Msg : Prev 6 / 222 Next
1999-09-15 21:30:18

To  :

Subj:

ethods?


hi, 

i've seen different descriptions of how to infect the 
ELF-files (say binarys) on linux and i also have found 
some. besides the direct infection (asm) or the prepending 
stuff (could be well done in C) i think that infecting 
the ELF-files is the 'wrong' way on UNIX-systems. 
Nobody shares executables (or even modules:). So i think 
it would be clever to infect the source (.c) files. 
I already released my califax-virus which 
creates a /usr/local/include/stdio.h and can even jump 
from linux to dos. another way is to attack the .spec-files 
of gcc. This techniqe works fine and is described in the next 
29A-zine with full source and poly-engine written by me. 
Also securelevels will prevent you from infecting 
binaries. Below some sourcecode how one can twack 
a .c file and execute code before main() is executed. 


TTYL, 
Stealth 

P.S.: Don't even think of infecting .rpm-archives which is 
possible. :) 


/* works with gcc and egcs */ 
#include <stdio.h> 

/* must be static void 
* this can easiely put into stdio.h and every prog. recompiled 
*/ 
static void before_main() __attribute__ ((constructor)); 
static void after_main() __attribute__ ((destructor)); 

/* name of program can be read out via /proc/<getpid()>/cmdline 
*/ 
static void before_main() 
{ 
printf("before main\n"); 
} 

static void after_main() 
{ 
printf("after main\n"); 
} 


/* note that nobody in this c-proggy calls before_xxx or after_xxx functions 
*/ 
int main() 
{ 
printf("in main\n"); 

/* can be return or exit() */ 
return 0; 
} 

VX Heavens - collection of viruses,sources and articles.
Длинный список? Alt + Home - в начало, Alt + End - в конец
Пользовательского поиска