摘要： 隐藏技术是木马的关键技术之一，其直接决定木马的生存能力。针对目前木马在隐藏技术方面的普遍缺陷，提出了端口复用的概念，并在实验室研制出了一个具有无进程和端口复用特征的木马。该木马通过利用Windows的WinSock 2的新特性服务提供者技术，在操作系统中插入了一个分层式服务提供者，每当网络应用程序进行WinSock 2的调用时，木马将能获得系统控制权，并通过一个系统已经打开的合法端口与外界进行网络通信。由于该木马不需要打开一个新的端口，因此具有更强的隐藏性。

关键词: 木马, 端口复用, 服务提供者

Abstract: Concealment technology is critical to a Trojan Horse, which decides the survivability ability of the Trojan Horse. The concept of port reuse is brought forward for the common disfigurement of the Trojan Horse in concealment technology. And a Trojan Horse without process or port reuse is made in the lab. The Trojan Horse can insert a layered service provider in operating system by making use of new characteristics of WinSock 2 of Windows, thus it will get the control of the operating system and communicate with outside in an open legal port when network application program makes a call of WinSock 2. For the Trojan Horse which does not have to open a new port in comparison with traditional ones, its concealment ability is stronger.

Key words: Trojan Horse, port reuse, service provider

中图分类号: 

• TP393