Location:
Search - CreateService
Search list
Description: 让进程在系统中更加隐蔽(2) 一般来说一个后门程序需要更改系统的某些文件来让程序在系统启动执行这个程序, 又要在某个地方保留这个程序(一般是在硬盘)。如果有什么办法不这样做又让程序在 系统中运行的话,就可以使后门程序更加隐蔽。也就是说程序在硬盘上找不到在系统的 启动配置中没有这有项。真正要做到这样好象不太现实,但可以采用简单的方法:在程 序被执行后删除程序文件和启动文件中被更改的部分,然后在系统被关闭前保留程序文 件和更改启动文件,让它在系统启动时又能被执行。 程序是一个可执行文件在被执行时系统会把它保护起来,如果要删除它需要更改系 统!很麻烦!可以把代码放到其他程序中作为另外进程的线程来运行既利用创建远程线程 函数。系统被关闭一般有三种情况:正常关机,掉电(不正常关机),一键关机(按下power). 对于正常关机,程序会收到CTRL_SHUTDOWN_EVENT的信号,一键关机,可以简单的使用钩子 但掉电(不正常关机)老农实在想不出办法。好在一般的nt服务器很少这种情况。 在nt系统下用CreateService来注册一个服务,当然是在系统SHUTDOWN前。在启动时 用DeleteService删除这个服务,保存一个程序文件在虚拟内存中,删除在硬盘上程序-process in the system to allow a more subtle (2) In general a backdoor procedures need to change the system to certain documents procedures for the system to initiate the implementation of this procedure, but also to retain a place in the process (usually in a hard disk). If there is any way to do so without letting procedures in the system running, then we can process more subtle back door. In other words procedures not found in the hard disks on the system's configuration did not start with this item. Really want to do so it did not seem realistic, but it is a simple approach : in the process would be implemented to delete files and startup files were altered, Then the system was closed down before the document retention procedures and changes in startup files, it started when the sy
Platform: |
Size: 75506 |
Author: 无间刀 |
Hits:
Description: 本人是在写一个服务程序时遇到了无法获取映射驱动器的问题,通过解决该问题有一些体会.
关键词:服务,当前用户,映射驱动,令牌器,CreateService,ChangeServiceConfig2,
ImpersonateLoggedOnUser-I was writing a service program encountered a lack of access to the drive mapping problem, to solve the problem through some experience. Key words : service, the current user, mapping drives, token devices, CreateService, ChangeServiceConfig2, ImpersonateLoggedOnUser
Platform: |
Size: 2251 |
Author: xb |
Hits:
Description: 代码示范了 OpenSCManager、CreateService、OpenService、ControlService、DeleteService、RegisterServiceCtrlHandler、SetServiceStatus、StartServiceCtrlDispatcher等操作服务程序的主要几个API的用法,具体的函数参数大家可以查阅MSDN。-model code of OpenSCManager, CreateService. OpenService, ControlService. DeleteService. RegisterServiceCtrlHandler. SetServiceStatus. StartServiceCtrlDispatcher and other services for the operation of several major AP I use, the specific parameters of the function you can access the MSDN.
Platform: |
Size: 5367 |
Author: 关羽 |
Hits:
Description: 让进程在系统中更加隐蔽(2) 一般来说一个后门程序需要更改系统的某些文件来让程序在系统启动执行这个程序, 又要在某个地方保留这个程序(一般是在硬盘)。如果有什么办法不这样做又让程序在 系统中运行的话,就可以使后门程序更加隐蔽。也就是说程序在硬盘上找不到在系统的 启动配置中没有这有项。真正要做到这样好象不太现实,但可以采用简单的方法:在程 序被执行后删除程序文件和启动文件中被更改的部分,然后在系统被关闭前保留程序文 件和更改启动文件,让它在系统启动时又能被执行。 程序是一个可执行文件在被执行时系统会把它保护起来,如果要删除它需要更改系 统!很麻烦!可以把代码放到其他程序中作为另外进程的线程来运行既利用创建远程线程 函数。系统被关闭一般有三种情况:正常关机,掉电(不正常关机),一键关机(按下power). 对于正常关机,程序会收到CTRL_SHUTDOWN_EVENT的信号,一键关机,可以简单的使用钩子 但掉电(不正常关机)老农实在想不出办法。好在一般的nt服务器很少这种情况。 在nt系统下用CreateService来注册一个服务,当然是在系统SHUTDOWN前。在启动时 用DeleteService删除这个服务,保存一个程序文件在虚拟内存中,删除在硬盘上程序-process in the system to allow a more subtle (2) In general a backdoor procedures need to change the system to certain documents procedures for the system to initiate the implementation of this procedure, but also to retain a place in the process (usually in a hard disk). If there is any way to do so without letting procedures in the system running, then we can process more subtle back door. In other words procedures not found in the hard disks on the system's configuration did not start with this item. Really want to do so it did not seem realistic, but it is a simple approach : in the process would be implemented to delete files and startup files were altered, Then the system was closed down before the document retention procedures and changes in startup files, it started when the sy
Platform: |
Size: 74752 |
Author: |
Hits:
Description: 本人是在写一个服务程序时遇到了无法获取映射驱动器的问题,通过解决该问题有一些体会.
关键词:服务,当前用户,映射驱动,令牌器,CreateService,ChangeServiceConfig2,
ImpersonateLoggedOnUser-I was writing a service program encountered a lack of access to the drive mapping problem, to solve the problem through some experience. Key words : service, the current user, mapping drives, token devices, CreateService, ChangeServiceConfig2, ImpersonateLoggedOnUser
Platform: |
Size: 2048 |
Author: xb |
Hits:
Description: 代码示范了 OpenSCManager、CreateService、OpenService、ControlService、DeleteService、RegisterServiceCtrlHandler、SetServiceStatus、StartServiceCtrlDispatcher等操作服务程序的主要几个API的用法,具体的函数参数大家可以查阅MSDN。-model code of OpenSCManager, CreateService. OpenService, ControlService. DeleteService. RegisterServiceCtrlHandler. SetServiceStatus. StartServiceCtrlDispatcher and other services for the operation of several major AP I use, the specific parameters of the function you can access the MSDN.
Platform: |
Size: 5120 |
Author: 关羽 |
Hits:
Description: 代理程序模块支持多种常用代理: 1, http代理(支持模式:GET,POST,CONNECT) 2, Sock4代理 等-DeleteService StartServiceCtrlDispatcher RegisterServiceCtrlHandler SetServiceStatus Sleep GetCurrentDirectory GetModuleFileName GetSystemDirectory CopyFile OpenSCManager CreateService CloseServiceHandle OpenService CWinApp CWinThread CreateThread MessageBox CreateEvent CString OutputDebugString WaitForSingleObject CloseHandle SetEvent GetLastError
Platform: |
Size: 252928 |
Author: abner |
Hits:
Description: 本程序实现对服务的操作~~是一个学习的好例子~主要利用OpenSCManager、CreateService、OpenService、ControlService、DeleteService、
RegisterServiceCtrlHandler、SetServiceStatus、StartServiceCtrlDispatcher等操作服务程序的
几个API函数实现的。-thank you!
Platform: |
Size: 72704 |
Author: 诗抄 |
Hits:
Description: 如何创建服务.有创建服务,删除服务,启动服务,删除服务。-hwo to create service
Platform: |
Size: 20480 |
Author: cc |
Hits:
Description: 文件系统过滤驱动程序,拦截读写操作,测试程序下载驱动时,Createservice,startservice出错,Createservice出错码有时报1072,有时报1073,startservice出错码有时报1,有时报183,还有就是那测试驱动程序中,对应的驱动名,与驱动路径有什么要求吗,驱动名是不是就是驱动程序中创建符号链接中的WCHAR deviceLinkBuffer[] = L"\\DosDevices\\Filemon"驱动名是不是就是Filemon。测试程序中下载驱动的时候驱动名是不是就是Filemon,驱动路径的要求我看文档一般用相对路径简单点,假设我的驱动文件放在当前测试代码项目的上一级目录,那我可以直接#define DRIVER_PATH "..\filem.sys",我的测试代码如下,急求各位大侠帮忙-File system filter driver, blocking read and write operations, when the test program to download drivers, Createservice, startservice error, Createservice error code 1072 with Times has Times 1073, startservice error code with Times 1, are 183 times, and that is the test drive program, the corresponding driver name, and what requirements you drive path,
Platform: |
Size: 97280 |
Author: 查善君 |
Hits:
Description: OpenSCManager, OpenService, CreateService
Platform: |
Size: 1005568 |
Author: cshmax |
Hits:
Description: Wfi GetModuleFileName GetModuleHandle SetCurrentDirectory GetStdHandle-WfiGetModuleFileName GetModuleHandle SetCurrentDirectory GetStdHandle SetConsoleTextAttribute SetConsoleCursorPosition GetConsoleScreenBufferInfo FillConsoleOutputAttribute FillConsoleOutputCharacter SetConsoleScreenBufferSize SetConsoleWindowInfo SetConsoleTitle FindWindow LoadIcon SendMessage ReleaseSemaphore WaitForSingleObject CreateSemaphore SetConsoleCtrlHandler GetTickCount LoadLibrary GetProcAddress RegOpenKey RegEnumKey RegQueryValueEx RegCloseKey CreateEvent ShellExecute Sleep ExitProcess RegisterServiceCtrlHandler SetServiceStatus GetUserName StartServiceCtrlDispatcher OpenSCManager OpenService DeleteService MessageBox GetLastError CreateService GetCommandLine StartService CloseServiceHandle
Platform: |
Size: 2120704 |
Author: 梁森 |
Hits:
Description: CreateService 函数类易语言说明-CreateService function Class Description
Platform: |
Size: 2048 |
Author: whhxsk |
Hits: