is the X11r4 one on soda.berkeley.edu. (which is quite nice only I don't have access to an x-display at the moment) The program is fairly simple right now,here is what is does (or I hope it does). 1) initialization (find certain "differences" between the spl and jmp functions) 2) start up the virus dispatcher which executes newly copied code that our opponent copied for us. 3) scan for non zero corememory which hopefully contains opponent's code. 4) subvert it to a copy/imp stomp routine 5) loop the virus dispatcher merely loops around executing a jmp1 (nop). When the copy routine finishes, it forces the opponent to place an "spl" at the jmp1 to start up the new virus, then the copy task is put to death. After the new virus is started, the spl is changed back into a jmp1. ;Retrovirus ;By Ray Cromwell (rjc@gnu.ai.mit.edu) ;USA ;September 1991 ;Technique: Subvert other program tricking it into impstomping and copying ; our virus for it. ;Here is where the main debugging has to be concentrated. Make sure ; these offsets or correct or the subvert wil execute the wrong instruction. sizeprog equ endprog-startprog rnaoffset equ virusrna-mainloop startprog dat #0 impstomp mov #0 -1 mov #0 -2 mov #0 -3 mov #0 -4 jmp impstomp jmp0 jmp 0 jmp1 jmp 1 jmp5 jmp 5 jmpvec jmp 600+rnaoffset ;make sure jmp points to "virusrna" routine memptr dat #-600 tmp dat #0 execaddr dat #0 size dat #0 ptr dat #0 dest dat #0 delta dat #0 start mov jmp1 startprog ;Put a nop in the beginning mov jmp5 tmp ; sub jmp0 tmp ;Find jmp5-jmp0 mov jmp1 delta ; sub jmp0 delta ;Find jmp1-jmp0 spl exec ;start rna dispatcher mainloop cmp #0 @memptr ;scan for nonzero code jmp subvert ;if non zero, subvert it! sub #5 memptr ;sub 5 from ptr add tmp jmpvec ;add 5 to jmp instruction jmp mainloop ;loop subvert sub #6 memptr ;6 instructions from cmp #0 #memptr mov jmpvec @memptr ;poke jmp vector(subvert!) sub #1 memptr ;sub 1 from ptr add delta jmpvec ;add 1 to jmp vector add #6 memptr jmp mainloop ;loop code spl @execaddr exec jmp 1 ;dispatcher cmp exec code ;Execute another virus copy jmp exec ;after our opponent has mov jmp1 exec ;graciuously copied it then jmp exec ;change the spl back into a nop. virusrna spl impstomp ;make the other program protect us! mov #sizeprog size ; find size mov #endprog ptr ; get ptr at end mov #400 dest ;copy 400 ahead cploop mov