|
http://www.hackerschool.org/HS_Boards/zboard.php?AllArticle=true&no=1715 [º¹»ç]
Process Explorer ·Î ³×ÀÌÆ®¿Â¿¡ ÀÎÁ§¼ÇµÇ¾îÀÖ´Â DLL µéÀ» º¸°íÀÖ¾úÀ½.
±Ùµ¥ ÀÌ°Ç ¹»±î
NateOnHook40u.dll À̶ó´Â°Ô ÀÖ¾ú´Âµ¥ Èñ¾ÈÇÏ°Ôµµ ¸ðµçÇÁ·Î¼¼½º¿¡ ÀÌ DLLÀÌ ÀÎÁ§¼ÇµÇ¾îÀÖ¾úÀ½
PEID·Î »ìÆ캻°á°ú ÆÐÅ·Àº ¾ÈµÇ¾î ÀÖ¾ú°í µð¹ö±ëÇغ»°á°ú ÇÁ·Î¼¼½º ¸ñ·ÏÀ» ÈÄÅ·ÇÏ¿© ȸ麸ȣ±â³ª Àå½Ã°£ µ¿ÀÛÀÌ ¾øÀ»°æ¿ì
³×ÀÌÆ®¿Â »óŸ¦ ÀÚ¸®ºñ¿òÀ¸·Î º¯°æÇÏ´Â ¹æ½ÄÀÌ ¾óÇͺ¸¿´À½...
±×°É º¸°í ¶°¿À¸¥°Ç °ÔÀÓ°¡µå³ª ¾ÈƼÇÙÅø¿¡ Anti DLL injection ÀÌ Àû¿ëµÈ´Ù¸é ÀÌ ¹æ¹ýµµ °í·ÁÇغ¸´Â°Ô ÁÁÀ»µí...
±×³É ³×ÀÌÆ®¿ÂÆú´õ¿¡ NateOnHook40u.dll ¸¦ µ¤¾î¾º¿ì±â Çϴ¹æ¹ýÀÓ
¹°·Ð ÀÎÁ§¼ÇÀÌµÇ¸é °ÔÀÓÇÁ·Î¼¼½º Á¦¿ÜÇÑ ´ë´Ù¼öÀÇ ÇÁ·Î¼¼½º´Â ¿À·ùº¸°í°¡ ¶ß°Å³ª ºñÁ¤»óÁ¾·áµÇ°ÚÁö¸¸
¾Æ·¡ÀÇ ¼Ò½º¸¦ ÀÌ¿ëÇϸé....
---------------------------------------------------------------------
if (!GetModuleHandle("ÇÁ·Î¼¼½º¸í.exe"))
{
MessageBoxA(NULL, \
"°ÔÀÓÀÌ ¾Æ´Ñ ´Ù¸¥ÇÁ·Î¼¼½º¿¡ DLLÀÌ ÀÎÁ§¼ÇµÇ¾ú½À´Ï´Ù. DLLÀ» ¾ð·ÎµåÇÕ´Ï´Ù .", \
"¹®Á¦¹ß»ý", \
MB_OK | MB_ICONINFORMATION);
FreeLibrary(hInst);
}
---------------------------------------------------------------------
DLLÀ» ÀÎÁ§¼Ç ÇÒ ¼ö ÀÖ´Â »óȲÀÌ ¾Æ´Ò¶§....
ÁÁÀº°÷¿¡ »ç¿ëµÇ¾úÀ¸¸é ÁÁ°ÚÀ½
|
Hit : 11396 Date : 2011/04/11 06:38
|
1619, 
1/81 
