View Single Post
  #3   (View Single Post)  
Old 17th December 2010
rocket357's Avatar
rocket357 rocket357 is offline
Real Name: Jonathon
Wannabe OpenBSD porter
 
Join Date: Jun 2010
Location: 127.0.0.1
Posts: 429
Default

Here's the thing: Windows will take a file and attempt to execute it based on extension. Try it sometime. Create a file in notepad. Name it omg.exe. Double click on it.

Every other operating system on the planet (especially OpenBSD and other Unix/Unix-like systems) actually check what's called the magic number at the beginning of the file that stamps the file as executable. Look:

Code:
$ hexdump /bin/ls | head -1
0000000 457f 464c 0102 0001 0000 0000 0000 0000
$ head -1 /bin/ls | cut -d'>' -f1
ELF
$ hexdump /bin/sh | head -1
0000000 457f 464c 0102 0001 0000 0000 0000 0000
$ head -1 /bin/sh | cut -d'>' -f1
ELF
$ hexdump /usr/bin/file | head -1
0000000 457f 464c 0102 0001 0000 0000 0000 0000
$ head -1 /usr/bin/file | cut -d'>' -f1
ELF
$ hexdump /usr/bin/cdio | head -1
0000000 457f 464c 0102 0001 0000 0000 0000 0000
$ head -1 /usr/bin/cdio | cut -d'>' -f1
ELF
Note how the result is the same for each executable...they're all ELF format executables (ELF stands for Executable and Linkable Format). The exception to these magic numbers is executable shell scripts, which list the interpreter that should be used to read and execute the text of the script:

Code:
$ hexdump /usr/local/bin/soffice | head -1
0000000 2123 622f 6e69 732f 0a68 0a23 2023 4f24
$ head -1 /usr/local/bin/soffice
#!/bin/sh
Now look at a Windows executable (I scp'd some exes to my OpenBSD box):

Code:
$  hexdump Firefox\ Setup\ 3.6.exe | head -1
0000000 5a4d 0090 0003 0000 0004 0000 ffff 0000
$ hexdump Tcpview.exe | head -1
0000000 5a4d 0090 0003 0000 0004 0000 ffff 0000
See how the numbers are different (They match each other because they're Windows executables (PE executables, i.e. "Portable Executable" format), but they differ from OpenBSD's "magic numbers" (in other words, they aren't ELF format executables))? Now look:

Code:
$ chmod 700 Firefox\ Setup\ 3.6.exe # mark the windows exe's as being executable so OpenBSD will at least *try* to run them
$ chmod 700 Tcpview.exe
$ ./Firefox\ Setup\ 3.6.exe # and try to run them haha.
./Firefox Setup 3.6.exe[1]: MZÿÿ¸@ິ: not found
./Firefox Setup 3.6.exe[2]: syntax error: `)' unexpected
$ ./Tcpview.exe
./Tcpview.exe[1]: MZÿÿ¸@躴: not found
./Tcpview.exe[2]: syntax error: `^N$Hf{^N$Hf{^N$Hf{' unexpected
These executables aren't even in the correct format to run on OpenBSD. Hell, *LINUX* and *FREEBSD* executables, though closer in structure and such, won't run.

Trust me, no Windows virus is going to affect OpenBSD unless some seriously fancy assembly work went into it (i.e. like the Linux/Windows "virus" a while back that could only delete user files).

Last edited by rocket357; 17th December 2010 at 11:15 PM.
Reply With Quote