Identify tinysh file and function.

jacob-baines · Oct 10, 2015 · 39d21ca · 39d21ca
1 parent 8627fe0
commit 39d21ca
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 0 deletions.
diff --git a/src/abstract_segments.cpp b/src/abstract_segments.cpp
@@ -377,6 +377,10 @@ std::string AbstractSegments::determineFamily() const
     {
         return "ELF.Elknot";
     }
+    if (files.find("tshd.c") != files.end())
+    {
+        return "TinySH";
+    }
 
     const std::vector<AbstractSymbol>& symbols(getAllSymbols());
     BOOST_FOREACH(const AbstractSymbol& symbol, symbols)

diff --git a/src/symbols.cpp b/src/symbols.cpp
@@ -73,6 +73,7 @@ namespace
         ("pcap_read", std::make_pair(elf::k_packetSniff, "pcap_read() found"))
         ("pcap_loop", std::make_pair(elf::k_packetSniff, "pcap_loop() found"))
         ("system", std::make_pair(elf::k_shell, "system() found"))
+        ("tshd_runshell", std::make_pair(elf::k_shell, "tinysh function found."))
         ("dlsym", std::make_pair(elf::k_hooking, "dlsym() found in hooking context"))
         ("ptrace", std::make_pair(elf::k_antidebug, "ptrace detection found"));
 }