10-Day Plan for Learning Malware Development in C: Day 3 – File and Operating System Manipulation in C

Day 3 of our 10-day series on learning malware development in C is here. Today, we’re diving into file manipulation and system-level operations. Understanding how to interact with files and the operating system is crucial, not just for everyday programs but also in malware development, where accessing, modifying, or hiding files is often part of the process.

---

Day 3 - File and Operating System Manipulation in C

Objective

Today’s focus is on learning how to handle files—opening, reading, writing, and closing them—using C. We’ll also explore how to interact with the file system on both Unix and Windows systems. At the end of this session, we’ll work on a microproject to create a program that can search for files, read them, and perform a basic operation (like duplicating their contents into a new file).

Understanding File Manipulation in C

File handling in C allows our program to read from and write to files, which is essential for any type of persistent data management. The standard library provides several functions to work with files:

• fopen(): Opens a file for reading, writing, or both.
• fclose(): Closes a file.
• fread() and fwrite(): Read from and write to a file.
• fseek() and ftell(): Move the file pointer to a specific location and tell the current position.

Each of these functions will be essential for today’s microproject. Let’s break them down with examples.

Basic File Operations in C

Opening a File (fopen()):

To work with a file, you must first open it. In C, this is done with fopen(), which takes the file name and mode (e.g., "r" for reading, "w" for writing) as arguments.

Let's create the file and directory that we will be working on:

sudo mkdir Files
sudo chown snowden Files
cd Files
sudo touch example.txt

chown allows to be the owner of the directory and we need it to avoid any conflicts with access permissions.

Example:

FILE *file = fopen("example.txt", "r");  // Open file for reading
if (file == NULL) {
    printf("Error: Could not open the file.\n");
    return 1;  // Exit if the file couldn't be opened
}

Reading from a File (fread() and fgets()):

Once the file is open, you can read its contents. For reading text files, fgets() is commonly used.

Example:

char buffer[255];
if (fgets(buffer, 255, file) != NULL) {
    printf("File contents: %s\n", buffer);
}

Output

Hello World! is the content of the example.txt file.

For binary files, you can use fread() to read the raw data.

Writing to a File (fwrite() and fprintf()):

To write to a file, you can use fprintf() for text files or fwrite() for binary data.

Example:

FILE *file_out = fopen("output.txt", "w");  // Open for writing
if (file_out != NULL) {
    fprintf(file_out, "This is an example of writing to a file in C.\n");
    fclose(file_out);  // Don't forget to close the file


Output

Note that there is a new file called output.txt now.

Closing a File (fclose()):

After you’re done working with a file, it’s important to close it using fclose() to free up system resources.

fclose(file);

Interacting with the File System

In Unix-based systems, file system interaction can be done using system calls like opendir(), readdir(), and closedir() to explore directories, while Windows provides functions like FindFirstFile(), FindNextFile(), and FindClose().sl

Unix: Searching Files in a Directory

You can open a directory and read its contents using the following functions:

• opendir(): Opens a directory for reading.
• readdir(): Reads the contents of the directory.
• closedir(): Closes the directory when finished.

Example:

#include <dirent.h>
#include <stdio.h>

void listFiles(const char *path) {
    struct dirent *de;  // Pointer for directory entry

    // Open the directory
    DIR *dr = opendir(path);
    if (dr == NULL) {
        printf("Could not open directory %s\n", path);
        return;
    }

    // Read and print the contents
    while ((de = readdir(dr)) != NULL) {
        printf("%s\n", de->d_name);
    }

    closedir(dr);
}

int main() {
    listFiles(".");  // List files in the current directory
    return 0;
}

Output

Windows: Searching Files in a Directory

On Windows, you can use FindFirstFile() and FindNextFile() to list the contents of a directory.

Example:

#include <windows.h>
#include <stdio.h>

void listFiles(const char *path) {
    WIN32_FIND_DATA findFileData;
    HANDLE hFind = FindFirstFile(path, &findFileData);

    if (hFind == INVALID_HANDLE_VALUE) {
        printf("No files found in directory.\n");
        return;
    } else {
        do {
            printf("%s\n", findFileData.cFileName);
        } while (FindNextFile(hFind, &findFileData) != 0);
    }

    FindClose(hFind);
}

int main() {
    listFiles("C:\\path\\to\\directory\\*");
    return 0;
}

Microproject – File Search and Duplication

Now that you understand file handling and file system navigation, it’s time to apply what you’ve learned. The goal of this microproject is to create a C program that:

1. Searches for a specific file in a directory.
2. Reads the contents of the file.
3. Writes the contents into another file (duplicating it).

Instructions

1. Search for the File: Use either opendir() and readdir() (for Unix) or FindFirstFile() and FindNextFile() (for Windows) to find a specific file in the directory.

2. Read the File: Open the found file using fopen() and read its contents with fgets() (for text) or fread() (for binary data).

3. Duplicate the File: Write the contents to a new file using fprintf() or fwrite().

Example Code:

#include <stdio.h>
#include <dirent.h>
#include <string.h>

// Function to search for a specific file in the directory
void searchFileAndDuplicate(const char *dir, const char *fileName) {
    struct dirent *de;
    DIR *dr = opendir(dir);
    
    if (dr == NULL) {
        printf("Could not open directory %s\n", dir);
        return;
    }

    while ((de = readdir(dr)) != NULL) {
        if (strcmp(de->d_name, fileName) == 0) {
            printf("Found file: %s\n", de->d_name);

            // Open the found file
            char filePath[256];
            snprintf(filePath, sizeof(filePath), "%s/%s", dir, fileName);
            FILE *file_in = fopen(filePath, "r");
            if (file_in == NULL) {
                printf("Error: Could not open the file for reading.\n");
                closedir(dr);
                return;
            }

            // Create a new file to duplicate the content
            FILE *file_out = fopen("duplicate.txt", "w");
            if (file_out == NULL) {
                printf("Error: Could not create the output file.\n");
                fclose(file_in);
                closedir(dr);
                return;
            }

            // Read and duplicate the content
            char buffer[255];
            while (fgets(buffer, sizeof(buffer), file_in)) {
                fprintf(file_out, "%s", buffer);  // Write to new file
            }

            printf("File duplicated successfully.\n");

            // Close files
            fclose(file_in);
            fclose(file_out);
        }
    }

    closedir(dr);
}

int main() {
    searchFileAndDuplicate(".", "example.txt");  // Search and duplicate "example.txt"
    return 0;
}

Explanation

• Directory Traversal: We use opendir() and readdir() to search the current directory (".") for the file example.txt.
• File Duplication: Once the file is found, we open it using fopen(), read its contents, and write them to a new file called duplicate.txt.
• Error Handling: The code includes checks to ensure files and directories can be opened before performing operations.

Conclusion

Now you should feel comfortable working with files in C, including opening, reading, writing, and closing them, as well as navigating through directories to search for files. These skills are fundamental when developing malware that interacts with the file system, such as searching for sensitive data or modifying system files.

Tomorrow, we’ll take it a step further by working with system calls and inter-process communication, getting closer to more advanced malware techniques. 

Thank you for reading and I hope you find this useful, Happy Hacking! ❤