文件名称:HideService
介绍说明--下载内容均来自于网络,请自行研究使用
虽然我不知道icesword是什么样列举服务的,但估计最终也是通过历遍SCM内部的ServiceRecordList来检测。
为什么呢?看下面。
用附件中的InjectDLL.exe把hideservice.dll注入到Services.exe进程后就会把Alerter服务隐藏掉。用icesword也检测不出Alerter服务了。
代码原理很简单,就是在Services.exe进程找到ServiceRecordList表,将需要隐藏的服务从链表上断开。
既然icesword也检测不出了,那就说明icesword最终也是通过历遍SCM内部的ServiceRecordList来检测-Although I do not know what kind icesword enumerated services, it is estimated that by the end times calendar SCM internal ServiceRecordList to detect. Why? See below. The annex InjectDLL.exe put hideservice.dll injected into Ser vices.exe process after Alerter service will be hidden swap. Detection also used icesword not Alerter service. Code principle is very simple. Services.exe is in the process of finding ServiceRecordList table Hide will need the services disconnected from the chain on. Since icesword also can not be detected. it shows icesword calendar through the end times within the SCM ServiceRecordL ist to detect
为什么呢?看下面。
用附件中的InjectDLL.exe把hideservice.dll注入到Services.exe进程后就会把Alerter服务隐藏掉。用icesword也检测不出Alerter服务了。
代码原理很简单,就是在Services.exe进程找到ServiceRecordList表,将需要隐藏的服务从链表上断开。
既然icesword也检测不出了,那就说明icesword最终也是通过历遍SCM内部的ServiceRecordList来检测-Although I do not know what kind icesword enumerated services, it is estimated that by the end times calendar SCM internal ServiceRecordList to detect. Why? See below. The annex InjectDLL.exe put hideservice.dll injected into Ser vices.exe process after Alerter service will be hidden swap. Detection also used icesword not Alerter service. Code principle is very simple. Services.exe is in the process of finding ServiceRecordList table Hide will need the services disconnected from the chain on. Since icesword also can not be detected. it shows icesword calendar through the end times within the SCM ServiceRecordL ist to detect
(系统自动生成,下载前可以参看下载内容)
下载文件列表
压缩包 : 29782183hideservice.rar 列表 hideservice.dll InjectDLL.exe