Abstract
With the development of the Internet and the growing demand of the information exchange,chatting tools in the network have emerged.QQ has won many users' love as a network chatting tool with the powerful functions,convinience and the friendly interface.With the increase in users and business expansion, QQ has become the target of many viruses, QQ tail virus which has many features such as being deceptive, hidden and harmful,has brought huge losses to many QQ users .
Windows hook is the monitor point of windows news mechanism, which can be used to intercept and seize the information flow in system. Many viruses have taken advantage of this characteristic of Windows hook in the progamming. Windows system is based on event-driven mechanism, and all of this is completed through the information transmission. Hook is a very important system interface in windows system, which can be used effectively to intercept and process information sent to other application programme. Thus, we can install different types of Hook to monitor the events in the system by understanding the meaning of windows messages, so as to achieve the corresponding functions, such as intercepting keyboard and mouse input, capturing characters from Screen, logging monitoring ,cutting screenshots, etc.
This text takes "QQ tail" virus for example and has a detailed analysis of the use of the windows hook technology in the virus programme ,and prepares the simulation virus code program on the basis of the features of the virus; finally ,it ends up with methods to prevent this type of virus.