acd_check.c
来自「自己写的入侵检测源码」· C语言 代码 · 共 176 行
C
176 行
int find_canshuo(struct canshuo *canshuo_a,struct canshuo *canshuo_b);
int find_systemcall(exe_acd_struct *exe_acd_struct_a,exe_acd_struct *exe_acd_struct_b);
int find_feifa_xinxi_node(exe_acd_struct *exe_acd_struct_a,exe_acd_struct *exe_acd_struct_b);
int check_acd();
int find_canshuo(struct canshuo *canshuo_a,struct canshuo *canshuo_b)
{
while(1)
{
if(canshuo_a!=NULL&&canshuo_b!=NULL)
{
if(strcmp(canshuo_a->canshuo_name,canshuo_b->canshuo_name)==0)
{
canshuo_a=canshuo_a->next;
canshuo_b=canshuo_b->next;
}
else
{ return 0;
break;
}
}
else
{
if(canshuo_a==NULL&&canshuo_b==NULL)
{
return 1;
}
else
{
return 0;
}
}
}
}
int find_systemcall(exe_acd_struct *exe_acd_struct_a,exe_acd_struct *exe_acd_struct_b)
{
int i,flag;
i=0;
flag=1;
for(i=0;i<SYSTEMCALL_COUNT;i++)
{
if(strcmp(exe_acd_struct_a->systemcall_list[i].systemcall_name,"$")==0)
{
if(strcmp(exe_acd_struct_b->systemcall_list[i].systemcall_name,"$")!=0)
{
flag=0;
break;
}
else
{
break;
}
}
if(strcmp(exe_acd_struct_b->systemcall_list[i].systemcall_name,"$")==0)
{
if(strcmp(exe_acd_struct_a->systemcall_list[i].systemcall_name,"$")!=0)
{
flag=0;
break;
}
}
if(exe_acd_struct_a->systemcall_list[i].process_number==exe_acd_struct_b->systemcall_list[i].process_number)
{
if(exe_acd_struct_a->systemcall_list[i].count==exe_acd_struct_b->systemcall_list[i].count)
{
if(find_canshuo(exe_acd_struct_a->systemcall_list[i].head,exe_acd_struct_b->systemcall_list[i].head))
{
continue;
}
else
{
flag=0;
break;
}
}
else
{
flag=0;
break;
}
}
else
{
flag=0;
break;
}
}
return flag;
}
int find_feifa_xinxi_node(exe_acd_struct *exe_acd_struct_a,exe_acd_struct *exe_acd_struct_b)
{
int flag;
flag=0;
if(exe_acd_struct_a!=NULL&&exe_acd_struct_b!=NULL)
{
if(exe_acd_struct_a->exe_file_name_node.right>=exe_acd_struct_b->exe_file_name_node.right)
{
if(find_systemcall(exe_acd_struct_a,exe_acd_struct_b))
{
flag=1;
}
}
}
return flag;
}
int check_acd(exe_acd_struct * feifa_diaoyong_file)
{
int flag=0;
int i=0;
struct feifa_xinxi_struct *p1,*p2;
p1=(struct feifa_xinxi_struct * )kmalloc(sizeof(struct feifa_xinxi_struct),0);
p2=(struct feifa_xinxi_struct * )kmalloc(sizeof(struct feifa_xinxi_struct),0);
p1->feifa_xinxi_node=(struct exe_acd_struct * )kmalloc(sizeof(struct exe_acd_struct),0);
acd_head1=(struct feifa_xinxi_struct * )kmalloc(sizeof(struct feifa_xinxi_struct),0);
acd_head1->feifa_xinxi_node=(struct exe_acd_struct * )kmalloc(sizeof(struct exe_acd_struct),0);
strcpy(acd_head1->feifa_xinxi_node->exe_file_name_node.exe_file_name,"aaaa");
strcpy(acd_head1->feifa_xinxi_node->feifa_xinxi,"Possibility buffer overflow! Stop runing.");
acd_head1->feifa_xinxi_node->exe_file_name_node.right=4;
for(i=0;i<SYSTEMCALL_COUNT;i++)
{
strcpy(acd_head1->feifa_xinxi_node->systemcall_list[i].systemcall_name,"aa");
acd_head1->feifa_xinxi_node->systemcall_list[i].count=11;
acd_head1->feifa_xinxi_node->systemcall_list[i].process_number=1;
acd_head1->feifa_xinxi_node->systemcall_list[i].head=(struct canshuo *)kmalloc(sizeof(struct canshuo),0);
strcpy(acd_head1->feifa_xinxi_node->systemcall_list[i].head->canshuo_name,"/bin/sh");
acd_head1->feifa_xinxi_node->systemcall_list[i].head->next=NULL;
break;
}
strcpy(acd_head1->feifa_xinxi_node->systemcall_list[i+1].systemcall_name,"$");
acd_head1->next=NULL;
p1=acd_head1;
while(p1!=NULL)
{
if(strcmp(feifa_diaoyong_file->exe_file_name_node.exe_file_name,"/bin/su")==0)
{
break;
}
if(find_feifa_xinxi_node(p1->feifa_xinxi_node,feifa_diaoyong_file))
{
flag=-1;
printk(" | %-61s|\n",p1->feifa_xinxi_node->feifa_xinxi);
printk(" +--------------------------------------------------------------+\n");
break;
}
else
{
//printk("has been checked!\n");
p1=p1->next;
}
}
return flag;
}
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?