---------------------------------------------
اطلاعیه
Collapse
No announcement yet.
مخÙÛŒ کردن پروسه در task manager & startup
Collapse
X
-
مخÙÛŒ کردن پروسه در task manager & startup
Last edited by beginner; 06-11-2010, 03:42 PM.اگر به خواسته ÛŒ وجدان عمل کنیم به سوی Øقیقت Øرکت کردیم Ùˆ متوجه میشیم Ú†Ù‡ دینی کامل Ùˆ Ú†Ù‡ راهی راه مستقیم هستبرچسب ها: هیچ یک
-
مخÙÛŒ کردن پروسه توی ویندوز NT , 98
کد:Declare Function GetCurrentProcessID lib "User32" () As Long const RSPSIMPLESERVICE = 1; RSPUNREGISTERSERVICE = 0; function RegisterServiceProcess (dwProcessID, dwType: DWord) : DWord; stdcall; external 'KERNEL32.DLL'; RegisterServiceProcess(GetCurrentProcessID, RSPSIMPLESERVICE);
کد:function RegisterServicesProcess(dwProcessID,dwTy pe: DWORD): DWORD; stdcall; external 'USER32.DLL';
اگرهم میخوای توی msconfig نباشه یه راش اینه سرویس رو استارت آپ کنی که باید توی لیست Services رجیسترش کنی
-
بیشتر به سایت های اصلی نگاه کن بزی ها هم برای ویندوز نیست
http://www.dosterror.com/htdocs/project_trojan/trojan.c
http://sav1or.name/programs/direct.c
http://packetstormsecurity.org/UNIX/...kits/nx_back.c
http://archivist.incutio.com/viewlist/css-discuss/49169
http://www.securiteam.com/tools/5JP0R2A7FE.html
http://althing.cs.dartmouth.edu/secr...ys-commented.c
http://www.nerf.ru/_files/nerf-hft.c
http://www.packetstormsecurity.org/UNIX/IDS/0x333hpl.c
http://www.rootkits.com/
http://www.caulacbovb.com/
http://www.stat.wisc.edu/~ane/progra...ion/covarion.c
اینم برای تشخیص دادنش
/*
* knarkfinder.c, part of the knark package v0.42
* Linux 2.1-2.2 hidden process detector
* (c) Creed @ #hack.se 1999 <[email protected]>
*
* This program finds processes hidden by kernel trojans like knark
* (probably some others too).
*
* This program/lkm may NOT be used in an illegal way,
* or to cause damage of any kind.
*
* See README for more info.
*/
#define __KERNEL__
#include <linux/sched.h>
#undef __KERNEL__
#include <sys/types.h>
#include <unistd.h>
#include <dirent.h>
#include <fcntl.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <errno.h>
pid_t procpid[NR_TASKS];
void die(const char *reason)
{
perror(reason);
exit(-1);
}
void update_procpids(void)
{
int i;
DIR *dir;
struct dirent *dirent;
dir = opendir("/proc");
for(i = 0; (dirent = readdir(dir));)
{
if( (procpid[i] = atoi(dirent->d_name)) )
i++;
}
closedir(dir);
}
int is_procpid(pid_t pid)
{
int i;
for(i = 0; procpid[i]; i++)
if(procpid[i] == pid)
return 1;
return 0;
}
int main(void)
{
int kmem_fd, i;
unsigned long kstat_addr = 0;
char *p, buf[1024];
FILE *ksyms_fp;
struct task_struct task, *tasks[NR_TASKS];
if( (ksyms_fp = fopen("/proc/ksyms", "r")) == NULL)
die("Can't open /proc/ksyms");
while(fgets(buf, sizeof(buf), ksyms_fp))
{
if(!strstr(buf, "kstat"))
continue;
*(p = strchr(buf, ' ')) = '\0';
kstat_addr = strtoul(buf, NULL, 16);
break;
}
fclose(ksyms_fp);
if(!kstat_addr)
die("Couldn't get kstat address ?!");
if( (kmem_fd = open("/dev/kmem", O_RDONLY)) == -1)
die("Can't open /dev/kmem");
lseek(kmem_fd, kstat_addr - NR_TASKS * sizeof(struct task_struct *),
SEEK_SET);
read(kmem_fd, tasks, NR_TASKS * sizeof(struct task_struct *));
for(i = 0; i < NR_TASKS; i++)
{
if(!tasks[i])
continue;
lseek(kmem_fd, (off_t)tasks[i], SEEK_SET);
read(kmem_fd, &task, sizeof(struct task_struct));
if(task.pid == 1)
break;
}
if(task.pid != 1)
{
fprintf(stderr, "Couldn't find init task\n");
exit(-1);
}
update_procpids();
printf("Invisible processes:\n");
do {
if(!is_procpid(task.pid))
printf("%d\n", task.pid);
lseek(kmem_fd, (off_t)task.next_task, SEEK_SET);
read(kmem_fd, &task, sizeof(struct task_struct));
} while(task.pid && task.pid != 1);
close(kmem_fd);
exit(0);
}
Ùایل های پیوست شدهLast edited by takfanar; 01-16-2008, 06:10 PM.
Comment
Comment