एᇀఢகڦ෇ൔᇑݞݔ

෸൫Ljጐ߂ᄂጟൣ෸൫Lj፞ᆪ෗߂ᆐU s p k b oă໚۾࿽௓ဵ

ᆐ೫ྜྷ༪ৈཽ࢟ฎݣ߲ሚࡼLj෸൫Ᏼ࢟ฎ৔ᔫࡼဟ઀ဵ੪፜܎

ࡼLjݙ્Ᏼ࢟ฎࡼື෵࿟መာྀ߲ੜ੩૭ă۾ᐺ࠭෸൫ࡼ૥۾

Ꮗಯྜྷ၄Lj஠ऎ೫ஊ෸൫ࡼ௥ᄏ৕ૣਭ߈Ljጲᔪࡵᎌ቉࢐ऴप

෸൫ă

Ԩ ቤ ڞ ܁

ڼ!6!ቤ

ዘۅ঄঴

෸൫ࡼᏇಯ ᒈྜྷ෸൫

ޟ୅෸൫৕ऴဣಿ

5.1 ෸൫৕ૣᏇಯ

༬ ஍ ᅉ ఢ க ( ᅜ ူ ० ׬ ఢ க ) Ljᆈ ࿔ ঢ ፔ ĐTrojan horseđLjഄఁ׬ൽጲထજหࣆڦ༬஍ᅉఢ கऻă໲๟ኸཚࡗᅃ܎༬ۨڦײႾDŽఢகײႾDž ઠ੦዆ଷᅃ໼ऺ໙ऐăఢகཚ׉ᆶଇ߲੗ኴႜײ Ⴞǖᅃ߲๟ਜ਼ࢽ܋Ljन੦዆܋Ljଷᅃ߲๟ޜခ܋Lj नԥ੦዆܋ăఢகڦยऺኁྺକݞኹఢகԥ݀

၄Ljܸ֑ᆩܠዖ๮܎ᆆ֠ఢகăఢகڦޜခᅃڋ ሏႜժԥ੦዆܋૶থLjഄ੦዆܋ॽၛᆶޜခ܋ڦ ٷևݴ֡ፕ඄၌Lj૩සߴऺ໙ऐሺे੨ସLj៓બĂ ᅎۯĂް዆Ă෸أ࿔ॲLjႪ߀ጀ֩՗Lj߸߀ऺ໙ऐ ದዃڪă

ఢக๟ᅃዖएᇀᇺײ੦዆ڦ࢒ਜ਼߾ਏLjਏᆶ ᆆԸႠࢅݥ๲඄Ⴀڦ༬ۅă໯࿍ᆆԸႠ๟ኸఢக ڦยऺኁྺକݞኹఢகԥ݀၄Lj֑ࣷᆩܠዖ๮܎

ᆆ֠ఢகLjኄᄣޜခ܋न๑݀၄ߌකକఢகLjᆯ ᇀփీඓۨഄਏ༹࿋ዃLjྫྫኻీྭĐகđ႗༒ă

໯࿍ݥ๲඄Ⴀ๟ኸᅃڋ੦዆܋ᇑޜခ܋૶থࢫLj ੦዆܋ॽၛᆶޜခ܋ڦٷևݴ֡ፕ඄၌LjԈઔႪ ߀࿔ॲLjႪ߀ጀ֩՗Lj੦዆຋ՔLj॰ಎڪڪLjܸኄ ၵ඄૰ժփ๟ޜခ܋ޯᇎڦLjܸ๟ཚࡗఢகײႾ

൒ൽڦă

ٗఢகڦ݀ቛઠੂLjएԨฉ੗ᅜݴྺଇ߲

঩܎ǖ

ፌ؛ྪஏ࣏تᇀᅜUNIXೝ໼ྺዷڦ้೺Lj ఢக৽ׂิକLjړ้ڦఢகײႾڦࠀీ၎ܔ० ڇLjྫྫ๟ॽᅃ܎ײႾഴ෇ڟဣཥ࿔ॲዐLjᆩཌ ገኸସઠኴႜᅃၵఢகڦࠀీLjሞኄ้߲೺ఢக ڦยऺኁࢅ๑ᆩኁٷۼ๟ၵरຍටᇵLjՂႷਏԢ

၎ړڦྪஏࢅՊײኪ๎ă

ܸࢫໜጣWindowsೝ໼ڦනᅮ೵तLjᅃၵए ᇀ཮ႚ֡ፕڦఢகײႾ؜၄କLjᆩࢽহ௬ڦ߀

฀Lj๑๑ᆩኁփᆩۮ໿ܠڦጆᄽኪ๎৽੗ᅜຄଁ

ڦ֡ፕఢகLj၎ܔڦఢக෇ൔ๚ॲᄺೕݏ؜၄Lj

ܸ൐ᆯᇀኄ้߲೺ఢகڦࠀీᅙන൵ྜ฀Ljᅺُ

ܔޜခ܋ڦ೦࣋ᄺ߸ٷକă

໯ᅜ໯ఢக݀ቛڟৃཀLjᅙঢ়࿮໯փᆩLjᅃ ڋԥఢக੦዆Ljేڦۉసॽࡹ࿮௞௢੗ჾă

5.1.1 ఢகڦݴૌ

ሞ঻ถఢகڦݴૌኮമံੂੂఢகڦࠀీă 1. ఢகڦࠀీ

ఢகࢅթ۾ۼ๟ᅃዖටྺڦײႾLjۼຌᇀۉ సթ۾Ljڍ໲்ᄺᆶ൶՚Ljఢகڦፕᆩ๟؆஋஋

ڦཧཧ॔๫՚ටࢅڣ൒՚ට௢ஓ,ຕ਍ڪLjසڣ൒

࠶૙ᇵ௢ஓĂጱྪ௢ஓߟ೦࣋Ljईኁཧ൒ฉྪ௢

ஓᆩᇀ໲ᆩLjᆴဥቭࡽĂࠣ೑ቭࡽĂฯ዁ྪฉᆀႜ Norton AntiVirusڪăײႾ෫๮ఢகڦࠀీ৽๟࠲

ԿܔݛऐഗฉሏႜڦኄૌײႾLjඟഄఢக߸ࡻں

ݔăᇀ๟Ljᇑᅃӯڦఢக၎ݒLjݒڑ܋੨႙ఢக

ॲॠֱጲमڦ܋੨Lj݀၄ૌຼTCP UserIP:1026 ControllerIP:80ESTABLISHEDڦ൧઄Ljฎྲ຀ࢮ

ᆆ֠ཚრLjඪࢆఢகሏႜࢫۼᄲࢅ߿ऍኁ৊

ेሜኮ໯Ljߋ੺ॠֱᅃူLjᆶ๊஺ײႾሞഄူǖ

˄˅೼$XWRH[HFEDW੠&RQILJV\VЁࡴ䕑䖤㸠 ሞCಎߵణ୤ူڦኄଇ߲࿔ॲᄺ੗ᅜഔۯ Folders Startup=đc:\windows\start menu\programs\

startupđă

WINDOWS\SYSTEM\ SYSEXPLR.EXE%lđăኄ ᄣLjᅃڋມऍᅃ߲TXT࿔ॲLjᇱԨᆌᆩNotepadٶ

4.1.3 ఢக๟සࢆํแ߿ऍڦ

ऍኁ૧ᆩᅃ߲༬๺ڦANI࿔ॲLj៓બڟኄ߲ANI࿔

ॲ้Ljဣཥࣷጲۯူሜ߿ऍپஓኸۨڦܱᅪ෉ॲ

ኲ෇ఢகڦݛ݆ă

1. ૧ᆩࠌၛࢅAutorun࿔ॲ

ྺକბသࢅ߾ፕݛՍLjᆶႹܠბၯईࠅິڦ ਆᇘྪዐࣷॽᆘಎࠌၛ؜ઠă߸ᆶฯኁLj৩ॽగ ၵᆘಎࠌၛยྺ੗ႀLjኄᄣ๟ݥ׉ླ၃Lj՚ට੗

ᅜ঺ُߴేူఢகƽ૧ᆩఢகײႾ঳ࢇAutorun.

inf࿔ॲ৽੗ᅜକăݛ݆๟ӝAutorun.infࢅದዃࡻ

ڦఢகޜခ܋ᅃഐް዆ڟܔݛDಎڦߵణ୤ူLj ኄᄣփႴܔݛሏႜఢகޜခ܋ײႾLjኻႴ໱ມऍ ࠌၛڦىಎ཮Ք৽ࣷ๑ఢகሏႜă

໲ڦᇱ૙๟ኄᄣڦLjཚ׉֭෇࠼ಎLj໲ࣷጲ ۯሏႜLjኄ๟ᅺྺሞ࠼ಎߵణ୤ူᆶ߲Autorun.

inf࿔ॲLj޿࿔ॲ੗ᅜਦۨ๟ޏጲۯሏႜഄዐڦײ ႾăཞᄣLjසࡕᆘಎڦߵణ୤ူ٪ሞ޿࿔ॲLjᆘಎ ᄺ৽ਏᆶକAutoRunࠀీLjनጲۯሏႜAutorun.inf

࿔ॲዐڦాඹă

ӝఢக࿔ॲ.exe࿔ॲᅜतAutorun.infݣሞ ىಎߵణ୤DŽኄ૛्ยܔݛڦDಎࠌၛ؜ઠ൐

੗ႀDžLjܔᇀߴేူఢகڦටઠຫLj໱࣏ࣷႪ߀ Autorun.inf࿔ॲڦຌႠLjॽ޿࿔ॲᆆ֠ഐઠăኄ ᄣLjړᆶටມऍኄ߲ಎޙLjײႾ৽ሏႜକăኄᅃቲ ܔᇀঢ়׉ມऍಎޙ৊෇Đ࿢ڦۉసđڦටྰၾፌ ٷă߸৊ᅃօLj૧ᆩᅃ߲.REG࿔ॲࢅAutorun.inf

঳ࢇLj࣏੗ᅜඟే໯ᆶڦᆘಎۼࠌၛ؜ඁገ࣑ྺ

autorun.pif߭๕ఢகă

2. ӝఢக࿔ॲገ࣑ྺBMP߭๕

ኄዖݛ๕๟ӝEXEገࣅׯྺBMPઠ೻್ዐ

۾ኁăഄᇱ૙๟ǖBMP࿔ॲڦ࿔ॲཀྵᆶ54߲ጴবLj

Ԉઔ׊܈Ă࿋ຕĂ࿔ॲٷၭĂຕ਍൶׊܈ăኻᄲሞ E X Eڦ࿔ॲཀྵฉेฉኄ54߲ጴবLjIE৽ࣷӝ޿

EXE࿔ॲړׯBMP཮ೌူሜူઠăᆯᇀኄᄣፔ؜

ڦ཮ೌ๟ࢾڦLjྺݞኹੂ؜ઠLjူఢகኁࣷሞഄ

ྪᄻዐे෇ᅃၵ༬๺ڦپஓLjӝኄᄣڦՔധेڟ

ྪᄻ૛Lj৽ੂփ९཮ೌକLjᅺُ৽࿮݆݀၄ኄ߲

Đ཮ೌđփܔ৒ă

!݀၄!CNQ!ఢக༵๖

ഔۯIE៓બഗࢫLjIEࣷӝ཮ೌጲۯူሜڟIE ଣ้ణ୤ዐLjܸူఢகኁኻႴᆩᅃ߲JavaScript࿔

ॲሞڦᆘಎዐႀᅃ߲VBS࿔ॲLjժሞጀ֩՗ཁे

ഔۯၜLj૧ᆩఫ߲VBSቴڟBMPLjۙᆩdebugઠ࣏

ᇱEXELjፌࢫLjሏႜײႾྜׯఢகኲ෇Lj࿮ำ࿮တ ݥ׉ᆆԸă

Ğӄ૩5-1ğ૧ᆩExe2bmpײႾӝఢக࿁ጎ ׯ཮ೌํ૩

Tufq!2!ሏႜfyf3cnqײႾ

Tufq!3!჋ስ཮ೌ!ิׯఢக

Step 1 ሏႜexe2bmp1.0ײႾLjഄዷহ௬සူă

Tufq!4!ิׯڦఢக࿔ॲ

ۡڦᆩࢽዐఢகăInternet Explorer 5.0Ă5.01Ă5.5਩

٪ሞ޿୑۴Lj׉ᆩڦྲ෉ᆰॲਜ਼ࢽ܋෉ॲOutlook Express 5.5 SP1ᅜူӲԨᄺ٪ሞُ୑۴ă

ཚ׉ူఢகڦටLjࣷ዆ፕᅃހ༬ۨ߭๕ڦ xxxx.doc+xxxxx.exe newdoc.docӝኄଇ߲࿔ॲࢇ

ժሞᅃഐDŽሞWord࿔ڗ఍࿂े෇ఢக࿔ॲDžLjኻᄲ

՚ටڇऍኄ߲໯࿍ڦWo r d࿔ॲ৽ࣷዐఢகăྺ

VBఢகՎዖUBJࢫܔOffice࿔ڗ೦࣋ၳࡕă

5. ཚࡗScriptĂActiveXतASPĂCGI঍ࢻগ Ԩڦݛ๕ኲ෇

వ݀၄ăසူ཮໯๖LjӝRundll.dll ࿁ጎׯRundl1.

Step 2 Ӧݬq༪႔r̟૆ē༪႔ྑಓю෍ଫԅ

ઁ৴d௶܊ၼӦݬqಓюr̟૆ēඔವ qᅧܰ෻Θrԉ໰๯d

dllLjexplorer.exe ࿁ጎׯexp1orer.exeă

2NJӝጲमࢅഄ໲࿔ॲ઒ӿሞᅃഐ

ኄዖ࿁ጎ๮܎๟ॽఢக઒ӿڟᅃ߲Ҿጎײ ႾฉLjړҾጎײႾሏႜ้Ljఢகሞᆩࢽࡹ࿮ִਥ ڦ൧઄ူLjཧཧں৊෇କဣཥăԥ઒ӿڦ࿔ॲᅃ ӯ๟੗ኴႜ࿔ॲDŽनEXELjCOMᅃૌڦ࿔ॲDžă૩ සLjӝఢகޜခ܋ࢅగ߲ᆴဥ઒ӿׯᅃ߲࿔ॲ૧ ᆩQ Qईۉጱᆰॲ݀ߴ՚ටLjሏႜࢫࣷੂڟᆴဥ ײႾኟ׉ٶਸLjඐփኪఢகײႾᅙঢ়ൂൂሞࢫ໼

ሏႜକLjኄᄣፕܔᅃӯටڦ௚उႠ࢔ٷLjܸ൐न ๑໱ᅜࢫዘጎဣཥକLjසࡕ໱ڦဣཥዐ࣏ԍ٪କ ఫ߲ĐᆴဥđڦࣆLj৽ᆶ੗ీምْዐቲăఢகײႾ ኄᄣڦ࿁ጎ࢔׉९Ljᆩઠ઒ӿڦ߾ਏᄺ࢔ܠLjස exe࿔ॲ઒ӿऐExeBindڪLj޿ૌײႾ੗ᅜॽኸۨ

ڦ࢒ਜ਼ײႾ઒ӿڟඪࢆᅃ߲࠽ྺدխڦඤோ෉

ॲฉLj๑ዷײႾኴႜ้LjसิײႾDŽ࢒ਜ਼ײႾDžᄺ ሞࢫ໼ԥኴႜăړేምْฉྪ้Ljేᅙঢ়ሞփኪ փਥዐԥ੦዆ዿକLjܸ൐໲ኧ׼ܠዘ઒ӿăํा

ฉ๟ཚࡗܠْݴߪ࿔ॲLjܠْٗ޴৊ײዐۙᆩጱ

৊ײઠํ၄ڦă

Ğӄ૩5-2ğॽఢகᇑഄ໲෉ॲ઒ӿ

EXE઒ӿऐ੗ᅜॽଇ߲੗ኴႜ࿔ॲDŽEXE࿔

ॲDž઒ӿׯᅃ߲࿔ॲLjሏႜ઒ӿࢫڦ࿔ॲڪᇀཞ

้ሏႜକଇ߲࿔ॲă໲ࣷጲۯ߸߀཮ՔLj๑઒ӿ ࢫڦ࿔ॲࢅ઒ӿമڦ࿔ॲ཮ՔᅃᄣLjੂփ؜Վ ࣅLjժ൐੗ᅜጲۯ෸أሏႜ้ڞ؜ڦଣ้࿔ॲă

Tufq!2!ٶਸ!FYF઒ӿऐ

Tufq!3!჋ስڼ2߲࿔ॲ

Tufq!4!჋ስڼ3߲࿔ॲ

Tufq!5!ኸۨԍ٪ୟ০

Tufq!6!ਸ๔઒ӿ

Step 3 ӦݬqຏྡྷϤr̟૆ēӰѻqᄗՇԛ֝

ّࢶᄓ໻ำߑrғࣇē༪႔ԛّ֝ྑᄓ

໻ԅำߑd

Step 1 ၮ໻EXEࣱ͞ݯēӕࢗୣЀᆴ࠘ੋd

Step 2 ӦݬqຏྡྷϤr̟૆ēၽӰѻqᄗՇԛ

ྡྷّᄓ໻ำߑrճܥࣟᄯӦݬqԤݬუ

ऺ ᄗՇԛྡྷّࢶᄓ໻ำߑr̟૆ē༪႔ ԛྡྷّྑᄓ໻ԅё༝d

Step 4 Ӧ ݬ q ຏ ྡྷ Ϥ r ̟ ૆ ē Ӱ ѻ q ͬ Ӊ ำ

7NJ૧ᆩWinRar዆ፕׯጲ๥ݣ࿔ॲ

ኄ ዖ ࿁ ጎ ݛ ݆ Lj๟ ӝ ఢ க ޜ ခ ܋ ײ Ⴞ ࢅ

๕Lj૧ᆩᇺײ֭෇၍ײरຍLjഴ෇dll၍ײăईኁࠬ ܠڦ۫ဇ੗ᅜׯྺఢகڦدխ঻ዊLjJava ScriptĂ VBScriptĂActiveX.XLMčबࢭWWW௅ᅃ߲ႎ

ڦݛ݆ᄺփీ೻್࿮໯փ९ڦAdministratorăሞ

ఢக૶থॺ૬ࢫLj੦዆܋܋੨ࢅఢகײႾ܋

੨ኮक़৽ॽࣷ؜၄ᅃཉཚڢă

ኄ้ࢪLj੦዆܋ฉڦ੦዆܋ײႾ৽੗ᅜ঺ጣ ኄཉཚڢᇑޜခ܋ฉڦఢகײႾൽڥ૴ဣLjժཚ ࡗఢகײႾܔޜခ܋৊ႜᇺײ੦዆କă

ఫ஺Ljఢக੦዆܋੗ీᆶనၵݛ௬ڦླ࡞

఼Ǜኄ૛փݟም༌༌ఢக੦዆܋ీၛᆶڦ੦዆

඄၌Ljᅃᅃଚਉසူǖ 1.൒ൽ௢ஓ

ᅃൎᅜ௽࿔ႚ๕Ljई࣐٪ሞCacheዐڦ௢ஓ ۼీԥఢக኎֪ڟLjُྔ࢔ܠఢக࣏༵ࠃᆶ॰ಎ

ऻ୤ࠀీLj໲ॽࣷऻ୤ޜခ܋௅ْുऍ॰ಎڦۯ ፕLj໯ᅜᅃڋᆶఢக෇ൔLj௢ஓॽ࢔ඹᅟԥ൒ൽă

2.࿔ॲ֡ፕ

੦዆܋੗ᆯᇺײ੦዆ܔޜခഗ܋ڦ࿔ॲ৊

ႜ෸أĂႎॺĂႪ߀ĂฉدĂူሜĂሏႜĂ߸߀ຌႠ ڪᅃဣଚ֡ፕLjएԨࡥ߃କWindowsೝ໼ฉ໯ᆶ ڦ࿔ॲ֡ፕࠀీă

3.Ⴊ߀ጀ֩՗

੦዆܋੗ඪᅪႪ߀ޜခഗ܋ጀ֩՗LjԈઔ෸

أĂႎॺईႪ߀ዷ॰Ăጱ॰Ă॰ኵăᆶକኄၜࠀీLj ੦዆܋৽੗ᅜ্ኹޜခ܋෉ൻĂ࠼ൻڦ๑ᆩLj໮

ዿޜခ܋ڦጀ֩՗Ljॽޜခ܋ฉڦఢகڦة݀ཉ ॲยዃڥ߸ᆆԸڦᅃဣଚߛप֡ፕă

4.ဣཥ֡ፕ

ዷᄲԈઔዘഔई࠲Կޜခ܋֡ፕဣཥLj܏ਸ ޜခ܋ྪஏ૶থLj੦዆ޜခ܋ڦ຋ՔĂ॰ಎLj॔๫

ޜခ܋ጞ௬֡ፕLjֱੂޜခ܋৊ײڪLj੦዆܋ฯ

዁੗ᅜໜ้ߴޜခ܋݀ໃ႑တă

5.3.2 ෢௮Ҿጎఢகڦۉస

ᄲၙํ၄ఢக႑တڦݒઍLj৽ႴᄲሞҾጎྜఢ கޜခഗײႾኮࢫLj૧ᆩ޿ఢகڦਜ਼ࢽ܋ײႾઠݡ

࿚ణՔऺ໙ऐLjᅜൽڥԥ߿ऍኁڦ߳ዖ႑တຕ਍ă ሞݡ࿚ఢகޜခഗײႾኮമLjᅃӯۼᄲံ৊

ႜ໇໭ăူ௬ධ඗ᅜĐգࢋđྺ૩Ljܔසࢆݡ࿚ణ Քऺ໙ऐ৊ႜᅃၵຫ௽ă

Ğӄ૩5-3ğ໇໭ߌකକգࢋڦऺ໙ऐ

Tufq!2!ሏႜĐգࢋđਜ਼ࢽ܋ײႾ

Tufq!3!໇໭ߌකĐգࢋđڦऺ໙ऐ 7626܋੨๟գࢋఢகఐණٶਸڦ܋

੨Ljړ඗࢒ਜ਼ሞยዃ้ᆶ้ᄺࣷႪ ߀ኄ߲܋੨LjଷྔLjഄ໱ఢக੗ీ

๟ ๑ ᆩ ഄ ໲ ڦ ܋ ੨ Lj ෢ ௮ ้ Ⴔ ᄲ

෢ ௮ ၎ ᆌ ܋ ੨ ă ኵ ڥ ᅃ ༵ ڦ ๟ ᄲ

෢௮ኝ߲I Pں܎၂඗ݯ้ݯ૰Ljᅃ ӯ ઠ ຫ ੦ ዆ ܋ ۼ ๟ ံ ཚ ࡗ ႑ တ ݒ ઍइڥޜခ܋I Pں኷Ljᆯᇀծࡽฉ

ྪڦI P๟ۯༀڦLjनᆩࢽ௅ْฉྪ

ڦI Pۼ๟փཞڦLjڍ๟ኄ߲I P๟ሞ ᅃۨݔྷాՎۯڦLj཮ዐBऐڦI P

๟202.102.47.56Ljఫ஺BऐฉྪI P ڦՎۯݔྷ๟ሞ202.102.000.000ڟ 202.102.255.255ኮक़Lj໯ᅜ௅ْ੦዆

܋ኻᄲ໇໭ኄ߲I Pں኷܎৽੗ᅜቴ ڟBऐକă

ঞ ే ᅃ ቲ

໇໭঳ࡕ

Step 2 Ӧݬᅖ࠘ੋ౨ԅqᆑՎദൌr̟૆ēݧ

༪ ႔ q ำ ߑ » ᆑ Վ ദ ൌ r ϲ Ӧ ē ӕ ࢗ ԅ q ദ ൌ ޙ സ ݯ r ճ ܥ ࣟ d ၽ q ദ ൌ ޙസݯrճܥࣟᄯ೛దӠദൌԅIPԙᄖ խcժࣇۜۤನཛྷēӦݬqࢗಳദൌr

̟ ૆ އ ࢶ ᆑ Վ ࠩ ໻ ദ ൌ d ദ ൌ ࠒ ڴ ມ ವ ၽ ୣ ဗ Ψ ԅ ำ · ࣟ ᄯ ē ୣ ມ ವ ٌ ಴ นqᅱൟ:I PԙᄖrdॹζᄯᅱൟนO K ԅIPԙᄖēއζವث௹ॴς۪ઁ৴ԅޙ സݯdၽ؞ಬैᄯแਬദൌӾIPԙᄖน q192.168.0.100rۤq192.168.0.24r०

൛ᅖݯd

5.3.3 ॺ૬ణՔऺ໙ऐఢகڦ૶থ

ሞྜׯฉ௬໯ຎڦ໇໭ᅜࢫLj৽੗ᅜᇑణՔ

ऺ໙ऐڦఢகޜခഗॺ૬૶থକLj൩ጀᅪLjՂႷ

๟ࢅ੗ᆩڦऺ໙ऐ֍ీ૶থLjޏሶփీ૶থLjူ

཮ྺգࢋڦ֡ፕহ௬LjႴᄲሞĐړമ૶থđዐ჋ስ

໇໭ڟޙࢇᄲ൱ڦIPں኷Lj඗ࢫ๼෇ݡ࿚੨ସLjኄ ᄣ৽੗ᅜྜׯକణՔऺ໙ऐڦ૶থă

ฉຎݛ݆๟ሞփኪڢణՔऺ໙ऐIPں኷ڦ൧

઄ူ๑ᆩڦLjසࡕᅙঢ়ኪڢణՔऺ໙ऐIPں኷ᅜ तݡ࿚௢ஓăժ൐ኪڢକ໲ڦݡ࿚௢ஓLjఫ஺Lj৽

੗ᅜ኱থॽ޿ణՔऺ໙ऐཁेڟਜ਼ࢽ܋ዐକă Ğӄ૩5-4ğ૧ᆩգࢋ੦዆ۉస

ူ௬ઠੂᅃူ኱থཁे዁Đգࢋđڦऺ໙ऐ ڦ֡ፕօየǖ

Step 1 ၽᅖғࣇᄯᄐࠄӦݬ̟૆ ݧၽϲӦ༪ ႔qࢗಳ|චަᅖݯr੡গēߜӰѻqච

ަޙസݯrճܥࣟd

Step 2 ࡬ճܥࣟඔವ೛దqມವ੠ыrēqᅖ ݯԙᄖrďއંγޙസݯԅIPԙᄖĐྻ

ރq׀ูࣇগrԉઝఘēᆫ܊Ӧݬq௲ Շr̟૆܊ē࡜ࢶྻࢡӾუّIPԙᄖē

ྸ ࠼ ΄ ච ަ Ӿ q ς ۪ r ࢺ ܜ ժ ё ༝ ԅ qำߑڕस୶r༪ົ࢕ᄯॴd

Step 1 ၮ໻qς۪rࢺܜժё༝ēୣᅖ࠘ੋd

Step 3 ദൌࠒ೯܊ӦݬqڑΞr̟૆ēֲݍӾ ᅖ࠘ੋēუನำߑڕस୶ᄯᆑՎݖມವ ദൌࠒڴᄯᅱൟนOKԅᅖݯd

Step 4 დӾંγޙസݯ܊ē࡜ࢶྻॆဈς۪ઁ

৴ࣅᄥუ൛ޙസݯॴdς۪ઁ৴ટٴಬ ຣАࢡંγݯ୶ԅୀ੾ēᆑՎٕᆖୀ੾

έܤēޚৃْᄵࣇগ໰๯ēݦ௜ຂහ໰

๯ēຫᄥຂහٟટēЀᆴำߑē༉؟ᅟ Јζē֟ഢ໰๯ԉٟટd

ദ ൌ ޙ സ ݯ ਤ ұ ᄚ ટ ճ ྡྷ ّ ժ ࣇ

ۜ ࠩ ໻ ദ ൌ ē ఢ ڴ ᄑ ద ς ۪ ನ ༪ ႔ ԅ ୣ ൑ ժ ࣇ ۜ ē ᆑ Վ ദ ൌ ಾ ޿ ЉϢӾԅd

ঞ ే ᅃ ቲ

5.4 ޟ୅෸൫৕ऴ

1. BackOri¿ce 2000ఢக

B a c k O r i f i c e 2 0 0 0๟ୁႜ࢔࠽ڦB a c k ඪᅪ࿔ॲڪă໯ᅜBack Orifice 2000๟೦࣋૰ट ٷڦᅃዖఢகթ۾ă

ມऍBO2K॔੦ײႾĐbo2kgui.exeđ࿔ॲLjઠ ڟBO2Kڦਜ਼ࢽ܋হ௬ă

໲ڦޜခഗଚ՗ࢅޜခഗంସ੗ᅜඪᅪཱྀ

ጅĂፇࢇăਜ਼ࢽ܋ڦԝৠᄺᆶాۨ჋ၜ༵ࠃă

˄˅%2.ⱘ᥻ࠊ᪡԰

BO2Kڦ੦዆֡ፕࢅᅃӯڦఢக੗๫ࣅ੦዆

փཞLj໲ڦ֡੦߸ၟDOSڦ֡ፕLj໯ᅜߑথة้

ᄺႹࣷਥڥ࢔ன඗ă

!CP3L!֡ፕহ௬

˄˅%2.ⱘẔ⌟੠⏙䰸

B O2Kڦᇱ૙ഄํ࢔०ڇLj৽๟ᇺײک୤ժ ੦዆ۉసڦ෉ॲ߾ਏăBO2K๟ሞۉసഔۯࢫጲ ۯኴႜڦޜခഗײႾLjఫ஺ፌ०ڇڦݛ݆৽๟ॽ ጲۯኴႜڦBO2KޜခഗײႾ෸ۖ৽੗ᅜକă

ံᄲॠֱWindows\SystemईኁWindows\

System32ణ୤ူ๟ޏᆶᅃ߲Đumgr32~1.exeđڦ࿔

ॲLjኄ߲࿔ॲڦ٪ሞՍپ՗BO2Kᅙঢ়৊෇ဣཥă փࡗ࢒ਜ਼੗ᅜ߸߀ኄ߲࿔ॲڦఁ׬Lj

໯ᅜፌࡻཚࡗॠֱ࿔ॲ׊܈ઠॠ֪LjBO2K ޜခഗ܋࿔ॲڦٷၭ๟114688ጴবLj݀၄၎ཞ׊

܈࿔ॲࢫᆩeditٶਸLjසࡕᆶĐBack Orificeđኄ߲

ጴޙز٪ሞLjఫ஺ဣཥ੝ۨԥBO2K෇ൔକă඗ࢫ ኻႴᄲ෸أኄ߲࿔ॲ৽ీӝBO2K෫أۖă

࣏੗ᅜཚࡗॠֱጀ֩՗ઠॠ֪BO2Kăᅺྺ

BO2KሏႜࢫࣷႪ߀ጀ֩՗૛ڦ႑တăBO2KႪ߀ ڦጀ֩՗සူǖ

[HKEY_LOCAL_MACHINE\SOFTWARE\

Microsoft\Windows\CurrentVersion\RunServices]

ĐUMGR32.EXEđ=ĐC:\\WINDOWS\\SYSTEM\\

UMGR32.EXEđ

෸أU M G R32. E X Eڦk e yኵࢫLj৽੗ᅜሞ Windowsጒༀူ኱থ෸umgr32.exeᇸ࿔ॲLjኄᄣ BO2K৽ԥൣأۖକă

2. ྪஏࠅ౥

ྪஏࠅ౥ᆼఁNetbull๟ࡔׂఢகLj޿෉ॲ੗

ᅜሞྪஏईኁ࿮ྪஏጒༀူྜׯܔޜခഗڦ੦

዆ăิׯޜခഗ࿔ॲࢫLjႪ߀࿔ॲఁ݀ໃߴ໱ට ሏႜ৽੗ᅜକă

ူ௬঻ถྪஏࠅ౥ڦ๑ᆩݛ݆ǖ

ມऍྪஏࠅ౥ڦਜ਼ࢽ܋ײႾPeep.exe࿔ॲLj

૶থڟዷش੨ă

˄˅䜡㕂᳡ࡵ఼

Tufq!2!჋ስยዃ

Tufq!3!჋ስޜခഗײႾ࿔ॲ

Tufq!5!ࠎ჋Đ઒ӿሏႜđ

Step 3 ຏੋ࡜ݖѻຣq׻๠୶ϵ೴ಁᄢrԅճ ܥࣟd

Step 4 ၽუऺࢶྻಁᄢS M T P׻๠୶ူࠄೌં

γຂහԅIPԙᄖēqࣱ͞ၮ໻rࢶྻԄ Ӿճֺ౨ฉԅՎൟIPԙᄖēൎྻྡྷՇྑ

ӕ٭dᆫ܊ӦݬqOKrēଅᄢ׻๠୶෻

юd

ኄ้ມऍbuildserver.exe࿔ॲࢫLjࣷิׯᅃ߲

ఁྺnewserver.exe࿔ॲLjٷၭྺ213KBăፌࢫኻႴ ᄲӝኄ߲࿔ॲ߀߀ఁጴLjժ๑ڥణՔဣཥሏႜኄ

߲࿔ॲLjړኄ࿔ॲሏႜࢫՍࣷጲۯՎׯcheckdll.

exe࿔ॲLjժยዃׯਸऐጲۯሏႜLj඗ࢫጲۯߴే

ڦ႑ၒ݀ᅃހټᆶړമဣཥIPں኷ڦ႑Ljኄᄣ৽

ڥڟକణՔဣཥڦIPں኷ă

˄˅ᅶ᠋ッⱘ䖰⿟ⲥ᥻

ړణՔဣཥሏႜକྪஏࠅ౥ޜခഗײႾࢫLj

৽੗ᅜ৊ႜܔഄዷऐڦ॔੦କă

Tufq!2!ٶਸྪஏࠅ౥॔੦হ௬

Step 1 ༪႔ϲӦqଅᄥ׻๠୶rຏԅqಁᄢr

੡গd

Step 2 Ӱѻqӕࢗrճܥࣟēუऺ༓ྑ༪႔׻

๠୶ё༝PeepServer.exeำߑ܊ēӦݬ qӕࢗr̟૆d

Tufq!3!ሺेዷऐ

Tufq!4!૶থዷऐ

Tufq!5!၂๖॔੦ዷऐ႑တ

Step 3 Ӱѻqॕࠄrճܥࣟēၽճܥࣟᄯ೛ద ᅖݯ੠ыྻރᅖݯԅIPԙᄖēᅖݯ੠ы ࢶྻ഻άໟēެಁᅖݯ੠ыಾpeep,ᅖݯ ԙᄖน98.91.100.101dॕࠄֺ಴น੯ఊ ԅnetworkd௶܊ӦݬqOKr̟૆d

Tufq!6!ంସ჋ၜ֓ڇ

Tufq!7!ᇑణՔဣཥॺ૬૶থ

Tufq!8!Đ੦዆໼đܔࣆ઀

Step 6 ຕ ྑ ူ ં γ ຂ හ ॕ ࠄ ē ༪ ᄯ ં γ ຂ හ

܊ēӦݬq੡গ༪ົrᄯԅqॕࠄr੡

গēॕࠄ܊ēၽຏֺݖѻຣॕࠄюٟԅ ඔವd

Step 1 ഀݬPeep.exeำߑēӕࢗ޳ࣅ࠘ੋd

Step 2 ӦݬqำߑrϲӦᄯq႙ަᅖݯr ༪

ົd

Step 4 უನֲݍࢺܜժ޳ࣅғࣇē޳ࣅःᄯά ݖມವӲ஍޳ࣅԅᅖݯ໰๯d

Step 5 ॕࠄ෻ю܊ē࡜ࢶྻճંγຂහࠩ໻Ѐ ᆴēუّٟટඹڶq੡গ༪ົrϲӦ෻

юd q੡গ༪ົr٫ပ๔ّ޳ࣅ੡গד ιಾġॕࠄďူ׻๠୶ॕࠄĐēծࢗॕࠄ ďူ׻๠୶ծࢗॕࠄĐēࣅᄥ൛ďટݦ௜

ંγຂහԅ໰๯Đēᘭऋ୶ďટٴᘭऋં

γຂහઝԅำߑຂහĐēϝݦୀ੾ďટٴ ࢡӾંγຂහӲ஍ୀ੾ԅઝఘĐd

Step 7 Ӧ ݬ q ੡ গ ༪ ົ r ᄯ ԅ q ࣅ ᄥ ൛ r ੡ গēάѻຣqࣅᄥ൛rԅճܥࣟd ኄ૛ࣷᆶ5߲჋ၜLjဣཥ႑တĂၩတĂ৊ײ࠶

૙Ăֱቴࢅޜခഗሞ၍Ⴊ߀ăሞĐဣཥ႑တđ჋ၜ ዐᆶ࿵߲Ӏ౧ă

ဣཥ႑တǖ੗ᅜ၂๖؜ణՔဣཥڦऺ໙ऐఁ

׬LjCPUૌ႙Lj֡ፕဣཥLjᆘಎLjా٪ٷၭڪă इൽ௢ஓǖీࠕ၂๖ణՔဣཥڦ࣐٪௢ஓă ዘഔऺ໙ऐǖ๑ణՔऺ໙ऐዘഔă

࠲Կऺ໙ऐǖ࠲ԿణՔऺ໙ऐă Կ໮ऺ໙ऐǖ໮ዿణՔऺ໙ऐă

Tufq!9!݀ໃၩတ

Tufq!:!৊ײ࠶૙

Tufq!21!ֱቴ࿔ॲ

Step 10 ӦݬqАდr༪ົ܊dၽუऺࢶྻАდ

ંγຂහᄯԅำߑdၽำ·ࣟᄯ೛దຸ

ྑАდԅำߑ੠ēྻރАდԅাࡅēၼ ӦݬqАდำߑr̟૆ēАდԅࠒڴ࡜

ݖၽຏੋԅำ·ࣟᄯມವѻࣿd Step 8 Ӧݬq່๯r༪ົ܊dၽუऺࢶྻၽำ

· ࣟ ᄯ ೛ ద γ ඕ ۤ ઝ ఘ ē Ӳ Ӧ ݬ q ֟ ഢr̟૆܊ēંγຂහ࡜ݖӰѻ່๯ճ ܥࣟē̼દຸҎӒԅ໰๯فᄉճֺd Step 9 Ӧݬqࠩёڕसr༪ົ܊dუऺࢶྻճ

ંγຂහԅࠩёࠩ໻Ѐࣅd

ඹڶqॹࡨࠩёr̟૆Аࢡંγຂහᄯ ԅ ൎ ပ ࠩ ё ē ω ပ ْ ّ ࠩ ё ԅ ື ຅ ໰

๯ēͧࣳࠩёۜdඹڶq౗҂ࠩёr̟

૆౗҂ࠩёēӲ௶ຕྑၽำ·ࣟᄯ೛ద

ຸྑ౗҂ԅࠩёۜd

ܮࢶྻඹڶqҗߙࠩёr̟૆ၽંγ ຂහᄯҗߙྡྷّ໭ԅࠩёēᄚ༓ྑٓѻ

໭ࠩёԅ੠ᆓd

ঞ ే ᅃ ቲ უऺൎഊԅqАდrēಾᄗၽંγ ຂහᄯА໻Аდd

Tufq!22!ሞ၍Ⴊ߀ޜခഗ

Tufq!23!֡ፕణՔဣཥዐڦ࿔ॲ

Step 12 Ӧ ݬ q ੡ গ ༪ ົ r ᄯ ԅ q ᘭ ऋ ୶ r ੡ গēӰѻqำߑڕस୶rғࣇdၽუऺ

ࢶྻճંγຂහᄯԅำߑࠩ໻ْᄵЀᆴ ఢӕࢗc౗҂cᄷ੡੠cΩހcำߑ౨ Ҏcำߑຏၻԉԉd

Step 13 ܮࢶྻඹڶqϝݦୀ੾rࣿճંγຂහ Ӳ஍ୀ੾ࠩ໻ϝݦdωඹڶq༪ົrᄯ q·ԙ೪γcߏ૭ပ໒r੡গࣿЀᆴં

γຂහd

˄˅㔥㒰݀⠯ⱘẔ⌟੠⏙䰸

ྪஏࠅ౥֑ᆩڦ๟࿔ॲ઒ӿࠀీLj੗ᅜࢅႹ ܠ࿔ॲ઒ӿሞᅃഐLj໯ᅜᄲൣأ໲၎ړઓవă

փࡗൣأ໲ඐᆶ࢔ܠݛ݆ă

Ɨ෸أྪஏࠅ౥ڦഔۯײႾCheckDll.exeLj ᅃӯሞC:\windows\systemణ୤ူLjፌࡻ኱থሞC ಎዐ໇໭CheckDll.exe࿔ॲă

Ƙᅜူ๟ྪஏࠅ౥ሞጀ֩՗ዐႪ߀ࡗڦब

߲ںݛă

[ H K E Y _ C U R R E N T _ U S E R \ S o f t w a r e \ M i c r o s o f t \ Wi n d o w s \ C u r r e n t Ve r s i o n \ R u n ] ĐCheckDll.exeđ=đC:\WinDOWS\SYSTEM\

CheckDll.exeđ

[ H K E Y _ L O C A L _ M A C H I N E \ S o f t w a r e \ Microsoft\Windows\CurrentVersion\RunServices]

ĐCheckDll.exeđ=đC:\WinDOWS\SYSTEM\

CheckDll.exeđ

[ H K E Y _ U S E R S \ . D E FA U LT \ S o f t w a r e \ M i c r o s o f t \ Wi n d o w s \ C u r r e n t Ve r s i o n \ R u n ] ĐCheckDll.exeđ=ĐC:\WinDOWS\SYSTEM\

CheckDll.exeđ

ӝኄၵkeyኵ෸أۖă

ƙྪஏࠅ౥઒ӿࠀీᄺᆶ໲ڦෑۅLjఫ৽๟

઒ӿࢫڦ࿔ॲ׊܈ࣷሺेLjӝኄၵ࿚༶࿔ॲ෸أ ࢫLjም࣬ްኄၵ࿔ॲ৽੗ᅜକăසࡕ๟ᅃၵ෉ॲLj ፌࡻ෸أዘጎă

5.4.2 ᇺײ੦዆Ⴀఢக

1.գࢋఢக

޿෉ॲዷᄲᆩᇀᇺײ॔੦Ljਏ༹ࠀీԈઔǖ

˄˅㞾ࡼ䎳䏾Ⳃᷛᴎሣᐩব࣪

ཞ้੗ᅜྜඇఇె॰ಎत຋Ք๼෇Ljनሞཞ օԥ੦܋ೡటՎࣅڦཞ้Lj॔੦܋ڦᅃൎ॰ಎत

຋Ք֡ፕॽݒᆙሞԥ੦܋ೡటDŽਆᇘྪ๢ᆩDžǗ

˄˅䆄ᔩ৘⾡ষҸֵᙃ

Ԉઔਸऐ੨ସĂೡԍ੨ସĂ߳ዖࠌၛጨᇸ੨ ସतਨٷܠຕሞܔࣆ઀ዐ؜၄ࡗڦ੨ସ႑တǗ

˄˅㦋প㋏㒳ֵᙃ

Ԉઔऺ໙ऐఁĂጀ֩ࠅິĂړമᆩࢽĂဣཥୟ ০Ă֡ፕဣཥӲԨĂړമ၂๖ݴՐ୲Ă࿿૙तஇड ىಎ႑တڪܠၜဣཥຕ਍Ǘ

˄˅䰤ࠊ㋏㒳ࡳ㛑

Ԉઔᇺײ࠲ऐĂᇺײዘഔऺ໙ऐĂ໮ۨ຋ՔĂ

໮ۨဣཥඤ॰त໮ۨጀ֩՗ڪܠၜࠀీ၌዆Ǘ Step 11 Ӧݬq׻๠୶ၽຬ༉؟r༪ົ܊dၽუ

ऺࢶྻၽຬ༉؟ฉ৮٤ૄԅS M T P׻๠

୶cժࣇۤંγဏັēၽำ·ࣟᄯඡۚ

ྑ༉؟ԅઝఘ܊ēӦݬqಁᄢಓ໒r̟

૆࡜ࢶྻॴd

˄˅䖰⿟᭛ӊ᪡԰

ԈઔظॺĂฉدĂူሜĂް዆Ă෸أ࿔ॲईణ

୤Ă࿔ॲუ໫Ă੺໏៓બ࿔Ԩ࿔ॲĂᇺײٶਸ࿔ॲ DŽ༵ࠃକ຺ዐփཞڦٶਸݛ๕ĊĊኟ׉ݛ๕Ăፌ ٷࣅĂፌၭࣅࢅᆆ֠ݛ๕Džڪܠၜ࿔ॲ֡ፕࠀీǗ

˄˅⊼ݠ㸼᪡԰

Ԉઔܔዷ॰ڦ៓બĂሺ෸Ăް዆Ăዘంఁࢅܔ

॰ኵڦ܁ႀڪ໯ᆶጀ֩՗֡ፕࠀీǗ

˄˅থ䗕ֵᙃ

ᅜ຺ዖ׉ᆩ཮Քၠԥ੦܋݀ໃ०܌႑တǗ

˄˅⚍ᇍ⚍䗮䆃

ᅜ଎ཀ๪ႚ๕ཞԥ੦܋৊ႜሞ၍঍༌ă

ٗᅃۨײ܈ฉ੗ᅜຫգࢋ๟ፌᆶఁڦఢக କLj৽૶ߑথةۉసڦᆩࢽᄺདຫࡗ໲ă໚඗Ⴙ ܠ෫۾෉ॲ੗ᅜֱ෫໲Ljڍࡔాධᆶबๆྤዐգ

ࢋڦۉస٪ሞăፕྺఢகLjգࢋظሰକፌܠට๑ ᆩĂፌܠටዐڑڦആगă၄ሞྪฉᆼ؜၄କႹܠ ڦգࢋՎዖײႾLjኄ૛঻ถڦ๟ഄՔጚӲLjቨ࿥

କසࢆൣأՔጚӲLjምઠܔ޲Վዖգࢋ৽࢔ඹᅟ କăգࢋڦহ௬v8.4ӲԨසူ཮໯๖ă

գࢋڦহ௬࢔०লLjᅃ߲ߛपఢக޿ᆶڦࠀ

ీۼᆶLjأକ཮ฉጀ௽ڦࠀీྔLjዷᄲࠀీ࣏ᆶ ੨ସऻ୤Ăጀ֩՗֡ፕĂۯༀIPᆰॲཚኪĂᇺײ࠲

ऐतፌ࠲॰ڦᇺײႂሜă

˄˅Āބ⊇āⱘՓ⫼

ሞമ௬ڦӄ૩ᅙঢ়঄঴କසࢆ૧ᆩգࢋ໇

໭ߌකĐգࢋđఢகڦऺ໙ऐLjժک୤޿ऺ໙ऐă

ူ௬ዘۅ঄঴ᅃူ૧ᆩգࢋ੦዆ۉసڦ֡ፕă

Ğӄ૩5-5ğ૧ᆩգࢋఢகֱੂణՔऐഗೡట

Tufq!2!ยۨ཮ၟ֖ຕ

Tufq!3!ֱੂܔݛೡట Step 1 ढ़ࠄюٟճֺޙസݯ܊dࢶྻඹڶӦݬ

ٝ࡮ः౨ԅqАࢡୀ੾r̟૆ēݧ༪႔ ϲӦົqำߑ»ϝݦୀ੾rēӰѻq෍

຾ϵ೴ಁՇrճܥࣟd

Step 2 ಁᄢ෍຾ٌ಴ēς۪ᄆћJPEGۤBMP० ᄵ෍ଫٌ಴dඹڶ෠Վဓγ༪႔෍຾ԅ

ౄಇۤଶᄩēဓγၠࢬဗ෍຾ၠூ๩ē ӬუನݖߦԎҎ೛മէdಁᄢ෻ю܊Ӧ ݬq௲Շr̟૆ēუನ࡜ࢶྻၽ໭ӕࢗ

ԅ q ෍ ຾ ມ ವ r ғ ࣇ ᄯ ࢡ Ӿ ճ ֺ ୀ ੾ ॴdუऺАࢡӾԅಾ೓ࣅᅖݯӲ஍ԅୀ

੾ࠉ෍ēಾྡྷّࡁൟԅܢੋdఢڴຸྑ

ճճֺୀ੾ࠩ໻Ѐᆴē࡜ྑဈӾς۪ԅ ࣅᄥୀ੾ԅٟટॴd

Tufq!4!ยዃဣཥӀ॰

Step 3 Ӧݬᅖ࠘ੋ౨ԅqࣅᄥୀ੾r̟૆ēݧ ඹڶӦݬᄓ໻qำߑr»qୀ੾ࣅᄥr

੡গēӰѻۤАࢡୀ੾ອලԅq෍຾ϵ

೴ಁՇrճܥࣟē̟ලྂԅֺ಴ಁᄢ෍

຾೫໿އࢶdಁᄢ෻ю܊Ӱѻԅqࣅᄥ

ୀ੾ғࣇrྙۤАࢡୀ੾ನອഛēᄚಾ

უನມವԅಾճֺԅಬನᅱൟēγඕः

౨ݖϢծԅມವqჾၽࠄೌ೴࡬nrԅ ᆓྂd

ྺٷॆీࠕܔೡట੦዆ࠀీेศᆇၡLjምઠ

ੂᅃ߲ӄ૩ă

Ğӄ૩5-6ğ૧ᆩգࢋఢகֱੂణՔዷऐ৊ײ ᆶᅃۨۉసएإڦ܁ኁ੗ీۼኪڢLjཞ้

Ӏူ॰ಎฉڦĞCtrl + Alt + Delğ੺য॰੗ᅜ ٶ ਸ ඪ ခ ࠶ ૙ ഗ ֱ ੂ ړ മ ኟ ሞ ሏ ႜ ڦ ײ Ⴞ ࢅ

৊ ײ ă੗ ๟ Ljգ ࢋ ڦ ဣ ཥ Ӏ ॰ ு ᆶ ༵ ࠃĐ D e l đ

॰Ljሹ஺Ӹ఼Ǜ

Tufq!2!ٶਸਸ๔֓ڇ

Tufq!3!ሞሏႜܔࣆ઀ዐ๼෇

Đubtlnhs/fyfđంସ

Tufq!4!ٶਸඪခ࠶૙ഗ

Step 3 Ӧݬq௲Շr̟૆ēqWindowsఉ๠ڕ स୶r࡜ӕࢗॴd༪႔qࠩёr༪ົ࢕

Аࢡྡྷຏંγᅖݯ౨Ӳ஍ჾၽၮ໻ԅࠩ

ёd

ٗ ฉ ཮ ڦ ඪ ခ ࠶ ૙ ഗ ዐ Lj੗ ᅜ ੂ ڟ ĐKernel32.exeđኄ߲৊ײLjኄ৽๟࿢்ڦգࢋఢக ޜခഗײႾሏႜ้ࠬথڦ৊ײăᆯᇀĐKernel32.

exeđ๟ᅃ߲ဣཥ৊ײLjᅃӯڦᆩࢽੂڟኄ߲৊ײ

੗ీࣷᅜྺ๟ဣཥኟ׉ڦۙᆩܸࢮ୼໲Ljኈኟڦ գࢋఢக৽ԥᆆ֠ۖକă

˄˅⏙䰸ᮍ⊩

Ɨ෸أC:WindowssystemူڦKernel32.exeࢅ

Sysexplr.exe࿔ॲă Ƙ գࢋࣷሞጀ֩՗

H K E Y _ L O C A L _ M A C H I N E / s o f t w a r e / Tufq!5!ဣཥӀ॰ၳࡕ

Step 4 ҂ॴqࣅᄥୀ੾ғࣇrෳēຂහܮݖӰ ѻྡྷّqຂහ̟ߏrԅ໌ճܥࣟd؞ճ ܥࣟ౨ԅ̟૆ճ࿫ອ࿫ԅຂහٟટߏd

ै ఢ ē ̟ ຏ q ຂ හ ̟ ߏ r ճ ܥ ࣟ ౨ ԅ qWi nr̟૆ēߜӕࢗંγᅖݯԅqࢗ

ಳrϲӦē࡜຾ಾၽ؞ᅖݯ·ԙ̟ຏߏ ૭౨ԅWindowsғࣇ̟ߏྡྷྂd

Step 5 ၽqୀ੾ࣅᄥғࣇrᄯࢶྻճંγᅖݯ

ࠩ໻ْᄵْྂԅЀᆴēۤЀᆴ·ԙݯ୶

෻௦ອලdӬಾࣅᄥժԅუ໔Ѐᆴߜݖ ௦Ϧມವԅճֺԅୀ੾౨ēუྂēఉۥ ఆ ՛ ݖ ֟ ຣ ᆑ ލ ԅ Ԩ ગ ჾ ၽ ΄ ι ఆ ࣅ ᄥēٞݬრ࡜෻௦ͲঽॴdൎྻēҲੜ ԅ۱ࢺඹШϢݖᄐࠄၽճֺୀ੾౨ࠩ໻

Ѐᆚd

Step 1 ೎ຕӕࢗqࢗಳrϲӦēֺ֥஍ྡྷّ̣

ैྸ࠼ߣڶd

Step 2 Ӧݬqၮ໻r੡গēၽqၮ໻rճܥࣟ

ᄯ೛దqtaskmgr.exer੡গd

microsoft/windows/ CurrentVersion/RunူሾߵLj॰

ኵྺC:/windows/system/Kernel32.exeLj෸أ໲ă ƙ ሞጀ֩՗ڦ

H K E Y _ L O C A L _ M A C H I N E / s o f t w a r e / microsoft/windows/ CurrentVersion/Runservices

ူLj࣏ᆶ॰ኵྺC:/windows/system/Kernel32.exe ڦLjᄺᄲ෸أă

ƚ ፌࢫLj߀ጀ֩՗

H K E Y _ C L A S S E S _ R O O T / t x t f i l e / s h e l l / open/commandူڦఐණኵLjᆯߌකఢகࢫڦC:/

windows/system/Sysexplr.exe %1߀ྺኟ׉൧઄ူ

ڦC:/windows/notepad.exe %1Ljन੗࣬ްTXT࿔

ॲ࠲૴ࠀీă

˄˅䰆㣗᥾ᮑ

०ڇݞዎڦݛ݆ǖਸ๔ŚยዃŚ੦዆௬Ӳ Śཁे෸أײႾŚw i n d o w sҾጎײႾŚӝ޹

ॲ૛ڦwindows scripting hostඁۖLj඗ࢫٶਸ Internet Explorer៓બഗLjڇऍĐ߾ਏđŚĐInternet

჋ၜđŚĐҾඇđŚĐጲۨᅭप՚đLjӝ૛௬ڦগԨ ڦ3߲჋ၜඇև্ᆩLj඗ࢫӝĐሞዐेሜײႾࢅ࿔

ॲđ্ᆩă

ړ඗ኄኻ๟०ڇڦݞዎݛ݆Ljփࡗ੗ీᆖၚ ᅃၵྪᄻڦۯༀjavaၳࡕLjኄᄣ࣏੗ᅜᇨݞᅃၵ

ܱᅪڦྪᄻቊڑࢅթ۾ăසࡕཉॲሎႹڦࣆ੗ᅜ

ेጎݞआ഻Ljምڟྲ෉ڦྪበٶၵցۡLj࣏ᆶ৑

ଉณሞᅃၵၭྪበူሜᅃၵײႾڪă 2.࠽ྔ౰ิ

࠽ྔ౰ิ๟࠽۫ྔᇕྔஹٷბĐ࠽ྔ౰ิđ

ྪஏၭፇڦፕ೗Lj೦࣋Ⴀ࢔ٷLj੗ᅜᇺײฉدĂူ

ሜĂ෸أ࿔ॲĂႪ߀ጀ֩՗ڪăഄ੗಄ኮتሞᇀޜ ခ܋ԥኴႜࢫLjࣷጲۯॠֱ৊ײዐ๟ޏࡤᆶĐূ

෷۾ӠđĂĐiparmorđĂĐtcmonitorđĂĐํ้॔੦đĂ ĐཀྪđĂĐkillđڪጴᄣLjසࡕ݀၄৽ॽ޿৊ײዕኹLj

ᄺ৽๟ຫ๑ݞआ഻ࢅ෫۾෉ॲྜඇ฿ඁፕᆩă ፕ ྺ ᅃ ߲ ᇺ ײ ੦ ዆ ෉ ॲ ໲ ੗ ᅜ ሏ ႜ ᇀ WIN98LjWINMELjWINNTLjWIN2000/XPă໲ڦए Ԩࠀీᆶǖ࿔ॲ࠶૙ݛ௬ᆶฉدLjူሜLj෸أLj߀

ఁLjยዃຌႠLjॺ૬࿔ॲॄࢅሏႜኸۨ࿔ॲڪࠀ

ీǗጀ֩՗֡ፕݛ௬Ljඇ௬ఇెWINDOWSڦጀ

֩՗ՊडഗLjඟᇺײጀ֩՗Պड߾ፕᆶසሞԨऐ

ฉ֡ፕᅃᄣݛՍǗೡట੦዆ݛ௬Lj੗ᅜጲۨᅭ཮

ೌڦዊଉઠ३ณد๼ڦ้क़Ljሞਆᇘྪईߛྪ໏

ڦںݛ࣏੗ᅜඇೡ֡ፕܔݛڦ຋Քत॰ಎLj৽ၟ

֡ጻጲमڦऺ໙ऐᅃᄣǗᇺײඪခ࠶૙ݛ௬Lj੗

ᅜ኱࠵ں៓બܔݛش༹Ljໜᅪ෫ۖܔݛش༹ईഄ ዐڦ੦ॲǗഄ໱ࠀీ࣏ᆶᆰॲIPཚኪڪă

޿ఢகײႾሏႜࢫLjॽࣷሞဣཥڦS y s t e m ణ୤ူิׯᅃݻጲमڦੋԞLjఁ׬ྺD i a g c f g . e x eLjժ࠲૴E X E࿔ॲڦٶਸݛ๕Ljසࡕஹ඗෸

ۖକ޿࿔ॲLjॽࣷڞዂဣཥ໯ᆶE X E࿔ॲ࿮݆

ٶਸڦ࿚༶ă

˄˅Āᑓ໪ཇ⫳ā䕃ӊㅔҟ

࠽ྔڦ཮Քतٷၭǖਜ਼ࢽ܋ྺ282KĂޜခ

܋ྺ111KDŽ၎ܔၭേLjፕᆩ๟ྺକݛՍฉدत઒

ӿDžă࠽ྔఐණ๑ᆩڦ܋੨๟6267Ljኄᅃۅሞᅃӯ ຫ௽ዐுᆶ঻ถLj൐Ⴙܠڦྪበᄺுᆶ༵तă࠽

ྔ౰ิ཮Քă

࠽ྔڦহ௬ݥ׉߅৫Ljգࢋ໯ᆶڦࠀీ໲ए Ԩۼᆶă

Đ࠽ྔ౰ิđ࣏ጲټକႂሜࠀీă

˄˅݋ԧ᠟Ꮉ⏙䰸ᮍ⊩བϟ˖

Step 1 ဎ ဟ ؞ ઁ ৴ ё ༝ ၮ ໻ ನ ํ ֥ ౗ ҂ ؞ ำ ߑē࿙Ү୳ՎӾҢD O S੦಴ຏēდӾ SystemંৃຏԅDiagcfg.exeē౗҂൑Ģ Step 2 ဎဟDiagcfg.exeำߑྸ࠼΄౗҂ॴē࿙

ҮၽWindowsܬࡂຏఉۥEXEำߑ՛ߜ

ํ֥ၮ໻dდӾWindowsંৃᄯԅᅟЈ ζΩހ୶qRegedit.exerēߜ൑؟੠น qRegedit.comrĢ

Step 3 დӾHKEY_CLASSES_ROOTŃexefileŃ shellŃopenŃcommandēߜୣ੯ఊߏᄔ

؟юr%1 %*rĢ

Step 4 დӾHKEY_CLASSES_ROOTŃexefileŃ shellŃopenŃcommandēߜୣ੯ఊߏᄔ

؟юr%1 %*rĢ

Step 5 დ Ӿ ᅟ Ј ζ ົ ġ H K E Y _ L O C A L _ MACHINE\Software\Microsoft\Windows\

Current-Version\ RunServicesē౗҂ୣᄯ

੠ыนqDiagnostic Configurationrԅߏ ᄔĢ

Step 6 ڑԵᅟЈζΩހ୶ēݍӾWi n d o w sં

ৃēߜqRegedit.comr؟ݍqRegedit.

exerd 3.࢒۴

࢒۴๟ᅃ߲ࡔׂᇺײ॔੦෉ॲLjዷᄲᆩᇀ߲

ට࠶૙ࢅ॔੦ጲमڦۉసLjईᆩᇀഓᄽ࠶૙ටᇵ

॔੦ᇵ߾ۉసă࢒۴ײႾᄺ੗ᅜԥ࢒ਜ਼૧ᆩׯྺ

ఢக߾ਏLjഄ੗಄ኮتሞᇀ໲ᆶഽٷڦ෫৊ײࠀ

ీăᄺ৽๟ຫ੦዆܋੗ᅜໜᅪዕኹԥ੦܋ڦగ߲

৊ײLjසࡕኄ߲৊ײ๟౷ܙኮૌڦݞआ഻Lj࢒۴

੗ᅜ๑ڥݞआ഻ڦԍࢺࠀీඇ࿮Lj࢒ਜ਼੗ᅜᆯُ

ܸ׊ൻ኱෇Ljሞဣཥዐືᅪጻ࢙ă

ణമ๑ᆩڦ࢒۴ӲԨ๟2007V1.6ӲLjሏႜ࢒

۴2007ਜ਼ࢽ܋ײႾLj๯ْሏႜॽ؜၄๟Đဣཥย ዃđش੨LjԈઔĐ॔ད܋੨đĂĐ૶থ௢ஓđĂĐᇺײೡ ట჋ၜđࢅĐג้ยዃđă

Đ॔ད܋੨đ๟ኸਜ਼ࢽ܋ڪ޿ޜခ܋૶থڦ TCP܋੨ăጀᅪ॔ད܋੨փీ๑ᆩဣཥᅙঢ়๑ᆩ ڦ܋੨Ljޏሶࣷӿۨ฿ӨLj੗ڇऍĐ֪๬đӀ౧ֱ

ੂ܋੨๟ޏ੗ᆩăLj࿢்჋ስ8000܋੨Lj֪๬঳ࡕ 8000܋੨੗ᅜ๑ᆩă

Đ૶থ௢ஓđᆯᆩࢽጲमኸۨǗĐᇺײೡట჋

ၜđยዃೡట၂๖ڦჿ෥߭๕Ljᆶ65536෥Ă256෥

ࢅ16෥Ljఐණྺ256෥ǗĐג้၌዆đኸۨ૶থג้

ڦࡹ௱ຕDŽ0՗๖ᆦᇺڪځDžLjړגࡗኸ้ۨक़ࢫ ޜခ܋࣏ுᆶݒᆌLjሶጲۯൽၩُْد๼Ljਜ਼ࢽ

܋ᆩࢽᆌߵ਍ํाڦྪஏد๼໏܈৊ႜยዃăย ዃྜׯࢫڇऍĐඓۨđӀ౧ă

Ğӄ૩5-7ğظॺĐ࢒۴đޜခഗ܋ҾጎײႾ

Tufq!4!ยዃ੦዆჋ၜ!

Tufq!5!ยዃ૶থ႑တ

Tufq!6!ڇऍĐิׯđӀ౧

Step 4 ၽqॕࠄ༪ົrᄯಁᄢࢺܜժ໰๯ރॕ

ࠄੁ৲ԉ໰๯

Step 5 Ӧݬqಓюr̟૆ēͬӉಁᄢd۱Փၭ

༘ ဈ ܜ ᆑ Շ ࿌ ಓ ю ԅ ׻ ๠ ժ ё ༝ ำ ߑ

੠ēဎဟำߑ੠Ϣڟֳēొ՝నߑАდ ୯ࣿ࡜ٗৰְྡྷ໔dӲંγݯ୶ၮ໻ॴ ಓюԅ׻๠ժઁ৴ё༝܊ēάࢶྻඹڶ ۱Փ2007ࣿࣅᄥճֺॴd

Ğӄ૩5-8ğ๑ᆩ࢒۴2007ڦTelnetࠀీ

޿ࠀీૌຼᇀWindowsဣཥڦጴޙዕ܋Ljీ

ࠕ኱থཚࡗంସႜݛ๕੦዆ܔݛऐഗă

჋ስዷহ௬ዐڦሞ၍ዷऐLjڇऍంସӀ౧൶ ڦĐTelnetđӀ౧Ljन੗ሞٶਸڦĐጴޙዕ܋đش੨ ዐ๼෇੦዆ంସLjፕྺํ૩LjሞĐጴޙዕ܋đش੨ ዐ๼෇ipconfigంସLjኴႜ঳ࡕසူ཮໯๖ă Step 1 Ӧݬqำߑr»qҗߙEXE̝ᅭ͑·׻

๠ժё༝rēӕࢗqҗߙ̝ᅭё༝rճ ܥࣟd

Step 2 ၽq̝ᅭ༪ົrᄯಁᄢ׻๠୶ё༝ԅ̝

ᅭ໰๯ēఢё༝੠c׻๠੠ԉd

Step 3 ၽqࣅᄥ༪ົrᄯಁᄢၭ༘۱Փࢺܜժ

ࠩ໻ԅࣅᄥЀᆴēၽ؞༪ົ࢕ᄯēࢶྻ

ಁ ᄢ ၭ ༘ ୀ ੾ ࣅ ᄥ c ำ ߑ ڕ स c ᅟ Ј ζcၭ༘Telnetcၭ༘ຂහࣅᄥԉЀᆴĢ ωயܮࢶྻඹڶಁᄢqರဈᆑՇ࿌ࣅᄥ

ੁ৲rēࣿಁᄢࣅᄥੁ৲ēಁᄢۚ܊ē Ӧݬqಓюr̟૆އࢶd

DŽ1Dž๮߾ൣأĐ࢒۴đఢக ķ᳈ᬍ⊼ݠ㸼˖

Tufq!3!ยዃҾጎ႑တ

ॽHKEY_CLASSES_ROOT\txtfile\shell

\open\commandူڦఐණ॰ኵᆯS_

SERVER.EXE %1߸߀ྺ

C:\WINDOWS\NOTEPAD.EXE %1Ǘ Step 1 ߜHKEY_LOCAL_MACHINE\Software\

CLASSES\txtfile\shell\open\commandຏԅ ੯ఊߏᄔဎ S_SERVER.EXE %1ٗ؟น C:\WINDOWS\NOTEPAD.EXE %1Ģ Step 2 ߜHKEY_LOCAL_MACHINE\Software\

M i c r o s o f t\Wi n d o w s\C u r r e n t Ve r s i o n\

RunServices\ຏԅґᄔwindows౗҂Ģ Step 3 ߜHKEY_CLASSES_ROOTۤHKEY_

LOCAL_ MACHINE\Software\CLASSES ຏԅWinvxdᅖߏ౗҂d

Windowsణ୤ူڦG_Server.exe࿔ॲॽጲ मጀ֩ׯޜခDŽ9Xဣཥႀጀ֩՗ഔۯၜDžLj௅ْ

ਸऐۼీጲۯሏႜLjሏႜࢫഔۯG_Server.dllࢅ

G_Server_Hook.dllժጲۯཽ؜ăG_Server.dll࿔

ॲํ၄ࢫோࠀీLjᇑ੦዆܋ਜ਼ࢽ܋৊ႜཚ႑ǗG_

Server_Hook.dllሶཚࡗથপAPIۙᆩઠᆆ֠թ۾ă ᅺُLjዐ۾ࢫLjੂփڟթ۾࿔ॲLjᄺੂփڟթ۾ጀ

֩ڦޜခၜăໜጣࣨߧጱޜခ܋࿔ॲڦยዃփ ཞLjG_Server_Hook.dllᆶ้ࢪ޹ሞExplorer.exeڦ

৊ײ੣क़ዐLjᆶ้ࢪሶ๟޹ሞ໯ᆶ৊ײዐă

ࣨߧጱڦፕኁܔᇀසࢆ༧ࡗ෫۾෉ॲڦֱ

෫ࢾକ࢔ٷ૰ഘăᆯᇀᅃၵAPIࡧຕԥপइLjኟ׉

ఇ๕ူవᅜՓ૦ڟࣨߧጱڦ࿔ॲࢅఇ੷Ljሰׯֱ

෫ฉڦઓవăᄲႂሜࣨߧጱۯༀੰܸ൐ԍኤဣཥ

৊ײփԪએᄺ࢔஑ݑLjᅺُሰׯକৎ೺ࣨߧጱሞ ࢻ૴ྪฉݘરڦਆ௬ă

ణമLjྪஏฉ੗ᅜቴڟᅃၵࣨߧጱఢக෉ॲă

DŽ2Džഄࠀీᇑ༬ۅ

Ɨܔᇺײऺ໙ऐ࿔ॲ࠶૙ǖఇݠWindows ጨ ᇸ࠶૙ഗLj੗ᅜܔ࿔ॲ৊ႜް዆ĂቕཌྷĂ෸أLjዘ

ంఁĂᇺײሏႜڪLj੗ᅜฉدူሜ࿔ॲई࿔ॲॄLj

֡ፕ०ڇᅟᆩǗ

Ƙᇺײ੦዆ంସǖֱੂᇺײဣཥ႑တĂ२ൎ ӱֱੂĂ৊ײ࠶૙Ăش੨࠶૙Ăޜခ࠶૙Ăࠌၛ࠶

૙Ăپ૙ޜခĂMS-DosఇెǗ

ƙվइೡటǖํ้ೡట੦዆Lj๑ᆩೡటൻۯ վइೡటLj๑ೡట੦዆ٳڟํ้د๼Ǘ

ƚܠش੨֡ፕLj੗ᅜܔᅃ໼ۉసཞ้৊ႜܠ

֡ፕतܔܠ໼ۉసཞ้৊ႜܠ֡ፕǗ

ƛଇዖᇺײ੦዆ႚ๕ǖਜ਼ࢽ܋ዷۯ૶থ੦዆

႙ࢅޜခ܋ጲۯฉ၍૶থ႙Ǘ

Ɯޜခ܋඄၌ยዃǖ੗ᅜӀႴᄲยዃޜခ܋

໯ਸݣڦ඄၌Ǘ

Ɲਜ਼ࢽ܋े੕ࢫๆݴၭേLjݛՍ๑ᆩǗ ƞ෉ॲၭേLj࿮ႴҾጎLjժ৊ႜକெࣅǗ Ɵ෉ॲփࣷԥֱ෫ă

Ğӄ૩5-9ğ૧ᆩࣨߧጱཚࡗ3389܋੨ڦ෇ൔ 3389܋੨๟Windows 2000/Xp/2003 ᇺײጞ ௬ڦޜခ܋੨ăཚࡗ3389܋੨෇ൔᇺײऺ໙ऐLj

੗ᅜၟ֡ፕԨںऺ໙ऐᅃᄣઠ੦዆ᇺײऺ໙ऐă ኄ૛ዘۅ঻ถWindows XPڦTerminal Servicesޜ ခă޿ޜခ๑ᆩڦ܋੨๟TCP 3389܋੨ă

ሞ෇ൔമLj੗ᅜ჋ᆩᅃၵ׉९ڦ෢௮߾ਏLj ૧ᆩ෢௮߾ਏઠቴᅃၵ඾चăኄ૛Lj๑ᆩڦ߾ਏ

ྺࣨߧጱࢅ3389܋੨ਸഔ෉ॲă

Tufq!3!૶থڟణՔዷऐ

Tufq!4!ֱੂణՔዷऐ้क़

Step 1 ॆဈঠڛݧSuperScanēు੍ఝݹēࢡಾ

׮ၽరࣇগԉdუऺ࡜Ϣ༛೭ॴēࢶྻ

ϵ·ೠ஍ੋԅჃࠋdैఢēၽࡥ့ฉઝ

ऺēుӾ192.168.0.102ԅAdministratorဈ ܜੁ৲นࣂd

Step 2 ರဈN e t u s e ੡গॕࠄӾંγᅖݯd

೛దn e t u s e \\192.168.0.102 qr/

user:qadministratorrēუّ੡গԅᆴဈ

࡜ζವဈadministratorუّဈܜԈৃӾ 192.168.0.102უ൛ݯdఢڴੁ৲ჾ௲ē ݖඔವq੡গюٟ෻юr໰๯d

Step 3 ॕࠄંγᅖݯюٟ܊ēࢶྻАࢡྡྷຏં

γ ᅖ ݯ ԅ ನ ޷ ē ֺ ά ܊ ੋ ڋ ઁ ৴ d ೛ దġNet time \\192.168.0.102ē੡গ෻ю

܊ēݖֲݍંγᅖݯӲ஍ԅຂහನ޷d

Tufq!6!ኴႜฉدڦఢக

Tufq!7!ٶਸਜ਼ࢽ܋৊ႜ૶থ

Tufq!8!ฉد449:܋੨ਸഔ߾ਏ

Tufq!9!ufmofuڟణՔዷऐ

Step 8 Ӧݬᅖ࠘ੋ౨ԅqTelnetr̟૆ēӰѻғ ࣇēუζವဈTelnetॕࠄӾંγᅖݯd

Tufq!:!!ਸഔ!449:!܋੨ Tufq!5!ฉدఢக

Step 4 ౨ Ҏ ઁ ৴ Ӿ ં γ ᅖ ݯ ē ఢ ෍ ൎ ವ ē ೛ దġc o p y s e r v e r.e x e \\192.168.0.102\

Admin$ēఢڴ౨Ҏюٟēݖඔವqྸ؏

ᄥ1ّำߑr໰๯d

Step 5 ኴ ႜ ฉ د ڦ ఢ க Lj ૧ ᆩ ǖ a t

\\192.168.0.102 15:15 server.exeంସLj՗

๖ሞ15:15ኄ้߲क़ࣷኴႜserver.exeኄ߲

ײႾă

Step 6 Ӳઁ৴ၽંγᅖݯᄓ໻܊ē࡜ࢶྻӕࢗ

݇ ن ᆐ ࢺ ܜ ժ ё ༝ ࣿ ॕ ࠄ ē Ӧ ݬ q ච

ަᅖݯr̟૆ē೛దંγᅖݯԅIPރժ ࣇē௶܊ඔವqॕࠄюٟr໰๯d

Step 7 ౨Ҏ3389ժࣇࢗ୳ٝ࡮d༪ᄯંγᅖݯ ԅC૭ēဗݬ೪γēၽӰѻԅࣙࠎϲӦ ᄯ༪႔q౨Ҏำߑݧำߑޣr੡গēӰ ѻq౨Ҏำߑrճܥࣟē༪႔ྑ౨Ҏԅ 3389ٝ࡮d

Tufq!21!ཁेᅃ߲ᆩࢽ

Tufq!22!ֱੂణՔዷऐڦ৊ײतޜခ

Tufq!23!ኴႜ಼ت૙࿔ॲ

Tufq!24!૧ᆩᇺײጞ௬૶থణՔዷऐ

Step 13 ॆဈXPᆑӛԅqၙёᅽੋॕࠄrё༝ē

ॕࠄંγᅖݯd Step 9 ࢗ୳3389ժࣇdၮ໻3389ё༝ē೛దġ

3389 –o 3389ēωய൑ࢶྻ޿Љѻંγ ᅖݯԅຂහफ໸d

Step 10 Step 10 ච ަ ྡྷ ّ ဈ ܜ ē ω ய ̼ ൑ ඔ ಖ น ڕ स ၔ ᆦ ē უ ྂ ࡜ ࢶ ྻ ၙ ё ဈ უ

ّ ჌ ۜ Ԉ ৃ ē ω ய ࿺ ပ ڕ स ၔ ௣ ຫ d

೛దġnet user darcy$ 123456 /addēnet localgroup administrators darcy$ /addēუ ०ّ੡গԅᆴဈ࡜ಾၽંγᅖݯ౨໭ߙ

ྡྷّဈܜ੠นdarcy$ēੁ৲น123456d

Step 11 Tasklist/SVC >>c:\test.txtēუّ੡গಾഊ ੜၽC૭ຏಓюtest.txtำߑdࠄຏࣿАࢡ Ӳ஍ᅖݯჾၽၮ໻ԅࠩёރ׻๠੠ыd

Step 12 ᄓ໻ٝ࡮ͧᄯԅ1.batଛ҉सำߑē̼ᄴ ժ׻๠ᄷ໭୳Վē࿙นXP੯ఊᄚટྡྷّ

ဈܜԈৃē̼ᄴժ׻๠ำߑ඙ܰ܊ē࡜

ࢶྻഀဈܜලನԈৃXPຂහd

ኄᄣLjే৽ൽڥକኄ໼ऐጱڦਨܔ඄၌Lj৽

੗ᅜၟ֡ፕԨںऺ໙ऐᅃᄣઠ֡ፕణՔዷऐă

๮߾ൣأࣨߧጱժփవLjዘᄲڦ๟ՂႷۮڥ

໲ڦሏႜᇱ૙ă

˄˅♄向ᄤⱘ᠟ᎹẔ⌟

ᆯᇀࣨߧጱથপକAPIۙᆩLjሞኟ׉ఇ๕ူ

ޜခ܋ײႾ࿔ॲࢅ໲ጀ֩ڦޜခၜ਩ԥᆆ֠Ljᄺ

৽๟ຫేन๑ยዃକĐ၂๖໯ᆶᆆ֠࿔ॲđᄺੂ

փڟ໲்ăُྔLjࣨߧጱޜခ܋ڦ࿔ॲఁᄺ๟੗

ᅜጲۨᅭڦLjኄۼߴ๮߾ॠ֪ټઠକᅃۨڦઓ వă

ঞ ే ᅃ ቲ ൫ӾqTasklistr੡গ,࡜ϢԄϢඔ Ӿ൑ԅ৖ಓ༁ԝqTaskkillr੡গ,ڄ

੠഑࿌,൑ಾဈࣿڑԵࠩёԅd

ঢ়ࡗኄबօ֡ፕएԨ৽੗ᅜඓۨኄၵ࿔ॲ

Ɨ ൣأࣨߧጱڦޜခDŽ2000NjXPဣཥDžǖ

Step 1 ӕ ࢗ ᅟ Ј ζ Ω ހ ୶ ď Ӧ ݬ q ࢗ ಳ r

Step 3 ౗҂ჼّGame_Serverົd Ƙ ෸أࣨߧጱײႾ࿔ॲ

ႎࢅService packDžLjഄዐMS04-011ĂMS04-012Ă M S04-013ĂM S03-001ĂM S03-007ĂM S03-049Ă MS04-032ڪۼԥթ۾࠽ݘ૧ᆩLj๟ݥ׉Ղᄲڦց

Step 2 ٶਸWindowsڦĐ໇໭࿔ॲđLj࿔ॲఁ

׬๼෇Đ_h o o k.d l lđLj໇໭࿋ዃ჋ስ WindowsڦҾጎణ୤ă

Step 3 ঢ়ࡗ໇໭LjሞWindowsణ୤DŽփԈࡤጱ ణ୤Džူ݀၄କᅃ߲ఁྺGame_Hook.dll ڦ࿔ॲă

Step 4 ߵ਍ࣨߧጱᇱ૙ݴဆኪڢLjසࡕGame_

Hook.DLL๟ࣨߧጱڦ࿔ॲLjሶሞ֡ፕဣ

Wi ndo wsഔۯࣃ௬മLjӀူF8॰DŽईኁሞഔۯऺ

໙ऐ้ӀዿCtrl॰փݣDžLjሞ؜၄ڦഔۯ჋ၜ֓ڇ ዐLj჋ስĐSafe ModeđईĐҾඇఇ๕đă

在文檔中 1.3 ࢒ਜ਼׉ᆩంସ ččččččččč 6 (頁 84-114)