线程插入木马的设计与实现(VB)

摘  要
随着互联网的迅速普及和应用的不断发展，各种黑客工具和网络攻击手段也层出不穷，网络攻击导致用户利益受到损害，其中木马(Trojan Horse)攻击以其攻击范围广、隐蔽性、危害大等特点成为常见的网络攻击技术之一，对网络安全造成了极大的威胁。系统实现了一个线程插入木马，在Windows XP中，木马被注入EXPLORER进程，然后它打开一个线程在2048端口监听，使其不被发现。木马运行后将自动将自身复制到系统目录下，并且将其命名为一个类似系统文件的名字，使得管理员在众多的系统文件中，不敢轻易删除文件。防止杀毒软件和防火墙报警，并且尽量避免被系统管理员的察觉，减少被发现的概率。论文介绍了木马的定义、原理、分类及其发展趋势。介绍了线程插入，自动运行等技术及其应用。讨论了在WINDOWS系统平台下自动运行的方法，并且给出了部分实现代码。重点描述了一个木马的设计及Visual C++的实现。本文在木马隐藏部分做了研究。 [资料来源：www.THINK58.com]

关键词：木马；线程插入；隐藏；后门 [资料来源：www.THINK58.com]

Design and implement of thread inject Trojan horse
Abstract
With the rapid popularization of the Internet and the constantly development of its application, various kinds of hacker tools and Internet attack methods have also appeared. These attacks have seriously damaged the interests of the Internet users. Among these attacks, Trojan horse has been a rather popular one because of its extensive range of attack, the disguise for the self-protection and the enormous harmfulness. In Windows XP, the Trojan horse is injected into process Explorer, and then it creates a thread to listen at port 2048, which make it hard to find out. The Trojan horse will be copied to the systematic catalogue automatically after it is operated, and will be named as similar one of the systematic files, which make administrators dare not to delete the file easily among the numerous systematic file .The Trojan horse avoids antivirus software, fire wall’s alarm, the perception of the system manager and decrease probability of being detected Trojan horse. In this thesis, we firstly point out some basic ideas of the Trojan horse which includes its definition, principle, classification and the development trends. We introduce some techniques about its injecting, auto-loading, and its applications. The methods of its auto-running in windows operating system platform are also discussed in this paper, and the crucial fractions of its implement is presented。In this thesis, the author makes a key description on the design of a Trojan horse and implementation with Microsoft Visual C++. This thesis is lucubrated on the part of Trojan horse hiding. [资料来源：www.THINK58.com]

Key words: Trojan horse；Thread inject；Hide； Back door
 
目  录
论文总页数：25页
1 引言 1
1.1 计算机安全背景 1
1.2 木马发展现状 1
1.3 研究木马原理的重要性 1
1.4 本课题的设计目的及意义 1
2 相关理论基础 2
2.1 木马的发展过程 2
2.1.1 “木马”名称的由来 2
2.1.2 木马病毒发展史 2
2.1.3 木马未来的发展方向 4
2.2 关键技术 4
2.2.1 远程线程插入 4
2.2.2 动态链接库技术 7
3 需求分析 8
3.1 任务目标概述 8
3.2 对功能的规定 9
3.3 运行环境规定 9
4 设计与实现 9
4.1 木马程序的总体设计 9
4.1.1 程序设计环境 9
4.1.2 木马结构 10
4.1.3 程序结构 10
4.2 EXCUTEDLLTEST.EXE的实现 12
4.2.1 远程线程插入模块的实现 12
4.2.2 自启动模块 14
4.2.3 提升权限模块 15
4.2.4 进程名转化为PID 15
4.3 DLLTEST.DLL的实现 17
4.3.1 向客户端提供立一个命令行shell 17 [资料来源：http://think58.com]
4.3.2 查看当前所有进程 18
4.3.3 杀死进程 19
4.3.4 后门模块 19
4.4 木马的捆绑 21
5 测试 21
结    论 22
参考文献 23
致    谢 24
声    明 25
 

[资料来源：http://think58.com]