Atitit. Remote interface monitoring and Trojan Common API standardization v2 q216

Atitit. remote Interface monitoring and Trojan commonly used API Standardization v2 q216

1 .  Common APIs for Trojan and remote interface monitoring 2

1 . 1. file Copy 2

1 . 2. Screen Timing 2

1 . 3. Send mail 2

1 . 4. Keyboard Monitoring 2

1 . 5. remote upload code and execution 2

1 . 6. Registering system Services 2

1 . 7. Remote Shell console 2

1 . 8. , modify the registry 2

1 . 9. Eval function 2

1 . Ten. Control mouse Keyboard GUI interface function 2

1 . One. document picture file read/write monitoring 2

1 . 11.1. JDK1.6 and Previous versions: based on timer implementation 2

1 . 11.2. JDK 1.7 and later: Based on Watchservice implementation 3

2 .  Reference 4

1.Common APIs for Trojan and remote interface monitoring1.1.file Copy1.2.Screen Timing1.3.Send mail1.4.Keyboard Monitoring

author:: Nickname:Old Wow's claws( Full Name::AttilaxAkbar Al Rapanui Attilaksachanui) Kanji Name:Ayron, email:[email protected]

Reprint please indicate source: http://www.cnblogs.com/attilax/

1.5.remote upload code and execution1.6.Registering system Services1.7.Remote Shell console 1.8., modify the registry1.9.Eval function 1.10.Control mouse Keyboard GUI interface function 1.11.document picture file read/write monitoring1.11.1.JDK1.6 and Previous versions: based on timer implementation

By implementing the Filechangeobserver interface, the filemonitor allows any number of observer to be added to any file

By the comparison of the timestamp to determine whether the file is modified, if there is a change, notify its observer to handle accordingly.

Common doc pic file content scanning

1.11.2.JDK 1.7 and later: Based on Watchservice implementation

The Watch service API can be used to register the specified directory with the monitoring service. You must specify the event type when registering, such as file creation, modification, deletion, etc. The related class diagram is as follows:

Watchservice is a monitoring service interface that has different implementation classes on different systems. The object that implements the watchable interface can register the monitoring service, Java.nio.file.Path implements this interface. Watchkey represents an association between watchable objects and Watchservice, which is created at the time of registration. Once the registration is complete, Watchkey will be set to ' ready ' status until one of the following three scenarios occurs:

1. Watchkey.cancel () is called

2. The directory being monitored does not exist or is inaccessible

3. Watchservice object is closed

When a file change occurs, the status of Watchkey is set to "signaled" and then placed in the pending queue. Watchservice provides three ways to get Watchkeys from the queue :

1. Poll-Returns a key in the queue. If no key is available, NULL is returned immediately.

2. Poll (long, timeunit)-if there is a key available in the queue to return it, otherwise wait for the available key in the time of the parameter preset. The timeunit is used to specify whether the previous parameter represents the time in nanoseconds, milliseconds, or other time units.

Example: Final Watchkey Watchkey = Watchservice.poll (1, timeunit.minutes); will wait 1 minutes

3. Take-the method will wait until the available key is returned.

To get watchkey after processing:

1. Get the Watchevents list by using the Watchkey.pollevents () function.

2. For each watchevent, the type of change can be obtained through the kind () function.

3. Use the Watchevent.context () function to get the file name of the event that occurred

4. When all event processing for the key is complete, the Watchkey.reset () method needs to be called to reset the key to the ready state. If not reset, the key will not be able to receive subsequent changes. If reset returns false to indicate that the Watchkey is no longer valid, the main loop can exit.

To summarize, use the Watchservice steps as follows:

1. Create Watchservice

2. get the path to the directory you want to test

3. Register the catalogue with the Change monitoring list

4. Execute the Watchservice take () method until the Watchkey arrives.

5. get Watchkey and traverse watchevent to detect

6. Reset key to prepare for the next event and continue waiting

Most file system implementations contain local support for file change notifications, and the Watch Service API is a mechanism that leverages the file system. If the file system does not support the change notification mechanism, the Watch service will still poll the file system for events to occur.

1.11.3.C # ASP . Net 's file change monitoring

。。。 Like java.. use the OS support API

2.Reference

Two implementations of Java file change monitoring-stay hungry, stay foolish. -Iteye technology website. htm

Atitit. Remote interface monitoring and Trojan Common API standardization v2 q216