Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > hacker course > Content
Hot Articles
The SQL injection revise
How does the hacker dest
Hacker skill: Gains Webs
MYSQL database injection
The SQL injection revise
Breaks through the Inter
Breaks through the Inter
The hacker teaches you a
Travel of the JSP+Oracle
MYSQL database injection
The new military recruit
mssql SA jurisdiction ne
Union inquires the small
Invades under new skill
The random combined comm
Recommend Articles
The SQL injection revise
How does the hacker dest
The new military recruit
Union inquires the small
MYSQL database injection
Invades under new skill
How does the website scr
Smells searches works as
How in does the net seep
Microsoft SQL Server SA
A simple invasion, does
The mainstream raises th
The bored Css cross stat
The random combined comm
The hacker teaches you a
New Articles
Teaches you to explain t
Teaches you the hacker t
Teaches you to explain W
Secret path of tracing (
Linux/Rst-B virus still
Barracuda Networks Launc
Is online banking safer
Online criminals exploit
FTP account credentials
Cybercrime is now the do
IT departments worry ove
European Businesses need
The threat of the Ajax S
Harvard University hack
Hacker's script crack to
Discusses the document bundle technology way shallowly (chart)
  Add date: 10/07/2008   Publishing date: 10/07/2008   Hits: 1
Total 2 pages, Current page:1, Jump to page:
 
Is getting more and more widespread along with the malicious code's development, as well as its formidable destructiveness and the diverser propagation mode, brings more harms to the people. The leaf had already discussed the malicious code basic concept as well as to its research analysis flow in the front article with everybody. The leaf will give everybody in this article to introduce of a bundle technology evil intention code propagation modes, as well as common Winrar realizes the process from the decompression bundle technology.
  The bundle technology is ties up two or two above documents is becoming one to be possible together the execution document, in carries out this document time, ties up is carried out in the inside document. Needs to tie up in the together document, may be the same document format, may also be the different document format. Bundle technology by hackers widespread application in Internet's malicious code spreading process. Through transmits some users to be interested the document, contains the malicious software's procedure. When the user saw is interested the document, after the click, then infects the corresponding malicious code. The hackers may complete some black economy using the malicious code the income.
  At present in the network the popular bundle technology and the way mainly have the following several kind of situations:
  # multiple file bundles.
  Ties up in the technology the simple the bundle way, is also the most popular bundle technology realizes one of ways. The document bundle is also (normal document) and the B.exe document (malicious code) ties up a.exe document the C.exe document. When the user clicks on the C.exe document, the user saw what is a.exe document carries out the result, but the B.exe document quietly carries out in the backstage. Under Win32 in the normal document contains by document MZ begins, DOS article article of following PE by PE \ 0 \ 0 openings. Inspects whether to be tied up the multiple files, then may open object file search key words MZ or PE through a UltraEdit kind of tool. If found two or above two, then indicated that this document has certainly tied up other documents. The leaf in the following example will introduce how to realize the document bundle operating process.
  # resources fusion bundle.
  Understands in the Windows document the PE structure people to know that the resources are in a EXE special sector. This section of regions may use for the resources information which contains EXE to transfer and so on related content. But we may using BeginUpdateResource, UpdateResource, the EndUpdateResource API function realize to the resources content renewal replace. The programmers only need write a package bundle document the first head document, in the document only need section of release resources the code. But the bundle uses time a document will release first, will then transfer the above three API function to wait the bundle namely to complete bundle technology realization the file updating to this document.

 
Other pages: : 1 * 2 * Next>>
Prev:Back door program technique knowledge deep solution Next:Rootkit stealth technology course (figure)

Comment:

Category: Home > hacker course
Home