{"id":341133,"date":"2021-02-15T05:38:11","date_gmt":"2021-02-14T21:38:11","guid":{"rendered":"http:\/\/4563.org\/?p=341133"},"modified":"2021-02-15T05:38:11","modified_gmt":"2021-02-14T21:38:11","slug":"%e5%a6%82%e4%bd%95%e5%87%bb%e6%9d%80%e4%ba%92%e7%9b%b8%e8%b0%83%e7%94%a8%e7%9a%84%e7%a8%8b%e5%ba%8f%ef%bc%9f","status":"publish","type":"post","link":"http:\/\/4563.org\/?p=341133","title":{"rendered":"\u5982\u4f55\u51fb\u6740\u4e92\u76f8\u8c03\u7528\u7684\u7a0b\u5e8f\uff1f"},"content":{"rendered":"
\n
\n
\n

\u5982\u4f55\u51fb\u6740\u4e92\u76f8\u8c03\u7528\u7684\u7a0b\u5e8f\uff1f <\/h1>\n

<\/p>\n

\n
\u8cc7\u6df1\u5927\u4f6c : GPLer <\/span> <\/i> 3<\/span> <\/div>\n
<\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n
<\/p>\n

\u5927\u6982\u5c31\u662f A \u7a0b\u5e8f\u521b\u5efa B \u7a0b\u5e8f\u540e\u9000\u51fa\uff0cB \u7a0b\u5e8f\u62c9\u8d77 A \u7a0b\u5e8f\u540e\u9000\u51fa\u3002 \u5982\u679c\u662f\u4ee5\u524d\u6211\u4f1a\u7528 PCHunter \u7981\u6b62\u65b0\u8fdb\u7a0b\u7684\u521b\u5efa\u89e3\u51b3\uff0c\u4f46\u662f PCHunter \u8c8c\u4f3c\u4e0d\u80fd\u5728\u6700\u65b0\u7684 Win 10 \u4e0a\u6b63\u5e38\u5de5\u4f5c\u3002<\/p>\n

\u8fd9\u6b21\u4e0d\u662f\u75c5\u6bd2\uff0c\u53ea\u662f\u5f00\u53d1\u8005\u5199\u4e86\u4e2a\u6b7b\u5faa\u73af\u7684\u66f4\u65b0\u7a0b\u5e8f\uff0c\u6700\u540e\u901a\u8fc7\u65ad\u7f51\u89e3\u51b3\u7684\uff0c\u4f46\u5982\u679c\u6076\u610f\u7a0b\u5e8f\u4f7f\u7528\u7c7b\u4f3c\u7684\u5957\u8def\uff0c\u968f\u673a\u6587\u4ef6\u540d\uff0cHASH \u4e0d\u56fa\u5b9a\uff0c\u518d\u52a0\u4e0a\u81ea\u542f\u52a8\u5e94\u8be5\u80fd\u6076\u5fc3\u5230\u4e0d\u5c11\u4eba\u3002<\/p>\n

\u5b89\u5168\u6a21\u5f0f\u7981\u7528\u542f\u52a8\u9879\u8fdb\u53bb\u5220\u6587\u4ef6\u786e\u5b9e\u80fd\u6682\u65f6\u89e3\u51b3\uff0c\u4f46\u6709\u6ca1\u6709\u76f4\u63a5\u5904\u7406\u7684\u65b9\u6cd5\u5462\uff1f<\/p>\n<\/p><\/div>\n

\u5927\u4f6c\u6709\u8a71\u8aaa<\/b> (10<\/span>) <\/div>\n
<\/div>\n<\/p><\/div>\n<\/p><\/div>\n
    \n
  • \n
    \n
    \n
    \u8cc7\u6df1\u5927\u4f6c : johnsonshu <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    suspend \u4e00\u4e2a \u518d\u641e\uff1f <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n
    \n
    \n
    \u4e3b<\/span> \u8cc7\u6df1\u5927\u4f6c : GPLer <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    @johnsonshu \u8bf7\u95ee Suspend \u5982\u4f55\u5b9e\u65bd\uff0c\u6211\u8bd5\u8fc7\u4e86\u624b\u52a8\u7ed3\u675f\u8fdb\u7a0b\u4f1a\u5931\u8d25\uff0c\u56e0\u4e3a\u5728\u7ed3\u675f\u524d\u76ee\u6807\u8fdb\u7a0b\u5df2\u7ecf\u6d88\u5931\u4e86\uff0cSuspend \u7684\u8bdd\u5e94\u8be5\u4e5f\u4f1a\u6709\u7c7b\u4f3c\u7684\u95ee\u9898\u5427\u3002 <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n
    \n
    \n
    \u8cc7\u6df1\u5927\u4f6c : johnsonshu <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    @GPLer procexp \u91cc\u5217\u51fa\u8fdb\u7a0b\u5217\u8868\u3002\u7136\u540e\u70b9\u53f3\u952e\u554a\u3002 \u6211\u60f3\u5f97\u592a\u7b80\u5355\u4e86\uff1f <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n
    \n
    \n
    \u4e3b<\/span> \u8cc7\u6df1\u5927\u4f6c : GPLer <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    @johnsonshu \u8bd5\u4e86\u4e0b\u6ca1\u7528\uff0c\u6839\u672c\u9009\u4e0d\u5230\u3002\u3002\u3002 <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n
    \n
    \n
    \u8cc7\u6df1\u5927\u4f6c : xupefei <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    \u6302\u4e0a\u8c03\u8bd5\u5668\u628a createprocess api \u5e72\u6389\u5457\u3002 <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n
    \n
    \n
    \u8cc7\u6df1\u5927\u4f6c : ysc3839 <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    > \u4f46\u5982\u679c\u6076\u610f\u7a0b\u5e8f\u4f7f\u7528\u7c7b\u4f3c\u7684\u5957\u8def\uff0c\u968f\u673a\u6587\u4ef6\u540d\uff0cHASH \u4e0d\u56fa\u5b9a\uff0c\u518d\u52a0\u4e0a\u81ea\u542f\u52a8\u5e94\u8be5\u80fd\u6076\u5fc3\u5230\u4e0d\u5c11\u4eba\u3002<\/p>\n

    \u8fd9\u95ee\u9898\u65e0\u89e3\uff0c\u5927\u591a\u6570\u684c\u9762\u64cd\u4f5c\u7cfb\u7edf\u662f\u6bd4\u8f83\u5f00\u653e\u7684\uff0c\u56e0\u6b64\u6076\u610f\u7a0b\u5e8f\u6709\u5404\u79cd\u5404\u6837\u7684\u65b9\u6cd5\u6765\u6076\u5fc3\u4eba\uff0c\u8981\u907f\u514d\u7684\u8bdd\u53ea\u80fd\u4e00\u5f00\u59cb\u5c31\u4e0d\u8981\u8fd0\u884c\u3002 <\/p><\/div>\n<\/p><\/div>\n<\/li>\n

  • \n
    \n
    \n
    \u8cc7\u6df1\u5927\u4f6c : crab <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    \u8bbe\u7f6e\u6587\u4ef6\u6743\u9650\u4e0d\u7ed9\u8fd0\u884c\u3002 <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n
    \n
    \n
    \u8cc7\u6df1\u5927\u4f6c : love <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    \u5199\u4e2a\u811a\u672c\uff1f
    plist = get_process_list()
    while true:
    plist2 = get_process_list()
    if (plist2 \u6709\u4e0d\u5728 plist \u4e2d\u7684\u8fdb\u7a0b) \u76f4\u63a5 kill \u8fd9\u4e9b\u8fdb\u7a0b else break <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n
    \n
    \n
    \u8cc7\u6df1\u5927\u4f6c : systemcall <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    \u653e\u865a\u62df\u673a\u91cc\u9762\u8dd1\u3002\u4e0d\u7528\u4e86\u5c31\u628a\u865a\u62df\u673a\u4f11\u7720\uff0c\u8981\u7528\u4e86\u5c31\u76f4\u63a5\u6062\u590d\u3002\u53ea\u662f\u8d39\u70b9\u5185\u5b58\u548c\u786c\u76d8\u800c\u5df2\uff0c\u53cd\u6b63\u8fd9\u8fb9\u7684\u4eba\u90fd\u4e0d\u5728\u4e4e <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n
    \n
    \n
    \u8cc7\u6df1\u5927\u4f6c : zszhere <\/span> <\/div>\n
    <\/i> <\/span> <\/div>\n<\/p><\/div>\n
    \u8fd9\u90fd\u5feb\u641e\u6210 rootkit \u7684\u6280\u672f\u4e86 <\/div>\n<\/p><\/div>\n<\/li>\n
  • \n","protected":false},"excerpt":{"rendered":"

    \u5982\u4f55\u51fb\u6740\u4e92\u76f8\u8c03\u7528\u7684\u7a0b\u5e8f\uff1f \u8cc7\u6df1\u5927\u4f6c…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[],"tags":[],"_links":{"self":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts\/341133"}],"collection":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=341133"}],"version-history":[{"count":0,"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts\/341133\/revisions"}],"wp:attachment":[{"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=341133"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=341133"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=341133"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}