摘要:
本文介绍了本机盗取U盘文件和为增强程序隐蔽性而采用的进程隐藏技术的原理解析,源代码基于Win32的应用程序(Win32-based applications)编写,VC 6.0环境下编译通过。文章详细叙述了操作系统如何将USB端口状态改变通知系统中的运行进程,运行进程如何利用操作系统发送的消息判断USB接口中有可移动存储设备插入。作为关键部分,文章用较大篇幅介绍了本设计采用的利用API HOOK(挂接 SSDT)技术实现进程隐藏(基于Windows NT系统)原理和编程思想。作为日志记录部分,本设计采用ODBC API + Microsoft Access数据库实现。
关键词:
盗取U盘文件;进程隐藏;API HOOK ;挂接SSDT ;ODBC API;Microsoft Access
A malicious software design for stealing USB flash disk files based on local machine
Abstract:
This paper introduces stealing USB Flash Disk files in local machine, and the common process concealment technologies used in Windows-NT operating system environment. The source code for application was written based on Win32 (Win32-based applications) and compiled successfully in VC 6.0 environment. It describes, in detail, how the operating system send messages ,for the notification of USB port status changes ,to the running processes, the process which received messages how to judge a portable storage device is plugged. As key parts of design, the theory of API HOOK (hooking SSDT) technology for the hidden process (based on Windows NT operating systems) and programming ideas were introduced by large spaces. In log recording chapter, the design was implemented by ODBC API and Microsoft Access database.
Keywords:
Win32-based applications; concealing running processes; API HOOK; hooking SSDT; ODBC API; Microsoft Access