C Programming : XS file opener
| Anthony973 (4) |  |
|
Hi all! I don't know C very much, I've only read part of a book a year and a half ago, but still I am trying to understand the source code of the “cracksome” file of the the Morris worm, which you can find here (It's a .txt file so no it won't run on the computer) : http://www.foo.be/docs-free/morris-worm/worm/cracksome.c.txt I think it is relevant for you to know that this worm was made in 1988, so it's not recent. I wish to know what some kind of function called XS() is. I'll start by that.In the source code, I sometimes see this XS function, I guess it has something to do with the characters included in a file, but I can't then understand the meaning of XS("r") in lines like this one :hosteq = fopen(XS("/etc/hosts.equiv"), XS("r"));This line and the following ones aim to search for hostnames in the "/etc/hosts.equiv" file inside the infected host. “hosteq” is defined as FILE *hosteq;. It must be some kind of pointer to a file.Sometimes I see XS("x") but I can't figure this out either...strcpy(&user->passwd[0], XS("x"));passwd is an array of 15 characters inside a structure called “usr” and is defined as char passwd[14];. user seems to be a pointer to the structure usrThat's all folks! Can you help me? I'd appreciate it a lot. :-) | |
|
Last edited on
|
|
| L B (3806) | |
||
I'm going to guess it is a macro similar to Microsoft's _T(). Normally it just expands to the string, but in Unicode it would expand with an L in front of the string to make it a wide string literal:
| |||
|
Last edited on
|
|||
| Cubbi (1925) | |
|
XS() was actually the decryption function that Morris used to hide plain-text strings in the compiled code. see: http://spaf.cerias.purdue.edu/tech-reps/823.pdf (the source code you found has the strings pre-decrypted for readability) | |
|
Last edited on
|
|
| Anthony973 (4) | |
| Thanks to you both! (especially you, Cubbi) | |
|
Last edited on
|
|
Registered users can post here. Sign in or register to post.