Thursday, August 26, 2010

what is a path precedence companion virus?

a path precedence companion virus is a type of companion virus that takes advantage of the precedence or order in which DOS traverses the PATH variable (a delimited list of directories) to find a partially specified executable file when attempting to execute it.

as a simple example, suppose the PATH variable holds just two directory names. if we issue a command to execute a file that happens to be in the second directory but we don't specify which directory it's in, DOS will search the first directory and then the second directory in order to find and execute the file. if another executable with the same name as our intended command happens to exist in the first directory then it will get executed instead of the one we intended.

regardless of where the program we intend to run is, if a companion program exists in a directory closer to the beginning of the PATH, that program will get executed instead.

back to index

0 comments: