Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Subverting opponents to copy yourself

10 views
Skip to first unread message

Ray

unread,
Nov 15, 1991, 2:20:55 PM11/15/91
to

A while ago I read about "artificial life" in comp.theory.cell-automata
my main interest being the Tierra papers. The author describes some of
the programs that had evolved (parasites) that lacked the code to
copy themselves. What they did was scan around looking for other
cells and then use other cell's copy routine to copy itself. Hence it
duplicated faster since it only needed to copy 22 or so bytes vs 80.
This gave me an idea for corewars. How about a program that subverts
others into impstomping for it,copying it and then dieing. I have seen
other "virus" redcode programs but none of them did what real viruses do, and
that is to use the target for it's copying rather than just subverting
it to a bombing run.

Well I wrote such a program around September but haven't had a chance
to debug/test it and I'm hoping someone can check this out for me.
I have 3 versions of corewars on my machine (Amiga) but they are
all unusable. 2 of them are the old ICWS standard without the
autodecrement address mode, some don't have "equ" and the other one is
in german. I found a Unix curses based one, but it's not an up to date
ICWS assembler/simulator. The other on is the X11r4 one on soda.berkeley.edu.
(which is quite nice only I don't have access to an x-display at the moment)

The program is fairly simple right now,here is what is does (or I hope it
does).

1) initialization (find certain "differences" between the spl and jmp
functions)
2) start up the virus dispatcher which executes newly copied code that
our opponent copied for us.
3) scan for non zero corememory which hopefully contains opponent's code.
4) subvert it to a copy/imp stomp routine
5) loop

the virus dispatcher merely loops around executing a jmp1 (nop). When
the copy routine finishes, it forces the opponent to place an
"spl" at the jmp1 to start up the new virus, then the copy task
is put to death. After the new virus is started, the spl is changed back into
a jmp1.

;Retrovirus
;By Ray Cromwell (r...@gnu.ai.mit.edu)
;USA
;September 1991
;Technique: Subvert other program tricking it into impstomping and copying
; our virus for it.

;Here is where the main debugging has to be concentrated. Make sure
; these offsets or correct or the subvert wil execute the wrong instruction.

sizeprog equ endprog-startprog
rnaoffset equ virusrna-mainloop


startprog dat #0
impstomp mov #0 -1
mov #0 -2
mov #0 -3
mov #0 -4
jmp impstomp
jmp0 jmp 0
jmp1 jmp 1
jmp5 jmp 5
jmpvec jmp 600+rnaoffset ;make sure jmp points to "virusrna" routine
memptr dat #-600
tmp dat #0
execaddr dat #0
size dat #0
ptr dat #0
dest dat #0
delta dat #0

start mov jmp1 startprog ;Put a nop in the beginning
mov jmp5 tmp ;
sub jmp0 tmp ;Find jmp5-jmp0
mov jmp1 delta ;
sub jmp0 delta ;Find jmp1-jmp0
spl exec ;start rna dispatcher
mainloop cmp #0 @memptr ;scan for nonzero code
jmp subvert ;if non zero, subvert it!
sub #5 memptr ;sub 5 from ptr
add tmp jmpvec ;add 5 to jmp instruction
jmp mainloop ;loop

subvert sub #6 memptr ;6 instructions from cmp #0 #memptr
mov jmpvec @memptr ;poke jmp vector(subvert!)
sub #1 memptr ;sub 1 from ptr
add delta jmpvec ;add 1 to jmp vector
add #6 memptr
jmp mainloop ;loop


code spl @execaddr

exec jmp 1 ;dispatcher
cmp exec code ;Execute another virus copy
jmp exec ;after our opponent has
mov jmp1 exec ;graciuously copied it then
jmp exec ;change the spl back into a nop.

virusrna spl impstomp ;make the other program protect us!
mov #sizeprog size ; find size
mov #endprog ptr ; get ptr at end
mov #400 dest ;copy 400 ahead
cploop mov <endprog <dest ; copy it
djn cploop size ;
exc mov #409 execaddr ;exec begging of code
; it is 9 instructions from
; exec to cploop

mov code exec ; trigger activation
endprog dat #0 ;kill the other program's process

--------------------------------------------------

I don't see any problems with it except for the offsets. Assemblers
with "equ" ability help but it's still tough keeping track of
which instruction is executing which relative pointer so I could have
messed it up. Feel free to make any improvements or changes.
When I get free time this weekend I've remove the equ's and put in the
raw numbers.

Future plans:

Identifying marker so we don't subvert ourselves. This would consist
of a tag of atleast 5 instructions. For instance, 5 DAT #1991's which
the scanning routine would detect and skip over. If the tag gets bombed
there's a problem.

Instead of dispatching a new copy of the virus with spl, instead
spl off a "short" bombing run that dies. (like a small mortar) and
JMP directly to the new copy.


More ideas:

A corewars program that subverts other's to implement a "voter"
error detection routine and if an error is found, fix it.
The allows the main program to go on bombing/subverting while the opponent
goes on error checking us.

All of these ideas come from the quest to slow the enemy down
by zapping his cpu resources. Instead of slowing him down with spl0
bombs, force him to do something useful.

0 new messages