Do you know what the process is?

for an application, a process is like a large container. After the application is run, it is equivalent to loading the application into a container, you can add other things to the container (e.g., the variable data that the application needs at runtime, the DLL files that need to be referenced), and when the application is run two times, The contents of the container will not be emptied, and the system will find a new process container to accommodate it.
a process can contain several threads (Thread) , threads can help applications do several things at the same time ( for example, one thread writes a file to the disk and the other receives the user's keystrokes and responds in a timely manner without interfering with each other ) , after the program is run, the first thing the system should do is to set up a default thread for the program process, and then the program can add or delete the related thread on its own.

1. What is process insertion

A separate address space is very advantageous for programmers and users alike. For programmers, the system is more prone to capturing arbitrary memory reads and writes. For users, the operating system will become more robust because one application cannot disrupt the operation of another process or operating system. Of course, this robust feature of the operating system comes at a cost, because it is much more difficult to write an application that can communicate with other processes or be able to manipulate other processes. However, there are still many ways to break the boundaries of a process and access the address space of another process, which is " process injection". Once the Trojan's DLL has been inserted into the address space of another process, it can do whatever it takes for another process, such as the hacker technology described below to steal the QQ password.

2. how to Steal the QQ password of the Trojan horse

under normal circumstances, an application receives the keyboard, mouse operation, other applications are not entitled to "Ask" . How can the stolen Trojan horse secretly record my password? Trojan First inserted 1 dll files into the QQ process and become a thread in the QQ process, so that the Trojan dll is impressively become part of the QQ ! Then when the user entered the password, because at this time the Trojan DLL has entered the QQ process inside, so it will be able to receive the user passed to QQ password type, this hacker technology will Trojan and QQ Together, the so-called " thief hard to prevent " is exactly the case.

3. How to insert a process

(1) using the registry to insert Dll

early hack technology in process plug-in Trojan tricks by modifying the registry in the [Hkey_local_machine\software\microsoft\windowsnt\currentversion\windows\appinit_dlls] to achieve the purpose of the insert process. But the disadvantage of this hack technique is that it is not real-time and requires a reboot to complete the process insert after modifying the registry.

(2) using hooks (Hook) Insert Dll

This is a relatively advanced and covert way of hacking technology, through the system's hooking mechanism ( "Hook" dos time " to insert the process ( some thieves Qq way to insert into other processes " sly ") setwindowshookex function ( Win32 api function ) programming level.

in the process of hacker defense, there may be a lot of variables, the article simply through a brief description of the concept of hacker defense. Here to remind everyone, please respect the Internet security .

Do you know what the process is?