{ Copyright Header

Use at your own risk. No warranty is expressed or implied. Neither

Apple Computer nor MacTutor endorse or warrant this program in any

way, nor are they responsible for its use or mis-use in any way.

This Macintosh virus-detecting program was originally published and

explained in the February 1989 issue of MacTutor magazine. Some

aspects of its design are important to security, and it uses some

unusual techniques, so please read the article. }

“CodeSizeLimits.p”

UNIT CodeSizeLimits;

INTERFACE

VAR

gJTSize: INTEGER;

gEntryPoint: LONGINT;

gSizeLimit:

ARRAY [0..8] OF LONGINT;

gMaxCode: INTEGER;

PROCEDURE GetCodeSizeLimits;

IMPLEMENTATION

PROCEDURE zzSecurityPatrol; EXTERNAL;

PROCEDURE GetCodeSizeLimits;

BEGIN

gEntryPoint := ORD4(@zzSecurityPatrol)+$1A;

gJTSize := 1240;

gMaxCode := 8;

gSizeLimit[0] := gJTSize + 16;

gSizeLimit[1] := 15700;

gSizeLimit[2] := 23900;

gSizeLimit[3] := 11200;

gSizeLimit[4] := 00844;

gSizeLimit[5] := 01908;

gSizeLimit[6] := 01606;

gSizeLimit[7] := 01822;

gSizeLimit[8] := 01312;

END;

END.

“Fingerprint.ipas”

{ File Fingerprint.ipas }

VAR

gFgPr1,gFgPr2,gFgPr3,gFgPr4,gFgPr5,gFgPr6,gFgPr7: LONGINT;

PROCEDURE CommentFgPr;

BEGIN

Wryte (‘: (‘);

WryteNbr (gFgPr1,5);

WryteChar(‘,’);

WryteNbr (gFgPr2,9);

WryteChar(‘,’);

WryteNbr (gFgPr3,6);

WryteChar(‘,’);

WryteNbr (gFgPr4,5);

WryteChar(‘,’);

WryteNbr (gFgPr5,5);

WryteChar(‘,’);

WryteNbr (gFgPr6,5);

WryteChar(‘,’);

WryteNbr (gFgPr7,9);

WryteChar(‘)’);

END;

PROCEDURE CommentFgPrData;

BEGIN

ErrorBegins(‘Unknown data fork’);

CommentFgPr;

ErrorEnds(0);

END;

PROCEDURE CommentFgPrRsrc(pRsrcPtr: TRsrcPtr);

BEGIN

IF (gFgPrTitle <> ‘’) THEN