📄 揭开木马的神秘面纱5.htm
字号:
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.5pt;mso-bidi-font-size:
10.0pt"><span style="mso-spacerun: yes">
</span>Trojan.dll<span style="mso-spacerun: yes">
</span>---- [ LoadLibrary ]---- Trojan.dll --- [ DLL</span><span style="font-size:10.5pt;mso-bidi-font-size:10.0pt;font-family:
宋体;mso-ascii-font-family:"Times New Roman";mso-hansi-font-family:"Times New Roman"">计数器加一</span><span lang="EN-US" style="font-size:10.5pt;mso-bidi-font-size:10.0pt">
]<o:p>
</o:p>
</span></p>
<p class="MsoNormal" style="text-indent:36.0pt"><span lang="EN-US" style="font-size:10.5pt;mso-bidi-font-size:10.0pt">HookInst.exe
---- [ ExitProcess<span style="mso-spacerun: yes"> </span>]----- [ </span><span style="font-size:10.5pt;mso-bidi-font-size:10.0pt;font-family:宋体;mso-ascii-font-family:
"Times New Roman";mso-hansi-font-family:"Times New Roman"">进程退出</span><span lang="EN-US" style="font-size:10.5pt;mso-bidi-font-size:10.0pt">
]<o:p>
</o:p>
</span></p>
<p class="MsoNormal" style="text-indent:36.0pt"><span lang="EN-US" style="font-size:10.5pt;mso-bidi-font-size:10.0pt">DestProc.exe
---- [ FreeLibrary<span style="mso-spacerun: yes"> </span>] ----
Trojan.dll ---[ DLL</span><span style="font-size:10.5pt;mso-bidi-font-size:10.0pt;font-family:宋体;mso-ascii-font-family:
"Times New Roman";mso-hansi-font-family:"Times New Roman"">计数器减一</span><span lang="EN-US" style="font-size:10.5pt;mso-bidi-font-size:10.0pt">
]<o:p>
</o:p>
</span></p>
<p class="MsoNormal" style="text-indent:36.0pt"><span lang="EN-US" style="font-size:10.5pt;mso-bidi-font-size:10.0pt">Trojan.dll<span style="mso-spacerun: yes">
</span>----<span style="mso-spacerun: yes"> </span>[<span style="mso-spacerun: yes">
</span></span><span style="font-size:
10.5pt;mso-bidi-font-size:10.0pt;font-family:宋体;mso-ascii-font-family:"Times New Roman";
mso-hansi-font-family:"Times New Roman"">继续驻留</span><span lang="EN-US" style="font-size:10.5pt;mso-bidi-font-size:10.0pt"><span style="mso-spacerun:
yes"> </span>]<span style="mso-spacerun: yes"> </span>----
DestProc.exe<o:p>
</o:p>
</span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.5pt;mso-bidi-font-size:
10.0pt"> <o:p>
</o:p>
</span></p>
<p class="MsoNormal"><span style="mso-tab-count: 1; font-size: 10.5pt; mso-bidi-font-size: 10.0pt" lang="EN-US">
</span><span style="font-size:10.5pt;mso-bidi-font-size:10.0pt;font-family:宋体;mso-ascii-font-family:
"Times New Roman";mso-hansi-font-family:"Times New Roman"">至此,一个木马</span><span lang="EN-US" style="font-size:10.5pt;mso-bidi-font-size:10.0pt">DLL</span><span style="font-size:10.5pt;mso-bidi-font-size:10.0pt;font-family:宋体;mso-ascii-font-family:
"Times New Roman";mso-hansi-font-family:"Times New Roman"">被安装进了目标进程,你可以利用这个</span><span lang="EN-US" style="font-size:10.5pt;mso-bidi-font-size:10.0pt">DLL</span><span style="font-size:10.5pt;mso-bidi-font-size:10.0pt;font-family:宋体;mso-ascii-font-family:
"Times New Roman";mso-hansi-font-family:"Times New Roman"">假冒目标进程的名义做出总总不为人知的操作,实际上我们将在以后的文章中详细讨论如何利用</span><span lang="EN-US" style="font-size:10.5pt;mso-bidi-font-size:10.0pt">DLL</span><span style="font-size:10.5pt;mso-bidi-font-size:10.0pt;font-family:宋体;mso-ascii-font-family:
"Times New Roman";mso-hansi-font-family:"Times New Roman"">木马来重用端口对抗防火墙的包过滤。(提前预告一下木马六的内容</span><span lang="EN-US" style="font-size:10.5pt;mso-bidi-font-size:10.0pt">:</span><span style="font-size:10.5pt;mso-bidi-font-size:10.0pt;font-family:宋体;mso-ascii-font-family:
"Times New Roman";mso-hansi-font-family:"Times New Roman"">)</span><span lang="EN-US" style="font-size:10.5pt;mso-bidi-font-size:10.0pt"><o:p>
</o:p>
</span></p>
<p class="MsoNormal"><b style="mso-bidi-font-weight:normal"><span lang="EN-US" style="font-size:10.5pt;mso-bidi-font-size:10.0pt"> <o:p>
</o:p>
</span></b></p>
<p class="MsoNormal"><b style="mso-bidi-font-weight:normal"><span style="font-size:10.5pt;mso-bidi-font-size:10.0pt;font-family:宋体;mso-ascii-font-family:
"Times New Roman";mso-hansi-font-family:"Times New Roman"">附:</span><span lang="EN-US" style="font-size:10.5pt;
mso-bidi-font-size:10.0pt">Win9X</span><span style="font-size:10.5pt;mso-bidi-font-size:10.0pt;font-family:宋体;mso-ascii-font-family:
"Times New Roman";mso-hansi-font-family:"Times New Roman"">下</span><span lang="EN-US" style="font-size:10.5pt;
mso-bidi-font-size:10.0pt">DLL</span><span style="font-size:10.5pt;mso-bidi-font-size:10.0pt;font-family:宋体;mso-ascii-font-family:
"Times New Roman";mso-hansi-font-family:"Times New Roman"">木马原型的代码</span><span lang="EN-US" style="font-size:10.5pt;
mso-bidi-font-size:10.0pt"><o:p>
</o:p>
</span></b></p>
<p class="MsoNormal"><b style="mso-bidi-font-weight:normal"><span lang="EN-US" style="font-size:10.5pt;mso-bidi-font-size:10.0pt"> <o:p>
</o:p>
</span></b></p>
<p class="MsoNormal"><b style="mso-bidi-font-weight:normal"><span style="font-size:10.5pt;mso-bidi-font-size:10.0pt;font-family:宋体;mso-ascii-font-family:
"Times New Roman";mso-hansi-font-family:"Times New Roman"">钩子加载程序</span><span lang="EN-US" style="font-size:10.5pt;
mso-bidi-font-size:10.0pt"><o:p>
</o:p>
</span></b></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.5pt;mso-bidi-font-size:
10.0pt">#include "windows.h"<o:p>
</o:p>
</span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.5pt;mso-bidi-font-size:
10.0pt">#include "Trojan.h"<o:p>
</o:p>
</span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.5pt;mso-bidi-font-size:
10.0pt">#include "tlhelp32.h"<o:p>
</o:p>
</span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.5pt;mso-bidi-font-size:
10.0pt"> <o:p>
</o:p>
</span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.5pt;mso-bidi-font-size:
10.0pt">#pragma comment ( lib, "Trojan.lib" )<o:p>
</o:p>
</span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.5pt;mso-bidi-font-size:
10.0pt"> <o:p>
</o:p>
</span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.5pt;mso-bidi-font-size:
10.0pt">int WINAPI WinMain(<span style="mso-tab-count:1">
</span>HINSTANCE hinstExe, <o:p>
</o:p>
</span></p>
<p class="MsoNormal" style="margin-left:72.0pt;text-indent:36.0pt"><span lang="EN-US" style="font-size:10.5pt;mso-bidi-font-size:10.0pt">HINSTANCE,
<o:p>
</o:p>
</span></p>
<p class="MsoNormal" style="margin-left:72.0pt;text-indent:36.0pt"><span lang="EN-US" style="font-size:10.5pt;mso-bidi-font-size:10.0pt">PSTR
pszCmdLine, <o:p>
</o:p>
</span></p>
<p class="MsoNormal" style="margin-left:72.0pt;text-indent:36.0pt"><span lang="EN-US" style="font-size:10.5pt;mso-bidi-font-size:10.0pt">int
nCmdShow )<o:p>
</o:p>
</span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.5pt;mso-bidi-font-size:
10.0pt">{<o:p>
</o:p>
</span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.5pt;mso-bidi-font-size:
10.0pt"><span style="mso-tab-count:1"> </span>DWORD
WindowThreadPID, dwProcessId, dwGamePID;<o:p>
</o:p>
</span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.5pt;mso-bidi-font-size:
10.0pt"><span style="mso-tab-count:1"> </span>dwGamePID
= atoi( pszCmdLine );<o:p>
</o:p>
</span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.5pt;mso-bidi-font-size:
10.0pt"><span style="mso-tab-count:1"> </span>HWND
hwndLV = GetTopWindow( NULL );<o:p>
</o:p>
</span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.5pt;mso-bidi-font-size:
10.0pt"><span style="mso-tab-count:1"> </span>char
strTitle[20];<o:p>
</o:p>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -