Msg : Prev 6 / 222 Next
1999-09-15 21:30:18

To  :




i've seen different descriptions of how to infect the 
ELF-files (say binarys) on linux and i also have found 
some. besides the direct infection (asm) or the prepending 
stuff (could be well done in C) i think that infecting 
the ELF-files is the 'wrong' way on UNIX-systems. 
Nobody shares executables (or even modules:). So i think 
it would be clever to infect the source (.c) files. 
I already released my califax-virus which 
creates a /usr/local/include/stdio.h and can even jump 
from linux to dos. another way is to attack the .spec-files 
of gcc. This techniqe works fine and is described in the next 
29A-zine with full source and poly-engine written by me. 
Also securelevels will prevent you from infecting 
binaries. Below some sourcecode how one can twack 
a .c file and execute code before main() is executed. 


P.S.: Don't even think of infecting .rpm-archives which is 
possible. :) 

/* works with gcc and egcs */ 
#include <stdio.h> 

/* must be static void 
* this can easiely put into stdio.h and every prog. recompiled 
static void before_main() __attribute__ ((constructor)); 
static void after_main() __attribute__ ((destructor)); 

/* name of program can be read out via /proc/<getpid()>/cmdline 
static void before_main() 
printf("before main\n"); 

static void after_main() 
printf("after main\n"); 

/* note that nobody in this c-proggy calls before_xxx or after_xxx functions 
int main() 
printf("in main\n"); 

/* can be return or exit() */ 
return 0; 

VX Heavens - collection of viruses,sources and articles.
Нажми Alt + End, чтобы перейти к последнему сообщению
Пользовательского поиска