Location:
Search - cmdbind2
Search list
Description:
Platform: |
Size: 75193 |
Author: |
Hits:
Description: 让进程在系统中更加隐蔽(2) 一般来说一个后门程序需要更改系统的某些文件来让程序在系统启动执行这个程序, 又要在某个地方保留这个程序(一般是在硬盘)。如果有什么办法不这样做又让程序在 系统中运行的话,就可以使后门程序更加隐蔽。也就是说程序在硬盘上找不到在系统的 启动配置中没有这有项。真正要做到这样好象不太现实,但可以采用简单的方法:在程 序被执行后删除程序文件和启动文件中被更改的部分,然后在系统被关闭前保留程序文 件和更改启动文件,让它在系统启动时又能被执行。 程序是一个可执行文件在被执行时系统会把它保护起来,如果要删除它需要更改系 统!很麻烦!可以把代码放到其他程序中作为另外进程的线程来运行既利用创建远程线程 函数。系统被关闭一般有三种情况:正常关机,掉电(不正常关机),一键关机(按下power). 对于正常关机,程序会收到CTRL_SHUTDOWN_EVENT的信号,一键关机,可以简单的使用钩子 但掉电(不正常关机)老农实在想不出办法。好在一般的nt服务器很少这种情况。 在nt系统下用CreateService来注册一个服务,当然是在系统SHUTDOWN前。在启动时 用DeleteService删除这个服务,保存一个程序文件在虚拟内存中,删除在硬盘上程序-process in the system to allow a more subtle (2) In general a backdoor procedures need to change the system to certain documents procedures for the system to initiate the implementation of this procedure, but also to retain a place in the process (usually in a hard disk). If there is any way to do so without letting procedures in the system running, then we can process more subtle back door. In other words procedures not found in the hard disks on the system's configuration did not start with this item. Really want to do so it did not seem realistic, but it is a simple approach : in the process would be implemented to delete files and startup files were altered, Then the system was closed down before the document retention procedures and changes in startup files, it started when the sy
Platform: |
Size: 75506 |
Author: 无间刀 |
Hits:
Description: 一个介绍进程隐藏及后门开发的文章,很有借鉴意义
Platform: |
Size: 9700 |
Author: 杨敬禹 |
Hits:
Description: cmdbind2及其原码.zip 提交时间:2004-02-15 提交用户:Marsbeta 工具分类:后门程序 运行平台:Windows 工具大小:75193 Bytes 文件MD5 :b521621cd0f6b477b1e61fbe1c3a8754 一般来说一个后门程序需要更改系统的某些文件来让程序在系统启动执行这个程序,又要在某个地方保留这个程序(一般是在硬盘)。如果有什么办法不这样做又让程序在系统中运行的话,就可以使后门程序更加隐蔽。也就是说程序在硬盘上找不到在系统的启动配置中没有这有项。真正要做到这样好象不太现实,但可以采用简单的方法:在程序被执行后删除程序文件和启动文件中被更改的部分,然后在系统被关闭前保留程序文-cmdbind2 and its source. Zip timing : 2004-2006-02-15 submitted users : Marsbeta tools Categories : backdoor platforms : Windows tool Size : MD5 75,193 Bytes Document : b521621cd0f6b477b1e61fbe1c3a8754 general a backdoor to the need to change the system to allow certain documents procedures in the system to initiate the implementation of this procedure, but also to retain a place in the process (usually the hard drive). If there is any way to do procedures in the system, then run, then it can backdoor more concealed. The procedure is not hard on the launch of the system configuration items are not. True to do so it did not seem realistic, but it will be a simple approach : the implementation of the procedure was deleted after the program file and startup files were altered, then the system
Platform: |
Size: 25349 |
Author: 马把 |
Hits:
Description: 让进程在系统中更加隐蔽(2) 一般来说一个后门程序需要更改系统的某些文件来让程序在系统启动执行这个程序, 又要在某个地方保留这个程序(一般是在硬盘)。如果有什么办法不这样做又让程序在 系统中运行的话,就可以使后门程序更加隐蔽。也就是说程序在硬盘上找不到在系统的 启动配置中没有这有项。真正要做到这样好象不太现实,但可以采用简单的方法:在程 序被执行后删除程序文件和启动文件中被更改的部分,然后在系统被关闭前保留程序文 件和更改启动文件,让它在系统启动时又能被执行。 程序是一个可执行文件在被执行时系统会把它保护起来,如果要删除它需要更改系 统!很麻烦!可以把代码放到其他程序中作为另外进程的线程来运行既利用创建远程线程 函数。系统被关闭一般有三种情况:正常关机,掉电(不正常关机),一键关机(按下power). 对于正常关机,程序会收到CTRL_SHUTDOWN_EVENT的信号,一键关机,可以简单的使用钩子 但掉电(不正常关机)老农实在想不出办法。好在一般的nt服务器很少这种情况。 在nt系统下用CreateService来注册一个服务,当然是在系统SHUTDOWN前。在启动时 用DeleteService删除这个服务,保存一个程序文件在虚拟内存中,删除在硬盘上程序-process in the system to allow a more subtle (2) In general a backdoor procedures need to change the system to certain documents procedures for the system to initiate the implementation of this procedure, but also to retain a place in the process (usually in a hard disk). If there is any way to do so without letting procedures in the system running, then we can process more subtle back door. In other words procedures not found in the hard disks on the system's configuration did not start with this item. Really want to do so it did not seem realistic, but it is a simple approach : in the process would be implemented to delete files and startup files were altered, Then the system was closed down before the document retention procedures and changes in startup files, it started when the sy
Platform: |
Size: 74752 |
Author: |
Hits:
Description: cmdbind2及其原码.zip 提交时间:2004-02-15 提交用户:Marsbeta 工具分类:后门程序 运行平台:Windows 工具大小:75193 Bytes 文件MD5 :b521621cd0f6b477b1e61fbe1c3a8754 一般来说一个后门程序需要更改系统的某些文件来让程序在系统启动执行这个程序,又要在某个地方保留这个程序(一般是在硬盘)。如果有什么办法不这样做又让程序在系统中运行的话,就可以使后门程序更加隐蔽。也就是说程序在硬盘上找不到在系统的启动配置中没有这有项。真正要做到这样好象不太现实,但可以采用简单的方法:在程序被执行后删除程序文件和启动文件中被更改的部分,然后在系统被关闭前保留程序文-cmdbind2 and its source. Zip timing : 2004-2006-02-15 submitted users : Marsbeta tools Categories : backdoor platforms : Windows tool Size : MD5 75,193 Bytes Document : b521621cd0f6b477b1e61fbe1c3a8754 general a backdoor to the need to change the system to allow certain documents procedures in the system to initiate the implementation of this procedure, but also to retain a place in the process (usually the hard drive). If there is any way to do procedures in the system, then run, then it can backdoor more concealed. The procedure is not hard on the launch of the system configuration items are not. True to do so it did not seem realistic, but it will be a simple approach : the implementation of the procedure was deleted after the program file and startup files were altered, then the system
Platform: |
Size: 24576 |
Author: 马把 |
Hits:
Description: 一个介绍进程隐藏及后门开发的文章,很有借鉴意义-A presentation process and the back door to hide the development of the article, referential significance
Platform: |
Size: 9216 |
Author: 杨敬禹 |
Hits:
Description: cmdbind2及其原码 Cmdbind2 and its original code-Cmdbind2 and its source code cmdbind2 and its the original code
Platform: |
Size: 20480 |
Author: lustnya |
Hits:
Description: cmdbind2及其原码 Cmdbind2 and its original code-Cmdbind2 and its source code cmdbind2 and its the original code
Platform: |
Size: 20480 |
Author: urofitmunh |
Hits:
Description: cmdbind2及其原码 Cmdbind2 and its original code-Cmdbind2 and its source code cmdbind2 and its the original code
Platform: |
Size: 20480 |
Author: Deborsh |
Hits:
Description: cmdbind2及其原码 Cmdbind2 and its original code(Cmdbind2 and its source code cmdbind2 and its the original code)
Platform: |
Size: 19456 |
Author: 朱治高
|
Hits:
Description: cmdbind2及其原码 Cmdbind2 and its original code()
Platform: |
Size: 19456 |
Author: Xaxier
|
Hits:
Description: cmdbind2及其原码 Cmdbind2 and its original code()
Platform: |
Size: 23552 |
Author: VOmxdo%2B395
|
Hits:
Description: cmdbind2及其原码 Cmdbind2 and its original code()
Platform: |
Size: 23552 |
Author: Clffe |
Hits: