#!/usr/bin/perl
#
##
# Linux Malware Detect v1.6.2
# (C) 2002-2017, R-fx Networks <proj@r-fx.org>
# (C) 2017, Ryan MacDonald <ryan@r-fx.org>
# This program may be freely redistributed under the terms of the GNU GPL v2
##
#
if ($#ARGV != "0") {
print "usage: hexfile\n";
exit;
}
$hexfile = $ARGV[0];
$named_pipe_name = "/usr/local/maldetect/internals/hexfifo";
$timeout = "1";
if (-p $named_pipe_name) {
eval {
local $SIG{ALRM} = sub { die "alarm\n" }; # NB: \n required
alarm $timeout;
if (sysopen(FIFO, $named_pipe_name, O_RDONLY)) {
while(my $this_line = <FIFO>) {
chomp($this_line);
$return .= $this_line;
}
close(FIFO);
} else {
$errormsg = "ERROR: Failed to open named pipe $named_pipe_name for reading: $!";
}
alarm 0;
};
if ($@) {
if ($@ eq "alarm\n") {
# timed out
$errormsg = "Timed out reading from named pipe $named_pipe_name";
} else {
$errormsg = "Error reading from named pipe: $!";
}
} else {
# didn't time out
$instr = $return;
}
}
$dat_hexstring=$hexfile;
open(DAT, $dat_hexstring) || die("Could not open $dat_hexstring");
@raw_data=<DAT>;
close(DAT);
foreach $hexptr (@raw_data) {
chomp($hexptr);
($ptr,$name)=split(/:/,$hexptr);
if ( grep(/$ptr/, $instr) ) {
print "$ptr $name \n";
exit;
}
}
Copyright 2K16 - 2K18 Indonesian Hacker Rulez