hosts:
127.0.0.1 vip.51srat.com
先启动"SRAT通用本地登陆认证配置器.exe"
然后再运行SRAT.EXE
用户jksing 密码jksing
想了解下SRAT是如何在VISTA的与桌面的交互.
00407125 . E8 12D9FFFF CALL <JMP.&user32.GetInputState> ; [GetInputState
0040712A . 6A 00 PUSH 0 ; /lParam = 0
0040712C . 6A 00 PUSH 0 ; |wParam = 0
0040712E . 6A 00 PUSH 0 ; |Message = WM_NULL
00407130 . E8 7FD8FFFF CALL <JMP.&kernel32.GetCurrentThreadId> ; |[GetCurrentThreadId
00407135 . 50 PUSH EAX ; |ThreadId
00407136 . E8 11D9FFFF CALL <JMP.&user32.PostThreadMessageA> ; \PostThreadMessageA
0040713B . 6A 00 PUSH 0 ; /MsgFilterMax = 0
0040713D . 6A 00 PUSH 0 ; |MsgFilterMin = 0
0040713F . 6A 00 PUSH 0 ; |hWnd = NULL
00407141 . 68 F4964000 PUSH SratInit.004096F4 ; |pMsg = SratInit.004096F4
00407146 . E8 F9D8FFFF CALL <JMP.&user32.GetMessageA> ; \GetMessageA
0040714B . E8 48BAFFFF CALL SratInit.00402B98
00407150 . 6A 01 PUSH 1 ; /IsShown = 1
00407152 . 6A 00 PUSH 0 ; |DefDir = NULL
00407154 . 6A 00 PUSH 0 ; |Parameters = NULL
00407156 . 68 84714000 PUSH SratInit.00407184 ; |FileName = "ctfmon.exe"
0040715B . 68 90714000 PUSH SratInit.00407190 ; |Operation = "open"
00407160 . 6A 00 PUSH 0 ; |hWnd = NULL
00407162 . E8 5DE5FFFF CALL <JMP.&shell32.ShellExecuteA> ; \ShellExecuteA
它运行了ctfmon.exe是做什么的?麻烦各位大牛分析下它的启动过程
自己的程序在VISTA或者WIN 7下.服务启动后老是屏幕是白屏的.所以想到可能桌面的交互.的问题.
所以看到了这个木马能支持VISTA的.所以想了解下其启动过程
还有他好像是纯DLL就能
桌面的交互了~~自己没这功底.麻烦大大了
下载:
http://d.namipan.com/d/08089f0e03d40bad210c7dabfa50fd7952d598a35dba3f00
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
