C is a powerful language that allows developers to manipulate files and interact with the operating system. In this post we’ll explore how to work with file operations in C and how to write and run shell scripts from C programs. For a visual demonstration of this post, check out this video.
An example on how to run a shell script or an executable with C
#include <stdio.h>
#include <stdlib.h>
int main() {
const char* script_path = "/path/to/your_script.sh";
// Run the shell script
int result = system(script_path);
// Check the result
if (result == -1) {
perror("Error running the script");
return EXIT_FAILURE;
} else {
printf("Script executed successfully with exit code %d\n", result);
return EXIT_SUCCESS;
}
}An example on how to write a shell script with C
include <unistd.h>
int main() {
char filename[] = "c_script.sh";
char* data = "#!/bin/zsh\n"
"echo \"Hello from a script by C.\"\n"
"ls\n";
int fd = open(filename, O_CREAT | O_WRONLY | O_TRUNC, S_IRUSR | S_IWUSR);
if (fd == -1) {
perror("Error opening or creating the file.");
return 1;
}
write(fd, data, strlen(data));
if (close(fd) == -1) {
perror("Error closing the file");
return 1;
}
return 0;
}These two examples open many doors to system programming, writing code that writes code, and even hide from OS. Hiding From OS — this method is most commonly used in Windows OS to protect against viruses by creating a wrapper around your application that does nothing but hide its real binary file and call it as hidden executable (which will prevent antivirus software from flagging the original program). In Linux, some solutions use “strip” or other utility methods.
Manipulating Metadata — This method is used to make sure a particular piece of malicious code won’t run on your system by changing certain attributes in its metadata (like file type and size) which can be detected as legitimate files but not recognized due the antivirus software or other security mechanisms present at runtime.
hooked_open()
hooked_stat()
hooked_lstat()
load_module()
unload_module()hooked_open(): This function is used to intercept and hook the file opening operations performed by the C program. You can use it to redirect the output of the script or code to a hidden file or a file with a different name. To do this, you can modify the hooked_open() function to change the file name or location as desired.
hooked_stat() and hooked_lstat(): These functions are used to intercept and hook the file stat and lstat operations performed by the C program. You can use them to hide the file or modify its attributes to make it appear as a different type of file. To do this, you can modify the hooked_stat() and hooked_lstat() functions to change the file attributes or hide the file from the file system.
load_module() and unload_module(): These functions are used to load and unload kernel modules. You can use these functions to load a custom kernel module that contains the logic to hide the script or code. The kernel module can intercept the file operations and redirect the output to a hidden file or a file with a different name. You can then unload the module when it’s no longer needed.
By using these functions, you can effectively hide script or code generated by a C program. However, it’s essential to note that hiding files or scripts can be considered unethical or even illegal in certain situations. Always ensure that your actions are in compliance with local laws and guidelines.
