Joke Collection Website - Cold jokes - How to write a Trojan horse program?

How to write a Trojan horse program?

How to write a Trojan horse program

howdy

It is illegal and criminal to suggest that you don't learn to use Trojan virus. In addition, if you receive a Trojan virus, it will automatically run on your computer first.

I suggest you download a computer housekeeper from official website, Tencent's computer housekeeper.

When using the computer at ordinary times, opening the computer housekeeper can be protected by the real-time protection of the computer housekeeper layer 16 and the intelligent early warning system in the cloud, which can detect and intercept the damage of trojans in the early stage of Trojan activities, and kill the latest popular trojans through the cloud killing technology.

If you have any other questions, please come to the computer housekeeper enterprise platform again and we will try our best to answer them for you.

Tencent Computer Manager Enterprise Platform: zhidao.baidu/c/guanjia/

How to write a Trojan horse program

What do you want? If you just want to play, I suggest you learn vbs script or bat script. If you want to make a script into an exe program, the easiest way is to compress the script into a self-extracting file, and then modify a value with a 16 binary editor, and it will be successful.

If you want to do something bad, hee hee, Trojans are not so easy to write. First of all, to be an excellent programmer, you should not only lay a solid foundation of C language, but also be proficient in assembly language, computer hardware and operating system principles, and have strong logical thinking. Of course, you have a lot to learn, such as mfc, C# and so on. So, if you are not crazy about programming, I advise you to have fun. Of course, don't take the road of illegal crime.

Good luck.

Oh, please adopt me, baby, hey!

How to write a Trojan horse program

If you are interested in computers, you can learn it. Generally, software development engineers learn high-level languages, but when you write Trojans, we usually have to touch low-level languages. Low-level languages are more boring than advanced linguistics, but after learning, advanced high-level languages are faster and more powerful than ordinary programmers. Only high-level language combined with low-level knowledge can write a better Trojan horse. The stronger the underlying knowledge, the better.

How can I program Trojan horses?

There are so many programmers in the north, Guangzhou and Shenzhen, how come few of them do this kind of programming?

One reason is that there is no money to earn, and the other reason is that the technical requirements are too high.

Learn programming well. Judging from your question, you haven't started yet.

Learn slowly, and you will find that the more you learn, the more ignorant you become. When you have more than five years of development experience, you will laugh at yourself when you look at this problem now.

I wish you rapid growth on the road of development!

Troy is how to write (3)

I'm happy to answer your question:

Trojan horse writing requires you to know C++ language.

The first is the size of the program. This program has more than 400 K executable files after compiling and linking, and there are more than 200 K after pressing with Aspack 1.07. It can be seen that unnecessary forms should be removed; And try to call the underlying API function yourself, and try to lay down the VCL control of the package with Borland as little as possible; Try to use assembly language (BCB supports C++ and assembly mixing), which will not only speed up, but also make the size much smaller. After all, the smaller Troy is, the better.

There is also the choice of startup mode. In addition to Win.ini and System.ini, there are several registry key values, such as:

HKEY _ local _ machine \ software \ Microsoft \ Windows \ current version \Run

HKEY _ local _ machine \ software \ Microsoft \ Windows \ current version \

Running service

HKEY _ Current User \ Software \ Microsoft \ Windows \ Current Version \ Running

All of them were rotten by other trojans. Now it has begun to tamper with the related programs of exe, dll and txt files (such as Glacier and Guangwai Girl). This involves the problem of parameter transfer. Get parameters from ParamStr () function, start the associated program after starting it yourself, and pass the parameters to it, thus completing a "double start", and the victim does not feel any abnormality at all. The specific key values are as follows:

Establish an association with the exe file: HKEY _ Class _ Root \ Exefile \ shell \ open \ mand.

Establish association with txt file: HKEY _ class _ root \ txtfile \ shell \ open \ mand.

Associate with dll file: HKEY _ Class _ Root \ dll file \ Shell \ Open \ command.

Wait, of course, you can also expand yourself. There is also a new method: in

HKEY _ LOCAL _ MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ current version

\Windows

Add the following key value "AppInit _ DLLs" = "Server. Dll "registers Server.dll as a module that must be loaded when the system starts (you should compile Trojan into a DLL). Trojan is loaded in the form of a dynamic link library and exists in the system process when it is opened next time. Because it doesn't have its own PID (process ID process identification number), it can't be seen in NT's task manager (but you can still see every module loaded in the current memory in detail in System Information-Software Environment-Load 32-bit module). The purpose of doing this is to make your own program more hidden and improve the survival ability of Trojan horses.

The functions of Trojans can be greatly expanded. You can give full play to your imagination-for example, uploading, downloading, building, renaming, moving files, saving screenshots as jpg files, recording and listening to Wav files, recording as AVI files, playing CD-ROM drives, reading floppy drives, shutting down, restarting, constantly hanging up, randomly switching resolutions (burning your monitor), sending dialogs, constantly opening the resource manager until it crashes, and killing the Kernel32.dll process, resulting in sudden machine death. Exchange the left and right keys of the mouse, fix the mouse, limit the range of mouse activities, the mouse doesn't listen to commands, record keystrokes (recording passwords online requires a deep understanding of hook technology, such as keyboard hooks and mouse hooks), and steal. ......

Write a trojan horse?

Pilfer date trojan ~ ~ ~ Landlord, this is not a fun thing, but for the sake of high reward, I will tell you. You can send WM_GETTEXT through SendMessage to get the value in the password box, and we can use this to intercept the password. Use timer control to monitor QQ. Use the method of search window (EnumWindows) to get all the window titles (GetWindowText), judge whether it is the title of "QQ user login", get the class name (GetClassName) of the sub-window (the control on the window) of QQ login window, then get the user name and password through boBox and edit it (send WM_GETTEXT through SendMessage to get the value). Because it is impossible to judge the occurrence of external key events, the password value can only be obtained continuously. The specific method is as follows: first, get the user name value, then get the password value continuously, and then judge whether the window title is the user name. If it is a user name, the last password value is the real password, and the program is completed. The first purpose of programming (1) is to avoid the waste of system resources and unnecessary errors caused by repeated program loading. Declare variables, procedures and API functions, and write them into the file module 1.bas. Declare the function to create a file mapping lib "kernel32 "alias" Create a file mapping inga" (byval hfile is long, Lpfilemapbigattributes is security _ attributes, Byval flprotect is long, byval dwmaximumsizehigh is long, byval dwmaximumsizelow is long, byval lpname is string) to create a new file mapping object.

Private declaration function closehandlelib "kernel 32" (byval h object as long) only needs' long' to close a kernel object.

Type safety attribute

N is the same length

LpSecurityDescriptor is long.

BInheritHandle is the same length.

End type

Const PAGE_READWRITE = 1

const ERROR _ ALREADY _ EXISTS = 183 & amp;

Establish and judge whether the program starts more processes.

Deputy General Manager ()

Dim ynRun As Long

Take the service agreement as a security attribute.

sa.bInheritHandle = 1

sa.lpSecurityDescriptor = 0

Length = length (sa)

ynRun = create file mapping(& amp; Hffffffff,sa,page _ readwrite,0, 128,app。 Title)' to create a memory-mapped file.

If (uh. Last teller error = error _ ready _ exists) If the specified memory file already exists, it will not exit.

Close the memory map file before exiting the program.

end

If ... it will be over.

End joint

(2) Real-time monitoring requires the program to start automatically when the system starts. Here, variables, procedures and APIs are declared by modifying the registry. ......

How is the Trojan horse compiled?

A typical worm virus has two functional components: propagation and destruction. Most popular worms exploit vulnerabilities in operating systems or applications (weak passwords and overflows are the most common), but they usually do not cause "fatal" damage to the host. These two characteristics make worms spread faster and have greater influence than ordinary computer viruses. Generally speaking, a single worm only attacks a specific vulnerability, so once this vulnerability is fixed in a large scale, the virus has no living space.

In order to update this design, I split the communication components: scanning, attack and destruction are all scripted, and the main program is responsible for parsing these scripts. For example, to scan ftp weak passwords, we can define the following scripts:

Code:

Uid = istocript-0a21-2331-x # random unique number.

Use tcp

Port 21;

Send "User Anonymous";

Send crlf

Send "via [email protection]"

Send crlf

If (looking for "200") the result is normal;

Next;

[Copy to Clipboard]

After parsing this script (I think this script is easy to read), we define a series of processes, upload our worm body, and a complete spread action is completed. If it is an overflow vulnerability, for the sake of simplicity, we can collect the remote overflow packet, then modify the necessary data such as ip address, and then forward the overflow packet for overflow (in this case, it is not easy to connect back, but some people will study these specific issues), such as:

Code:

Use raw

Ip offset at 12;

Send "\ x1a \ x2 \ xcc" ...

[Copy to Clipboard ]d

After the main program completes the propagation, it leaves a back door through which other hosts can spread scripts synchronously with local worms, so that every time a new vulnerability appears, the propagation mode of the host can be quickly upgraded. Of course, we will not just be satisfied with such a worm program, and the spreading process of scanning/attack scripts also needs to be handled carefully.

We want the script with the strongest adaptability to be widely used (it looks a bit like ant colony algorithm and ga), so we require the fitness of each individual. When it comes into contact with another individual, we can decide whose communication script will replace the other:

Fitness = number of infected hosts/number of scanned hosts.

But you can't modify the communication script just because of fitness. Personally, I think a suitable probability is 75%, 20% will keep their own communication scripts, and the remaining 5% will exchange scripts. In this way, under the condition of keeping a certain living space for each script, the individuals with the best adaptability will get more communication opportunities. At the same time, some scripts with poor adaptability in a certain network environment will also have the opportunity to try different network environments.

How is the Trojan horse program written?

Hello:

It is recommended that you do not write Trojan horse programs, which will cause damage to your computer and other people's computers. If you have written such unsafe software, for the safety of your computer, I suggest you use Tencent Computer Manager to carry out a comprehensive antivirus on your computer. Just turn on the anti-virus function in Tencent computer manager, and choose lightning killing or comprehensive killing. You can click here to download the latest version of Tencent Computer Manager: the latest version of Tencent Computer Manager.

Tencent Computer Manager Enterprise Platform: zhidao.baidu/c/guanjia/

How to make a Trojan horse program?

Writing a Trojan requires learning to program. It's best to write Trojan horses in vc++. Enet/Escool/Video/c++/ This is a c++ tutorial. After you learn these superficial things, go deep into kernel programming. If you can't open the above address, you can go here pconline/pcedu/empolder/gj/VC/0607/820674.

How to write a simple Trojan horse program?

Everyone is familiar with the term Trojan horse. Since 1998, the hacker organization "Worship the Dead Cow" announced Back Orifice, the Trojan horse thundered like the ground, which made China netizens who grew up in the Dos——Windows era wake up from the colorful dreams of the network, and finally realized that the network also had its evil side, which made people panic for a time.

At that time, I saw an article in Computer News to the effect that a rookie was controlled by Bo, and he was so scared that he couldn't eat, sleep, surf the Internet and ask for help everywhere! You know, Troy has a long history: as early as&; T Unix and BSD Unix are very popular. Trojan horse is written by some young people (mainly Americans) with high level of playing programs (mainly C) in C or Shell language, which is basically used to steal the password of logging in to the host computer to gain higher authority. At that time, Trojan horse's main method was to cheat-modify yours first. Archival documents and implantation of Trojans; When logging in, save the password characters entered into a file and send them to the attacker's mailbox in the form of e-mail. Most young people in China grew up under the influence of pirated Dos, so they are unfamiliar with the Internet. Until the birth of Win9x, especially the popularity of WinNt, it greatly promoted the development of the network industry. After three years, the BO, which looks a little simple or even rough (even the process can be seen in the "close program" dialog box of Win9x), gave great shock to the people at that time, and it can be said that it is an epoch-making software for network security in China.

Writing about your own Trojan horse sounds cool, doesn't it? ! Trojan horse must be composed of two parts-server program and client program. The server is responsible for opening the way to attack, just like a spy. Clients are responsible for attacking targets, and they need a certain network protocol to communicate (generally TCP/IP protocol). In order to let everyone know more about Trojan horse attack technology and get rid of the mystery of Trojan horse, I will briefly talk about the technology of writing Trojan horse, and write an example of Trojan horse by the way, so that everyone can better prevent and kill all kinds of known and unknown Trojan horses.

The first is the choice of programming tools. At present, the popular development tools are C++Builder, VC, VB and Delphi. Here we choose C++Builder (hereinafter referred to as BCB). Although VC is good, but the GUI design is too complicated, in order to better highlight my example and focus on the basic principle of Trojan horse, we chose visual BCB;; ; Delphi is also good, but the defect is that it can't inherit the existing resources (for example, the BO2000 source code published by the "dead cow worship" hacker group is written by VC and can be seen everywhere on the Internet); VB, don't mention it-didn't you give the victim a dynamic link of 1 mega to library-Msvbvm60.dll?

Start Enterprise Edition of C++Builder 5.0, create a new project, and add three VCL controls: one is Server Socket in Internet page, and the other two are NMFTP and NMSMTP in Fastnet page. The function of server socket is to make this program a server program, which can serve the outside world (open the door for attackers). Socket first appeared on Unix, and later Microsoft introduced it to Windows (including Win98 and WINNT). The latter two controls are used to make the program have FTP (File Transfer Protocol) and SMTP (Simple Mail Transfer Protocol) functions. As we all know, they are controls that enable software to upload and download functions and send emails.

The shape is visible, of course, incredible. Not only does it take up a lot of space (a form alone is as big as 300K), but it also makes the software visible, which has no effect at all. Therefore, when actually writing Trojan horses, you can use some skills to make the program not contain forms, just like Delphi's small programs realized by processes are generally only about 17K.

We should make our program invisible first. Double-click the form, and first add something to the FormCreate event that can hide the Trojan horse in Win9x's Close Program dialog box. ......