摘要: 研究了如何在Windows 下将DLL 技术与Winsock 2 中的SPI 技术结合起来实现木马植入的新方案,方案给出了木马植入与自启动的一体化方法,并创建了独立的木马植入程序,由该程序实现木马的自启动功能和从木马程序中分离出来的植入功能。采用该方案实现的木马具有很好的隐藏性和灵活性。
关键词:
服务提供者接口;自启动;协议链
Abstract: A new scheme is studied to realize the injection of Trojan horse by combining the technology of DLL and that of Winsock 2 SPI. The scheme presents a method of combining the injection and autorunning of Trojan horse. It creats single Trojan horse injection program to realize the functions of injection and autorunning of Trojan horse. It is rather safe and flexible to inject Trojan horse by adopting this scheme.
Key words:
Service provider interface; Autorunning; Protocol chain
田 磊,李祥和,辛志东,潘 军. 基于 Winsock 2 SPI 技术的木马植入新方案[J]. 计算机工程, 2006, 32(7): 166-168.
TIAN Lei, LI Xianghe, XIN Zhidong, PAN Jun. New Scheme for Injection of Trojan Horse Based on Winsock 2 SPI[J]. Computer Engineering, 2006, 32(7): 166-168.