HOME   HISTORY   EFFECT   TOUR   LESSONS   BIBLIOGRAPHY

Tour of the Worm:

Additional Initialization Measures


The Worm checks to make sure that it had at least 1 object file in its command line. If it didn't, it quits.
The Worm then checks to see that it has successfully loaded the file l1.c. This is the file that the Worm will use later to infect other systems. If this file was not loaded, the Worm quits.
The Worm then erases the text of the argument array to further hide any evidence of it's presence.
The Worm then scans the network interfaces of the machine it is on, getting the flags and addresses of each interface. If it cannot find any interfaces, the Worm quits. It also loads the network mask which allows the Worm to determine what internet address are used by the local network.
The Worm then kills the process given in the -p option (probably the process that created this copy of the worm), changing the current process group to avoid killing itself.
At this point, the initializations are complete and the worm calls the central routine of the worm, which has been given the name doit.


Return to the main Worm page.