/* mfp_chksrc.c (c)oded by m4rc3l0 in 102003 * * * * Baseado no srcsec.c feito por bob@dtors * * Checa o source atras d funcoes bugadas do * * tipo(strcpy, gets, ...) entendes feosos ? * * * * Greetz: Julie(T AMO LINDA), BashX, akabr, * * eSc2, tuv8, habeas, brun3rz, r0ot, qwq, * * acubidu, deadsckt, decodi(minha putana), * * volfi, reignu, unistd, baalcefas, morfis, * * fingulino, sinner, japex, joshua, anjin, * * #dnh #binaryrebels #linuxarena * * AT BRasnet * * * * www.binaryrebels.cjb.net * * www.m4rc3l0rlz.hpg.ig.com.br * * * * Mail-eu: m4rc3l0rlz@yahoo.com.br */ #include #include #include #include #define TAG "\x6d\x66\x70" #define UND "\x5f" #define MAX 100 void banner(); FILE *fp; struct { int t; // tipo, 0x1=BOF, 0x2=FMT char *strs; // Str Search } listun[] = { {0x1, "gets"}, {0x1, "fgets"}, {0x1, "strcpy"}, {0x1, "strcat"}, {0x1, "setenv"}, {0x1, "getenv"}, {0x1, "scanf"}, {0x1, "sscanf"}, {0x1, "fscanf"}, {0x2, "sprintf"}, {0x2, "fprintf"}, {0x2, "snprintf"}, {0x2, "syslog"}, {0x2, "system"}, {0x2, "popen"}, {0x2, "vsprintf"}, {0x2, "vsnprintf"}, }; int main(int argc, char *argv[]) { int fv=0; // Flag Verbose int x, afu; char bufi[100]; char *arq = (char *)malloc(MAX * sizeof(char)); if(argc!=2) { banner(); fprintf(stderr, "Usage: %s \n", argv[0]); exit(-1); } strncpy(arq, argv[1], strlen(argv[1])); if((fp=fopen(arq, "r")) == NULL) { fprintf(stderr, "Error opening file: %s\n", arq); exit(-1); } printf("File: %s\n\n", arq); fseek(fp, 0, SEEK_SET); do { afu = fscanf(fp, "%s\n", bufi); for(x=0; x<17; x++) { if((strstr(bufi, listun[x].strs)) != NULL) { if(listun[x].t == 1) { printf("%s():%db:BOF\n", listun[x].strs, (ftell(fp)) - strlen(listun[x].strs)); // Valor qse certo } else printf("%s():%db:FMT\n", listun[x].strs, (ftell(fp)) - strlen(listun[x].strs)); // Valor qse certo } } } while (afu != EOF); fclose(fp); return(0); } void banner(void) { printf("%s%schksrc.c (c)oded by m4rc3l0\n", TAG, UND); }