1581, 10/80 ȸ¿ø°¡ÀÔ  ·Î±×ÀΠ 
   havu
   http://havu.tistory.com
   [ÀÚÀÛ]ÇÁ·Î¼¼½º¸ð´ÏÅÍOperationÇÊÅÍ

http://www.hackerschool.org/HS_Boards/zboard.php?id=Free_Lectures&no=1919 [º¹»ç]


- Process and Thread Activity ³»¿ë ºÐ¼®
   ? Process and Thread ActivityÀÇ Operation
      ¡æ Process/Thread Create : ÇÁ·Î¼¼½º/¾²·¹µå »ý¼º
      ¡æ Process/Thread Start : ÇÁ·Î¼¼½º/¾²·¹µå ½ÃÀÛ
      ¡æ Load Image : À̹ÌÁö¸¦ ÀÐÀ½

- File System Activity ³»¿ë ºÐ¼®
   ? Operation
      ¡æ CreateFile : ÆÄÀÏÀ» ¸¸µé°Å³ª ÀÌ¹Ì ¸¸µé¾îÁ® ÀÖ´Â ÆÄÀÏÀ» ¿°, ÆÄÀÏ »Ó¸¸ ¾Æ´Ï¶ó
                               ÆÄÀÌÇÁ, ¸ÞÀÏ ½½·Ô, ÄÜ¼Ö µîÀÇ ¿ÀºêÁ§Æ®¸¦ ¸¸µé°Å³ª ¿­±âµµ ÇÔ
      ¡æ WriteFile : ÆÄÀÏ¿¡ µ¥ÀÌÅ͸¦ ¾¸
      ¡æ ReadFile : ÆÄÀÏ¿¡¼­ µ¥ÀÌÅ͸¦ ÀÐÀ½
      ¡æ CopyFile : ÆÄÀÏÀ» º¹»ç
      ¡æ MoveFile : ÆÄÀÏÀ» À̵¿
      ¡æ DeleteFile : ÆÄÀÏÀ» »èÁ¦
      ¡æ CloseFile : ÆÄÀÏÀ» ´ÝÀ½
      ¡æ CreateFileMapping : MMF(Memory Mapped File) »ý¼º, ÀϹÝÀûÀ¸·Î ½ÇÇà                                       
          ÆÄÀÏ(EXE, DLL)µéÀÌ ½ÇÇàµÇ¸é MMF°¡ µÊ
      ¡æ LockFile : ¹ÙÀÌÆ® ¹üÀ§·Î ÁöÁ¤µÈ ÆÄÀÏ Àá±Ý
      ¡æ UnlockFileSingle : ¹ÙÀÌÆ® ¹üÀ§·Î Àá±ÝµÈ ÆÄÀÏÀ» ÇØÁ¦(unlock)
      ¡æ FileSystemControl : ÁöÁ¤µÈ ÆÄÀÏ ½Ã½ºÅÛÀ̳ª ÆÄÀÏ ½Ã½ºÅÛ ÇÊÅÍ µå¶óÀ̹ö¿¡ Á÷Á¢                         
          Á¦¾î Äڵ带 º¸³»¾î, ÇØ´ç µå¶óÀ̹ö°¡ ÁöÁ¤µÈ ÀÛ¾÷À» ¼öÇàÇÏ°Ô ÇÔ
      ¡æ QueryNameInformationFile : ÆÄÀÏ °´Ã¼¿¡ ´ëÇÑ Á¤º¸¸¦ ¹Ýȯ. À̸§ÀÇ Çü½Ä¿¡ ´ëÇÑ                         
          ÀÚ¼¼ÇÑ Á¤º¸¸¦ ¹Ýȯ
      ¡æ QueryStandardInformationFile : ÆÄÀÏ °´Ã¼¿¡ ´ëÇÑ Á¤º¸¸¦ ¹Ýȯ. ¹ÙÀÌÆ® ´ÜÀ§ ÆÄÀÏ                         
          ÇÒ´ç Å©±â, ¹ÙÀÌÆ® ¿ÀÇÁ¼ÂÀÇ ÆÄÀÏ À§Ä¡ÀÇ ³¡, ÆÄÀÏ¿¡ ´ëÇÑ Çϵ帵ũ¼ö, ÆÄÀÏ °´Ã¼°¡ µð·ºÅ丮ÀÎÁöÀÇ Á¤º¸
      ¡æ QueryInformationVolume : ƯÁ¤ ÆÄÀÏ, µð·ºÅ丮, ÀúÀåÀåÄ¡ ¶Ç´Â º¼·ý°ú ¿¬°áµÈ                         
          º¼·ý¿¡ ´ëÇÑ Á¤º¸¸¦ °Ë»ö
      ¡æ QueryDirectory : ±âÁ¸ µð·ºÅ丮¸¦ ¿°. µð·ºÅ丮 °³Ã¼¿¡ Äõ¸® ¾×¼¼½º

  Hit : 12046     Date : 2012/01/10 02:34



    
  [ÀÚÀÛ]ÇÁ·Î¼¼½º¸ð´ÏÅÍOperationÇÊÅÍ     havu
01/10 12045
1400   ³×Æ®¿öÅ© °³³ä ÈÖ¾îÀâ±â 6[10]     ¼ÒÀ¯
09/15 12029
1399   cmd [¸í·ÉÇÁ·ÒÇÁÆ®] ·Î ÇØÄ¿½ºÄðÁ¢¼Ó¹æ¹ý[30]     HackerMapia
01/12 12006
1398   [Æß] ¾Ë°íÀÖÀ¸¸é À¯¿ëÇÑ µµ½º ¸í·É¾îµé.[2]     dzhfldk
08/22 11998
1397   GetProcAddress ·Î ¾Ë¾Æº¸´Â Å°¿öµå     HongMK900
08/13 11993
1396   [ÀÚÀÛ]Æ÷·»½ÄÀ»À§ÇÑNTFS±¸Á¶[2]     havu
01/11 11983
1395   D.Dolphin´Ô Áú¹®³»¿ë] LAN°ú WANÀÇ Â÷ÀÌÁ¡°ú VANÀÇ Á¤ÀÇ[5]     Ǫ¸¥ÇÏ´Ã
09/11 11965
1394   2¹ø°C°­ÁÂ~![9]     ±«µµjs
07/03 11940
1393   [µ¿°­]¹éÆ®·¢À» ÀÌ¿ëÇÑ Àç¹Õ´Â ³îÀ̵é![4]     cdpython
09/29 11915
1392   ¿ø°ÝÁ¾·á....[39]     bsjzzz
01/02 11907
1391   C¾ð¾î ÇÔ¼ö ¿ä¾à[5]     qkreoghks00
11/15 11897
1390   [Æß]TCP SYN_Flooding °ø°ÝÀÇ ¿øÀΰú ÇØ°áÃ¥[1]     Chris Ruiel
10/06 11824
1389   * ÇØÅ·¿µÈ­ º¼¸¸ÇÑ°Å *[5]     HackerMapia
02/20 11821
1388   ¸®´ª½º ±âº» ¸í·É[1]     jeongseok0
04/22 11800
1387   ¸®´ª½º ½Ã½ºÅÛ Á¤º¸ ¾Ë¾Æ³»±â[3]     bitcom01
08/11 11799
1386   [Project] Àü±â,ÀüÀÚ »ó½Ä ¹× »þÇÁ½ÉÀ¸·Î Àü±¸¸¸µé±â. - 1[11]     ¾ÆÀÌÇÁ¸®µå
02/03 11740
1385   À©µµ¿ìÁî XP SP1 WFP (Windows File Protection) ²ô±â[1]     x90c
03/05 11733
1384   [ÄÄÇ»ÅÍ Â¯µÇ´Â 100°¡Áö ÆÁ] ³×À̹ö¿¡¼­ ÆÛ¿È!![2]     turtle0216
04/12 11721
1383   Xmanager·Î ¸®´ª½º ÀÌ¿ëÇϱâ(¸Û¸Û´Ô ¸¸È­°­Á »ç¿ë)[14]     DarkSlayer
09/21 11721
1382   ÇØÄð level2 °­ÀÇ[10]     °áºù
07/07 11672
[1][2][3][4][5][6][7][8][9] 10 ..[80]

Copyright 1999-2024 Zeroboard / skin by Hackerschool.org / Secure Patch by Hackerschool.org