摘要
针对网络上木马泛滥的现状,结合主流操作系统的发展和变迁,概述木马的发展过程,并分析木马的基本运行原理。结合TCP/IP协议和Windows的内部运行原理,以套接字和钩子函数的编程知识为基础,剖析木马编程所涉及到的一些底层编程原理,着重分析客户机/服务器型木马。并详细分析主机感染木马以后,所表现出的症状与这些底层编程原理的联系,可以作为检测木马的依据。最后概述木马的发展现状和未来的发展趋势。
In the light of Trojan horse's fast spreading in network as well as the development and transition of the mainstream operating system, this paper summarizes the Trojan horse" developing process, and analyzes its basic principles of operation. Based on the programming knowledge about Socket and Hook function, and the TCP/IP protocols and Windows" inner principles of operation, the paper analyzes some essential programming principles of Trojan horse, with those of the C/S Trojan horse as emphasis. It analyzes in detail the relationship between the symptoms a computer shows when infected with a Trojan horse and the basic programming principle, which could be the basis of detecting Trojan horses. In the end, this paper summarizes Trojan horse's current development status and development trend in the future.
出处
《计算机与网络》
2009年第3期107-108,115,共3页
Computer & Network
