Tutorials to .com

Tutorials to .com » Software » Vc » VC + + programs under the analysis of covert means of hacking software,

VC + + programs under the analysis of covert means of hacking software,

Print View , by: iSee ,Total views: 18 ,Word Count: 1153 ,Date: Tue, 25 Aug 2009 Time: 4:10 PM


Author: Lang Rui
1 Introduction

With the continuous development of computer networks, hackers, technology is increasingly becoming a technological power can not be ignored, even though the majority of hackers target server based on the majority of Internet users directly harm is not significant. However, a class called "Trojan horse" programs can be a hacker by means of deception in the general network services to the client-side installation of Trojan horse, so that the user's computer when surfing the Internet left the back door, while the hacker can be infected through the back door of the Computer arbitrary conduct surveillance, sabotage. Clearly, such a black soft for ordinary Internet users is a very serious hazard.

Such black soft still belong to the application, its essence is socket-based network communication program. Therefore, a successful hacker attack on the infected computer can be a very necessary prerequisite is that at this time was the attacker already has Trojan program server running. As the Trojan horse program is a malicious program that can be attacked in the case of those who are not aware of a quiet start to run for an attacker to open the back door, it is clearly not as glamorous as the other programs displayed in the task bar and task list, otherwise they will be immediately perceived by users but will close it will be lost to provide a backdoor for the attacker role. This Here's the mechanism for its discussion of hidden programs.

Second, the program in the task bar hidden principle

,,InitInstance()ShowWindow()SW_SHOWSW_HIDE。 The main interface while hiding the task bar will disappear though, it will flash when the program starts clicking, so need to modify the program extended attributes. One way is the wording of SDK, that is, direct use GetWindowLong () to obtain an extension of the current attributes and then through logical to remove the original WS_EX_APPWINDOW properties, and newly added one WS_EX_TOOLWINDOW property, so that the system will be considered as an instrument of the window and no longer be displayed in the task bar. Need to be modified final extended attributes via SetWindowLong () function will write it back to. The declaration of these two functions are as follows:

LONG GetWindowLong (HWND hWnd, int nIndex);
LONG SetWindowLong (HWND hWnd, int nIndex, LONG dwNewLong);

The other is a very simple MFC-written: In the procedural framework of the pre-class function to create a window inside the structure through direct object of CREATESTRUCT logical operation while the program attribute changes:

cs.style = WS_POPUP;
cs.dwExStyle | = WS_EX_TOOLWINDOW;

Although these two kinds of written expression of different forms, its essence is the same.

3, the program in the task list in the hidden principle of

The task list (Ctrl + Alt + Del when the pop-up dialog box) shows the current system is running some applications, if the implementation of the previous step, although in the task bar invisible process, but experienced users can observe the task list and found some questionable applications and in this turn it off. So most of the black soft-also through more complex means to achieve their own hidden in the task list, so that the opportunity was found to be greatly reduced.

In Win9x, in general, each application must be through an API (application programming interface) functions RegisterServiceProcess () to the system for registration as a service process, and is also a function of write-off of its services through this process to the end of the operation of the service process. If a process is registered as a service process, through the Ctrl + Alt + Del in the task list you can see the title of the process. And if a process is running the system but has failed to apply for registration as a service process, then it will not be displayed in the task list. Black Soft also took advantage of this principle to make itself at run time can be achieved in the task list hiding. The function is stored in the system kernel Kernel32.dll in the specific statement as follows:


DWORD RegisterServiceProcess (DWORD dwProcessId, DWORD dwType);

Its first parameter is designated as a service process, process ID, if it is 0 registered the current process; second parameter that is registered or the cancellation of the current process, its state, respectively: RSP_SIMPLE_SERVICE and RSP_UNREGISTER_SERVICE. Black is generally soft-start initialization when the program first from Kernel32.dll Dynamic Link Library will RegisterServiceProcess () function is loaded into memory, and then the program through the function hidden from the task list:

/ / From the Kernel32.dll loaded RegisterServiceProcess ()
HMODULE m_hKernel =:: GetModuleHandle ( "Kernel32.DLL");
RSP m_rsp = (RSP):: GetProcAddress (m_hKernel, "RegisterServiceProcess");
m_rsp (:: GetCurrentProcessId (), 1); / / At this point is hidden, when the second parameter to 0 to display

In addition, as part of the black soft through ShowWindowAsync () function to start a new thread to display a new window. The function prototype is:

BOOL ShowWindowAsync (HWND hWnd, int nCmdShow);

The Black Diamond Soft is the function of the second parameter can be set to display status of the loopholes in the form, in the set when it can make goals SW_HIDE form (black soft) to hide from the task list.

Conclusion: The above is a hacker program under Win9x with some of the basic functions, on this basis, we can write by virtue of its achieve the skills to monitor the background of some type, such as utilities. And can be hidden software on the hacker class analysis of the mechanism enables the user to such black soft-taking all necessary measures, through the strengthening of the loss prevention to make their own preventive measures.


Visual C++ Tutorial Articles


Can't Find What You're Looking For?


Rating: Not yet rated

Comments

No comments posted.