This is a simple piece of code for GNU/Linux that masquerades a process.
2d995009a52a37a5040f72bed8827c1ba14cf44fb05682fd3ee28e43148c8543
# + procmask.pl
# + Version 0.8
# + Description: argv[] disguise
# u need to send new string from STDIN > file
# ! Tested on GNU/Linux 2.6.22-14-generic
# + written by despai [skkunk@gmail.com - www.despai.es]
#!/usr/bin/perl
die " \n Usage:\n $0 <file>\n\n"
if ( $#ARGV + 1 != 1 );
die " \n Error al abrir el fichero\n\n"
unless ( open FILENAME_IO, "+<" . $ARGV[0] );
# C code which we'll add
$new_code =
' int short pos;' . "\n"
. ' int short size;' . "\n"
. ' char new_argv[15][30];' . "\n"
. ' char MASCARA[]="xdxd";' . "\n"
. ' strncpy(new_argv[0],argv[0],30);' . "\n"
. ' bzero(argv[0],strlen(argv[0]));' . "\n"
. ' strncpy(argv[0], MASCARA, 30);' . "\n"
. ' if(argc >= 2) {' . "\n"
. ' for(pos=1; pos<=argc-1; pos++)' . "\n"
. ' strncpy(new_argv[pos], argv[pos],30);' . "\n"
. ' for(pos=1; pos<=argc-1; pos++)' . "\n"
. ' bzero(argv[pos],strlen(argv[pos]));}' . "\n";
# Going to remplace argv[] and argc to diffrents names
# And we had to find main() to add next $new_code
while ( $line = <FILENAME_IO> ) {
if ( ( $line =~ /.*main.*\(.*\).*/ ) and !$llave ) {
( $line =~ /.*{.*/ ) ? print $line. $new_code : ( $llave = 1 )
&& print $line;
next;
}
if ( $llave and ( $line =~ /.*{.*/ ) ) {
print $line. $new_code;
$llave = 0;
next;
}
$line =~ s/argv\[(\d)*\]/new_argv\[$1\]/;
print $line;
}
close FILENAME_IO;