QQ尾巴的原理分析及其防御

论文字数:15386,页数:50  有开题报告，任务书

摘  要
 随着Internet的发展，信息交流的需求越来越大，网络聊天工具应运而生。QQ作为一种网络聊天工具，以其功能强大，使用方便，界面友好赢得了众多用户的喜爱。随着用户的增多，业务的扩展，QQ也成为众多病毒的目标，其中QQ尾巴病毒以其欺骗性、隐蔽性、危害性给很多QQ用户带来巨大的损失。
 Windows钩子是Windows消息机制中的监视点，它可以用来截获系统中的消息流。许多病毒程序中都利用了Windows钩子这一特性。Windows系统是建立在事件驱动机制上的，而这一切是通过消息的传递来完成的。Hook则是Windows系统中非常重要的系统接口，用它可以有效地截获并处理送给其他应用程序的消息。这样，通过对Windows消息的理解，就可以在系统中安装不同类型的Hook，来监视系统中各种事件的发生，从而实现相应的功能，例如截获键盘和鼠标的输入、屏幕取词、日志监视、屏幕截图等。
 本文以QQ尾巴病毒为例，详细分析了Windows钩子技术在该病毒程序中的应用，并根据病毒特征，编写出仿真病毒的代码程序；最后，提出了防范这一类病毒的方法。
 
关键词：QQ尾巴，Windows钩子，计算机病毒

The Principle and Defense of the "QQ tail" Virus
 
Abstract
With the development of the Internet and the growing demand of the information exchange,chatting tools in the network have emerged.QQ has won many users' love as a network chatting tool with the powerful functions,convinience and the friendly interface.With the increase in users and business expansion, QQ has become the target of many viruses, QQ tail virus which has many features such as being deceptive, hidden and harmful,has brought huge losses to many QQ users .
 Windows hook is the monitor point of windows news mechanism, which can be used to intercept and seize the information flow in system.  Many viruses have taken advantage of this characteristic of Windows hook in the progamming. Windows system is based on event-driven mechanism, and all of this is completed through the information transmission. Hook is a very important system interface in windows system, which can be used effectively to intercept and process information sent to other application programme. Thus, we can install different types of Hook to monitor the events in the system by understanding the meaning of windows messages, so as to achieve the corresponding functions, such as intercepting keyboard and mouse input, capturing characters from Screen, logging monitoring ,cutting screenshots, etc.
 This text takes "QQ tail" virus for example and has a detailed analysis of the use of the windows hook technology in the virus programme ,and  prepares the simulation virus code program on the basis of the features of the virus; finally ,it ends up with methods to prevent  this type of virus.

Keywords : QQ tail ,Windows hook, computer virus
目  录
1 绪论 1
1.1课题背景及来源 1
1.2课题研究的意义 1
1.3论文结构 1
2  QQ尾巴病毒 3
2.1病毒简介 3
2.1.1 病毒的生命周期 3
2.1.2 病毒特征 4
2.1.3 计算机病毒的传播途径 4
2.2  QQ尾巴病毒 5
2.2.1 病毒原理 5
3 钩子技术 6
3.1钩子的概念 6
3.2钩子类型 6
3.3钩子链 10
3.4钩子的安装与使用 10
3.5钩子的实现 11
4钩子在QQ尾巴中的应用 14
4.1利用钩子实现QQ尾巴 14
4.1.1 粘贴尾巴 14
4.1.2 监视与捕获 15
4.1.3 下钩与取钩 16
5  QQ尾巴防治 18
5.1 常见方法 18
5.1.1 IE方法 18
5.1.2 工具方法 18
5.1.3 一般方法 18
5.2 编程方法清除尾巴 18
总 结 27
致 谢 28
参考文献 29