Windows Hacker Programming Basis (below) Several basic skills of the text / Jinfa, the following basic skills will be on the following basic skills, although this is playing children to play, for one Beginners, master the following techniques will clear the way for your programming, and it is easy to write interesting procedures and cultivate your interest in programming. Skills learn to modify the registry.
I believe everyone knows that when I have changed some web malicious code, IE title, the default homepage, etc. is all modified, which is to change the system settings by changing the registry. The registration form in Windows is a good stuff, it is the soul of the Windows system, which is where many software recorded data (of course, also including Windows itself). Windows records a large amount of data through it, then reads the corresponding data to set the system at the next startup. By controlling the registry, you can control the entire system, so many hackers are on the registry, and especially Trojans and the evil procedures, learn to modify the registry to achieve some interesting and powerful features. We can operate the registry through programming to achieve the same effect as manually change the registry editor. Most of the "Super Rabbit" is done by modifying the registry. Operation registry has a dedicated API function, you can refer to the relevant information, the following author describes how to operate registry in the program with C Builder: Program 2: Programming Modify IE title content New project, in unit1.h file included Registry unit: #include then you can register in .cpp file operation, then come! Add the following code in the form of oncreate () (you can add any action registry in try {}): Tregistry * registry; registry = new Tregistry (); Create a Tregistry type object registry, for modification Registry. Try {registry-> rootkey = hkey_current_user; // Setting the primary key, it is essential, after setting the key key, you can operate all the key values under this primary key. IF ("Software // Microsoft // Internet Explorer // Main", False)) // Call OpenKey () Open the keys referred to in parentheses {registry-> WritestRing ("Window Title", "Taiwan It is part of China, there is only one in the world! "); // Call WritestRing () Write the IE title registration-> CloseKey (); // Close this key} else {// If open failed Registry -> CreateKey ("Software // Microsoft // Internet Explorer // Main"); // Call CREATEKEY () CreateKey () Newly built the above key registry-> WritestRing ("Window Title", "Taiwan is part of China, only one in the world China! "); // Reclusion IE title content registry-> closekey (); // Finally closed the key, this cannot be ignored, it is used to use the OpenKey above} // end of try__final or {//// If an error, jump to the process of registry-> closekey (); // closes the key delete registry; // destroy the Registry object, release the resource. } Compiling the code to run the above code to change the title of IE to "Taiwan is part of China, only one in the world!" The author wrote a small program, you can measure what the current IE title and the default home page is, and can modify them at will, but also disable others to modify your default homepage and registry editor, running the interface as shown in Figure 2 (detail Please refer to the black air disc).
Figure 2 Skills ⒉ call API programming
In fact, this is the easiest, the API is the system interface that the system provides us in the DLL, which can be called directly. As long as we have a book such as "Windows API Daquan", it is enough. Here is a simple example: program three: call the API function hide the WIND WND WNDHANDLE; / / Define Handle Type Variable WNDHANDLE = FINDWINDOW (" Shell_trayWnd ", NULL); // Call the API function FindWindow () get the handle of the taskbar showwindow (WNDHANDLE, SW_HIDE); // Turn the API function showwindow () hidden taskbar everyone to see, call the API function FINDWINDOW () During the process of showWindow (), as long as we know what the name of the function and the parameters in parentheses are, it is not necessary to pay for the process, and it will not be able to pay attention to our rookie. :) Learn to call the API, you can write The powerful program is coming, this technique is a must master for beginners (code, please refer to the black anti-CD). Skills multithreaded programming technology
Through the introduction of the previous article, everyone is very clear about the concept of threads. It is an executive unit inside the process (such as a function, etc.). The last period has said so many theories, and now it is used. Writing a multi-threaded application means that the program is running in the same process when the program creates multiple threads while running. The "Chinese hacker" virus born in June this year did not adopt a global original "three-thread technology"? Although the author did not have the opportunity to analyze its sample code, the efficiency of this virus is so high is that it is not open to its multi-threaded technology.
Use multi-threaded technology programming has the following advantages: 1 Improve the utilization rate of the CPU. Because multi-threaded concurrent operation, you can make another one more when you do something. Especially in the case of multiple CPUs, it is more fully utilized to use the advantages of hardware resources: divide a large task into several small tasks, and cooperate with different CPUs. 2 Adopt multi-threading technology, you can set the priority of each thread, adjust the progress of the work.
After clearing the advantages of multithreading technology, let's talk about how to develop multi-threaded applications in the C Builder environment. In the C Builder environment, you can easily write multi-threaded applications (but you can't do it) through TTHREAD classes. Direct use, therefore to derive new categories, the specific process is as follows: From the TTHREAD class, a new thread class is given from the TTHREAD class -> Create a thread object -> Setting thread object item-> Suspend or wake up thread (according to the specific situation) -> End thread. To illustrate a little: the priority of the thread should be reasonably set in the application. Don't make some other threads that are "starved" because of the processing time of the CPU because of the priority of certain threads, or because the thread is similar to the frequent switching of the frequent Switch time. (This paragraph is from "C Builder 5 programming instance and skill" P284).
Tips to make the program to achieve background monitoring
This is a very basic skill. If you are a hippo fan, when you read a lot of Trojan source procedures, you will find that 100% of Trojans are very paying attention to their own background monitoring skills, that is, stealth technology, facing different systems to show Different countermeasures can be implemented. Many anti-virus procedures use this background monitoring technology to run with the system's startup, and then quietly monitor the system in the background, one discovery that does not have a way to "" out of the public. The background monitoring technology of the program has the following critical: 1 Normal runtime, no program's form; 2 The system automatically runs the program every time; 3 The program icon is not displayed on the task bar; 4 does not display it Ctrl Alt DEL is called in the task list; 5 can call up hidden forms through the hotkey
Implementation:
1. To display the form, we can edit the Winmain function, set the showmainform value to hide the form of the program. Reference code: Application-> showmainform = false;
2, you can use the method described in the skill 1 to modify the registry, the key value is as follows: HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / Run
Used is the WritestRing () method. This is one of the many old Trojan usual launches such as the Ice River (of course, there is also a document association, injection of DLL and other methods);
3, to make the program icon not displayed on the task bar, it is also very simple, calling the API function setWindowlong to let the program run in the task bar after running, but put it in the oncreate (). The code is as follows: setWindowlong (Application-> Handle, GWL_EXSTYLE, WS_EX_TOOLWINDOW);
4, call the RegisterServiceProcess API function to register the program into a service mode program, so that it is running in a higher priority, there is no in the program list (valid for WinNT / 2000 / XP). For specific code, please refer to the author's "Write Trojan's Writing and Campaign", not re-narrative (please refer to "hacking line" 2002 No. 6). for
5, you must first define the hook function of the Windows message WM_HOTKEY, then add a global atom to Windows, and retain its handle, and finally register the hotkey to the Windows, this can call the API function RegisterhotKey.
Skills ⒌ Use timed trigger
In a C Builder environment, the Timer Trigger is Timer Control, and sometimes we want the program to repeat the same action in a period of time. For example, when intercepted with the QQ password, you will find a QQ login window over a period of time. In C Builder, it will be OK as long as the code to perform these actions is placed in a Timer. I heard that "China Hacker" virus is automatically created a new thread and is used to find OICQ's "Send Message" window. It is always looking for 10 minutes. Once you find it, you will go ****** "Waiting for the political color to send a friend on the victim QQ, and automatically end the thread after 10 minutes. I want to use the timer in 10 minutes of finding the "Send Message" window, which is developed with compilation. But how is it used in C Builder? In fact, the appearance of the control makes programming very simple, add a Timer control, set the properties of the control, double-click the Timer control, put the code in it. When the program is executed, the code is repeated in the specified time. In fact, the author uses the timer when looking for a QQ login window in the previous issue of "Program", and the reader references the source program in the disc. In a C Builder environment, the Timer Trigger is Timer Control, and sometimes we want the program to repeat the same action in a period of time. For example, when intercepted with the QQ password, you will find a QQ login window over a period of time. In C Builder, it will be OK as long as the code to perform these actions is placed in a Timer.
I heard that "China Hacker" virus is automatically created a new thread and is used to find OICQ's "Send Message" window. It is always looking for 10 minutes. Once you find it, you will go ****** "Waiting for the political color to send a friend on the victim QQ, and automatically end the thread after 10 minutes. I want to use the timer in 10 minutes of finding the "Send Message" window, which is developed with compilation. But how is it used in C Builder? In fact, the appearance of the control makes programming very simple, add a Timer control, set the properties of the control, double-click the Timer control, put the code in it. When the program is executed, the code is repeated in the specified time. In fact, the author uses the timer when looking for a QQ login window in the previous issue of "Program", and the reader references the source program in the disc.
For this introduction to programming skills, readers should be referred to alternative books, master more hacker programming techniques, and write popular hackers.
V. Socket Programming and Network Communication Foundation
Since the theme of this article is "hacker programming foundation", hackers are black people who have "coming without a trace" on the Internet, such as glaciers, online hob, and other hackers based on interconnect, talking about hacker program leaving network programming It will lose money. So, then I will talk about network programming, and the multi-network application-based program is inseparable from Socket.
Socket is a socket, which is an interface as a computer communication between a computer. The concept of Socket has a detailed description in the article "Socket Programming Foundation and Basic Process" of "Hacker Defense", please refer to, not here. What needs to be pointed out is that Winsock is an interface to accessing a large number of grassroots network protocols. On each Win32 platform, it exists in different forms. Winsock is the network programming interface, not an agreement, which is easy to make mistakes. local.
Now let's talk about the process of WINSOCK programming, the Winsock programming on the Win32 platform must pass the following basic steps: Define Variables -> Get Winsock Version -> Load Winsock Library -> Initialization -> Create Socket -> Setup Tags Options -> Close Sets -> Uninstall the Winsock library, release all resources. The following is an extremely simple program to explain how WINSOCK programming.
Program 4: Cash with a program to get the IP address of the local machine.
The API function provided by Winsock is the most basic network technology. In order to see a clear understanding, the author intends to write one under Visual C and C Builder to facilitate the characteristics of these two different programming tools (for this procedure For it, they are almost, and for certain communication programs, they have achieved far from them, but the essence is almost almost.
First come to see the source program under Visual C , implement the steps: Open Visual C , "New" from the "File" menu, select "Win 32 Console Application", means that the generated Win32 console program . In addition, beginners should pay attention to a little: As long as the Winsock API function is used in the program, add the WS2_32.lib file in the line of the project, otherwise the program will not be compiled, the method is: Click the "Project" menu, select "Settings ... Alt F7 ", select the" LINK "tab on the right side of the" Project Settings "dialog box, then add the WS2_32.lib file in the edit box below" Project Options ", and click" OK ". After loading a good file, you can add the following code in the checkip.cpp file:
// ------- Begin from ------------ // Contains the header files you need to use #include "stdafx.h" #include "windows.h" #include #include " stdio.h "#include" stdlib.h "#include" string.h "void checkip (void) // Defines the checkip () function to get the native IP address {Word WVersionRequested; // Word type variable for Store the correct value of Winsock version WSADATA WSADATA; CHAR NAME [255]; // Defines variables CString IP used to store the host name of the obtained host name; // Define IP address variables Phostent Hostinfo; wversionRequested = MakeWord (2, 0); // Call MakeWord () Get the correct value of the Winsock version, used to load the Winsock library if (WSAStartup (WVersionRequested, & wsadata) == 0) {// is now loading a Winsock library, if the wsastartup () function returns value 0, description The load is successful, the program can continue to perform IF down (GethStName (Name, SIZEOF (NAME)) == 0) {// If the local host name is successfully placed in the buffer specified by the Name parameter ((HostInfo = gethostbyname) (Name))! = NULL) {// This is a host name. If you get the host name, you will return a pointer, point to Hostinfo, Hostinfo is the PHOSTENT type variable, the following is about to use this structure LPCSTR IP = INT_NTOA (* (STRUCT IN_ADDR *) * HostInfo-> h_addr_list); // Call the inet_ntoa () function, convert H_ADDR_LIST in the HostInfo structure variable to the IP address represented by the standard point (e.g., 192.168.0.1) Printf ("% s) / n ", IP); // Output IP address}} wsacleanup (); // Uninstall the Winsock library, release all resources}}} int main (int Argc, char * argv []) // main function, the entry of the program {Checkip (); // Call the checkip () function to get, lose The IP address return 0; // Since main () is defined as an INT type, it should be brought back to an INT type value} program run interface as shown in Figure 3: Figure 3 Next, look at how to implement it under C Builder, In fact, the thoughts of the two are just the interface-friendly points implemented under C Builder. Implementation: Open C Builder 5, by default, a new project has been created, saving this project file, construct, as shown below The interface shown, adding the following code to the corresponding place. code:
// Contains header file #include #include #pragma hdrstop # include "unit1.h" #pragma package (smart_init) #pragma resource "* .dfm" TFORM1 * FORM1; __ fastCall TFORM1: TFORM1 (tComponent * Owner: TFORM Owner) {} void TForm1 :: GetHostIpAddress () {// GetHostIpAddress () to obtain the IP address of struct hostent * thisHost; struct in_addr in; char MyName [80]; char * ptr; WORD wVersionRequested; WSADATA wsaData; int err; WVersionRequested = MakeWord (2, 0); Err = WSAStartup (WVersionRequested, & WSADATA); if (Err! = 0) Return; if (Lobyte (Wsadata.WVersion)! = 2 || Hibyte (Wsadata.WVersion)! = 0) {Wsacleanup (); return;} = == Socket_ERROR) RETURN; if (! (ThisHost = gethostbyname (myname))) Return; Memset ((void *) & in, sizeof (in), 0 ); in .s_addr = * ((unsigned long *) thisHost-> h_addr_list [0]); if (! (ptr = inet_ntoa (in))) Return; wsacleanup (); edit1-> text = ansistring (PTR); } void __fastcall tform1 :: formcreate (tobject * sender) {gethostipaddress ();} void __fastcall tform1 :: button1click (TOBJECT * Sender) {close (); // Add a "OK" button, click to close the program. } The program is compiled under C Builder 5, and the run interface is shown in Figure 4. By comparing you, you will find that they are small, for the same procedure, the tools have swings, as for which kind of decision, it is best to have completed. Figure 4 "Lin Yuan Yuki, it is better to return net", although "there is more than one way to the computer", but for programming, the road is only one, that is: to do it, personal practice.
Brother, may you become a good helmsman, use the code to drive the computer's world, use programming to fill colorful life!
Reference book:
"C Builder 5 Programming Examples and Skills", Machinery Press, "WIN Programming Tips", virus brother work, thank you again.
Disclaimer: This article is the original article of the Jinfeng, published in the "hacker defense" period, in the "Qingshan Online" Forum, this article is not a master, only for the majority of beginners. After full text, please welcome you to talk about your opinion to urge my learning.
