毕业设计（论文）-WINDOWS单线程插入木马的研究.docVIP

591论文网 www.591LW.com 向WINDOWS单线程插入木马的研究 摘 要 随着互联网的迅速普及和应用的不断发展，各种黑客工具和网络攻击手段也层出不穷，网络攻击导致用户利益受到损害，其中木马(Trojan Horse)攻击以其攻击范围广、隐蔽性、危害大等特点成为常见的网络攻击技术之一，对网络安全造成了极大的威胁。系统实现了一个线程插入木马，在Windows XP中，木马被注入EXPLORER进程，然后它打开一个线程在2048端口监听，使其不被发现。木马运行后将自动将自身复制到系统目录下，并且将其命名为一个类似系统文件的名字，使得管理员在众多的系统文件中，不敢轻易删除文件。防止杀毒软件和防火墙报警，并且尽量避免被系统管理员的察觉，减少被发现的概率。论文介绍了木马的定义、原理、分类及其发展趋势。介绍了线程插入，自动运行等技术及其应用。讨论了在WINDOWS系统平台下自动运行的方法，并且给出了部分实现代码。重点描述了一个木马的设计及Visual C++的实现。本文在木马隐藏部分做了研究。 关键词：木马；线程插入；隐藏；后门 591论文网 www.591LW.com Design and implement of thread inject Trojan horse Abstract With the rapid popularization of the Internet and the constantly development of its application, various kinds of hacker tools and Internet attack methods have also appeared. These attacks have seriously damaged the interests of the Internet users. Among these attacks, Trojan horse has been a rather popular one because of its extensive range of attack, the disguise for the self-protection and the enormous harmfulness. In Windows XP, the Trojan horse is injected into process Explorer, and then it creates a thread to listen at port 2048, which make it hard to find out. The Trojan horse will be copied to the systematic catalogue automatically after it is operated, and will be named as similar one of the systematic files, which make administrators dare not to delete the file easily among the numerous systematic file .The Trojan horse avoids antivirus software, fire wall’s alarm, the perception of the system manager and decrease probability of being detected Trojan horse. In this thesis, we firstly point out some basic ideas of the Trojan horse which includes its definition, principle, classification and the development trends. We introduce some techniques about its injecting, auto-loading, and its applications. The methods of its auto-running in windows operating system platform are also discussed in this paper, and the crucial fractio