hosts:
127.0.0.1 vip.51srat.com
先启动"SRAT通用本地登陆认证配置器.exe"
然后再运行SRAT.EXE
用户jksing 密码jksing
想了解下SRAT是如何在VISTA的与桌面的交互.
00407125 . E8 12D9FFFF CALL <JMP.&user32.GetInputState> ; [GetInputState
0040712A . 6A 00 PUSH 0 ; /lParam = 0
0040712C . 6A 00 PUSH 0 ; |wParam = 0
0040712E . 6A 00 PUSH 0 ; |Message = WM_NULL
00407130 . E8 7FD8FFFF CALL <JMP.&kernel32.GetCurrentThreadId> ; |[GetCurrentThreadId
00407135 . 50 PUSH EAX ; |ThreadId
00407136 . E8 11D9FFFF CALL <JMP.&user32.PostThreadMessageA> ; \PostThreadMessageA
0040713B . 6A 00 PUSH 0 ; /MsgFilterMax = 0
0040713D . 6A 00 PUSH 0 ; |MsgFilterMin = 0
0040713F . 6A 00 PUSH 0 ; |hWnd = NULL
00407141 . 68 F4964000 PUSH SratInit.004096F4 ; |pMsg = SratInit.004096F4
00407146 . E8 F9D8FFFF CALL <JMP.&user32.GetMessageA> ; \GetMessageA
0040714B . E8 48BAFFFF CALL SratInit.00402B98
00407150 . 6A 01 PUSH 1 ; /IsShown = 1
00407152 . 6A 00 PUSH 0 ; |DefDir = NULL
00407154 . 6A 00 PUSH 0 ; |Parameters = NULL
00407156 . 68 84714000 PUSH SratInit.00407184 ; |FileName = "ctfmon.exe"
0040715B . 68 90714000 PUSH SratInit.00407190 ; |Operation = "open"
00407160 . 6A 00 PUSH 0 ; |hWnd = NULL
00407162 . E8 5DE5FFFF CALL <JMP.&shell32.ShellExecuteA> ; \ShellExecuteA
它运行了ctfmon.exe是做什么的?麻烦各位大牛分析下它的启动过程
自己的程序在VISTA或者WIN 7下.服务启动后老是屏幕是白屏的.所以想到可能桌面的交互.的问题.
所以看到了这个木马能支持VISTA的.所以想了解下其启动过程
还有他好像是纯DLL就能
桌面的交互了~~自己没这功底.麻烦大大了
下载:
f37K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3c8Q4x3X3g2F1j5h3#2A6M7r3q4F1i4K6u0W2j5$3!0E0i4K6u0r3k6q4)9J5c8U0l9^5x3o6R3&6k6U0m8W2x3o6y4V1y4o6m8T1j5h3b7J5x3e0m8U0y4$3c8S2j5X3k6S2y4e0m8X3k6o6M7&6y4e0u0V1y4e0V1^5j5e0x3#2k6r3u0S2x3$3j5H3x3l9`.`.
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
