Circular menus - PowerPoint PPT Presentation

1 / 64

About This Presentation

Title:

Circular menus

Description:

Title: Circular menus Author: Jonty Last modified by: Created Date: 3/15/2005 10:04:38 AM Document presentation format: – PowerPoint PPT presentation

Number of Views:80

Avg rating:3.0/5.0

Slides: 65

Provided by: Jont85

Category:

more less

Transcript and Presenter's Notes

Title: Circular menus

1
??????
???

S310060109
2
????

??
????????
????
????
???????
Windows?????????

3
??

??????,?????-????,?????????????????
nihaorr1.com/1.js
Stuxnet??(??)
?????????????????????,????????????????????????????
?????,?????????????????????????

4
????

??
????????
????
????
???????
Windows?????????

5
????????
6
??????
7
??????????????????Windows????
???Windows ??????? ??
???? ?????
???Windows ?????? ????
???? ?????
8
?????????

?????????,?????????????????????????
???????????,??????????????,?????????????,?????????
???????Dependency Walker?PEView???PE????,?????????
??????
??????,???????????????,???????????????????????VMWa
re?????os????

9
??????????????????Windows????
???Windows ??????? ??
???? ?????
???Windows ?????? ????
???? ?????
10
????????

??????????PsTools????pslist?????
???Windows?????????,??????????????????dd??????????
??????Helix(www.e-fense.com/helix)?Nigilant?????
????????ProDiscoverIR?OnlineDFS/LiveWire?????????
?????????

11
???????????

???????shell??date/t?time/t??,Win2003??now???
????????????ip???whoami????????,ver??os??,ipconfi
g/all??IP?????
?????????????????????VPN?????????????????????????
??Promiscdetect?Promqry??????????

12
??????

??URLProtocolView?????????????????

13
????????

????????????????????????,??????
?????????uptime??(http//support.microsoft.com/kb/
232243)?

14
????

??????? ?????????
???psinfo?systeminfo?Dumpwin??????????????????????
???

15
????????????

?????????????????????????Session?????????????????
??????????????????????????
Psloggendon,????PsTools?????????????,?????????????
????????
Quser,?????????????????????????,??session?????????

16
?????????

??????????DNS????????NetBIOS????ARP??????????
Netstat???Win os?????,????????????????????????sock
et???

17
??????

?????????,??????????????????
???????????ID??,??????????????????????????????????
??????????????????????????????????????????????????
?????????
tlist???tasklist???PRCView.exe?

18
????????????

??????nmap???
????(www.iana.org/assignment/port-numbers)?

19
?????????

?????????????,???????,???????????????????,????????
?
Psservice???????????????????????

20
???????

?????????????????????????,????????????????????????
?????
??????????NirSoft???OpenFilesView???
????????????????net file???,?????Mark
Russionvich???psfile?

21
?????????

UNIX?Linux??bash???shell???bash??????
????Win os???????,????cmd???doskey
/history??????????????

22
????

???????????????????????,???????(W32/Bacalid???????
?)?????????????????????

23
??????

??????????????,???????????????,????????????????
??????schtasks?????????,??/Query????????????

24
???????

?????????????,????????,???????????????????????????
??????
??????pclip???????????????????

25
??????????????????Windows????
???Windows ??????? ??
???? ?????
???Windows ?????? ????
???? ?????
26
???Windows???????????

???????????????????????,???????????????????
???????,?????????????????????????????????
???Windows??????????????,????????????

27
??????????????????Windows????
???Windows ??????? ??
???? ?????
???Windows ?????? ????
???? ?????
28
???Windows?????????

Windows Forensic Toolchest(WFT)???????????????????
???WFT????????????????????????WFT?????????MD5?,???
??????????????????WFT??????????,??????????????????
??????

29
???Windows?????????

ProDiscoverIR??????????
??????????,??????????????

30
???Windows?????????

OnlineDFS/LiveWire,???????????
???????????????????,??????????????????????????????
??????

31
????

??
????????
????
????
???????
Windows?????????

32
????
Windows?? ??????
33
???????

???????????????????
?????,?????????,?????????????????????
?????????????????????????

34
????
Windows?? ??????
35
????????

?????????,?????strings???????????????,????????????
???????????
???strings??????????ASCII???,???Unicode???????????
?????

36
????
Windows?? ??????
37
Windows??????

????Windows????????????????????,????????????????Wi
ndows???
?????????
???????????????
????
??
????
????????

38
????
Windows?? ??????
39
Windows????????

??????

Skl.exe EPROCESS DTB0x0a039000 PEB0x7ffdf000(v
)
0x0a039000
????? PDE 511
0x0a102000
?? PTE 991
0x0a0eb000
PEB
?1 ??????????????,??????sql.exe???PEB??
40
Windows????????

??????

?1
????0x7ffdf0000???
?? ? ??? ???? ???
???????? 3122 11111111 0x1ff 511 ?????? 2112 1111011111 0x3df 991 ???? 110 0 0x0 0
41
?????

Win os???????????????????EPRROCESS?

42
?????
PPEB_LDR_DATA
InMemaryOrderModuleList
LDR_DATA_TABLE_ENTRY
InMemoryOrderLinks
ImagePathName
PEB
PRTL_USER_PROCESS_PARAMETERS
DllBase
CommandLine
FullDllName
PPS_POST_PROCESS_INIT_ROUTINE
TimeDateStamp

?2 PEB????
43
?????
Modules Mapped into Memory
Executable File Path
_EPROCESS Block
Process Environment Block
Command Line
Dynamic Library Paths
Process Environment
?3
PEB??????????
44
?????
?2 xp
sp2???EPROCESS????
?? ?? ?? ????
DirectoryTableBase Directory Table Base 0x18 Uint48 CreateTime Process Creation Time 0x70 FILETIME UniqueProcessID Process Identifier 0x84 32 byte Int ImageFileName Executable Name 0x174 String InheritedFromUniqueProcessID Parent Process Identifier 0x14c 32 byte Int PEB Process Environment Block 0x1b0 32 bytes
45
???????
46
Related Documents
Windows?? ??????
47
????????