摘要
隐藏技术一直是木马设计人员研究的重要技术。在分析原有木马隐藏方法的基础上,提出了使用动态链接库(DLL)与线程技术相结合的木马进程隐藏方案,用动态链接库编程技术代替传统木马程序,并用线程嫁接技术将其植入目标进程,具有很好的隐蔽性和灵活性。
Concealing technology is important to designer of Trojan horses all through. Based on the study of the existing concealing technology of Trojan horses, a new scheme is presented to realize the injection of Trojan horse by combining the technology of dynamic linking library with the remote thread injection. The idea of replacing traditional Trojan horse program with DLL and the notion of injection of DLL by use of remote thread are proposed. It is rather safe and flexible to inject Trojan horse by adopting this scheme.
出处
《信息技术》
2005年第12期41-43,47,共4页
Information Technology
关键词
特洛伊木马
动态链接库
远程线程
隐藏技术
Trojan horse
dynamic link library
remote thread
concealing technology