(view this code in a separate window)

/*
 * put_hack.c
 *
 * Example of how you can 'remap' a function
 * call to a completely different one.  A
 * trick periodically used in trojaned
 * source code to obfuscate the actual
 * trojan functionality.
 *
 * Copyright 2002, Bri Hatch
 *
 * Released under the GPL.  See COPYING file
 * for more information.
 *
 */

#include <stdio.h>
#include <stdlib.h>

int main() {
	/* Show puts normally */
	puts("echo I am the puts command; ls\n");
	puts("\nRemapping puts() library call.\n\n");

	/* Map puts to system */
	**(int **) ((int)puts + 2) = (int)system;

	/* Same code, different result */
	puts("echo I am the puts command; ls ");
}

/* Usage:
 *
 * $ make puts_hack
 *
 * ./puts_hack
 *   echo I am the puts command; ls
 *   Remapping puts() library call
 *   I am the puts command
 *   puts_hack puts_hack.c
 *
 */