chkrootkit  0.55
About: chkrootkit is a shell script that checks system binaries for rootkit modification.
  Fossies Dox: chkrootkit-0.55.tar.gz  ("unofficial" and yet experimental doxygen-generated source code documentation)  

strings.c
Go to the documentation of this file.
1 /*
2  * Poor developer's strings.
3  * (c) 2002, Sean D. True, WebReply.Com, Inc.
4  * Use freely, under the Python license
5  * In short: use with or without attribution as you like, but
6  * no warranty of fitness, suitability, or anything else is given!
7  *
8  * ChangeLog:
9  * superfluous printable() function deleted - 2002/02/20 - Nelson Murilo
10  */
11 
12 #include <stdio.h>
13 #include <strings.h>
14 #include <sys/types.h>
15 #include <sys/stat.h>
16 #include <ctype.h>
17 #include <stdlib.h>
18 #ifdef __FreeBSD__
19 #include <string.h>
20 #endif
21 #ifdef __linux__
22 #include <string.h>
23 #endif
24 
25 #define MAXFILESIZE (4*1024*1024)
26 
27 /*
28  * Many options here. The current choice produces a little more output
29  * than gnu strings
30  */
31 
32 /*
33  * Try to get the filesize via stat, and get a buffer to match
34  * Naievely allocate a 4MB buffer if we can't
35  * Fails badly if it allocate a buffer big enough to load a file
36  */
37 unsigned char *filebuf(FILE *pf, int *sz) {
38  struct stat buf;
39  unsigned char *cdata;
40 
41  if (fstat(fileno(pf), &buf) < 0) {
42  perror("fstat");
43  exit (1);
44  }
45 
46  *sz = buf.st_size;
47  if(*sz == 0) *sz = MAXFILESIZE;
48 
49  if ((cdata = malloc(*sz+1)) == NULL) {
50  perror("malloc");
51  exit (1);
52  }
53  return cdata;
54 }
55 
56 /*
57  * Find printable strings of 4 or more characters
58  * Always scans entire file (-a option of gnu strings)
59  */
60 void strings(FILE *pf) {
61  static char printme[1024];
62  int sz;
63  unsigned char *cdata;
64  int nread;
65  int printmeindex;
66  cdata = filebuf(pf,&sz);
67  nread = fread(cdata, 1, sz, pf);
68  printmeindex = 0;
69  if (nread > 0) {
70  int i;
71  unsigned char c;
72  int isprintable;
73  int iseol;
74  for (i = 0; i < nread; i++) {
75  c = cdata[i];
76  isprintable = isprint(c);
77  iseol = 0;
78  if (c == 0 || c == '\n' || printmeindex >= sizeof(printme)-1) iseol = 1;
79  if (iseol || !isprintable) {
80  if (printmeindex > 3 && iseol) {
81  printme[printmeindex++] = 0;
82  printf("%s\n", printme);
83  printmeindex = 0;
84  }
85  }
86  else if (isprintable) {
87  printme[printmeindex++] = c;
88  }
89  }
90  }
91  if (printmeindex > 3) {
92  printme[printmeindex++] = 0;
93  printf("%s\n", printme);
94  printmeindex = 0;
95  }
96  free(cdata);
97 }
98 
99 /*
100  * Silently accepts the -a option
101  */
102 int main(int argc, char **argv)
103 {
104  if (argc > 1) {
105  int i;
106  for (i = 1; i < argc; i++) {
107  FILE *pf;
108  if (strcmp(argv[i], "-a") == 0) continue;
109 
110  if ((pf = fopen(argv[i],"rb")) == NULL) {
111  perror("fopen");
112  return(1);
113  }
114  strings(pf);
115  }
116  }
117  else {
118  strings(stdin);
119  }
120  return(0);
121 }
int main(int argc, char **argv)
Definition: strings.c:102
unsigned char * filebuf(FILE *pf, int *sz)
Definition: strings.c:37
#define MAXFILESIZE
Definition: strings.c:25
void strings(FILE *pf)
Definition: strings.c:60