Hacking Book | Free Online Hacking Learning

 Home

api commonly used in the back door of trojans

Posted by bassolino at 2020-03-25
all

OpenSCManager

OpenService

EnumServicesStatus

QueryServiceConfig

ControlService

CreateDC

GetDeviceCaps

CreateCompatibleBitmap

CreateCompatibleDC

OpenWindowStation

OpenDesktop

CreatePipe

DisconnectNamedPipe

PeekNamedPipe

3. Disk processing function

Getdiskfreespacea get information about the organization of a disk and the capacity of the remaining space getdiskfreespaceexa get information about the organization of a disk and the capacity of the remaining space getdrivetypea determine the type of a disk drive getlogicaldrives determine which logical drive letters exist in the system getfullpathnamea get the details of the specified file Fine path GetVolumeInformation a get information about a disk volume getwindowsdirectorya get full path name of windows directory getsystemdirectorya get full path name of windows system directory (system directory)

4. File processing function

Createfilea opens and creates files, pipes, mail slots, communication services, devices, and consoleopenfile. This function can perform a lot of different file operations. Readfile reads data from files. Readfileex is similar to readfile, but it can only be used for asynchronous read operations, and contains a complete callback WriteFile. It writes data to a file writefileex and writefill E is similar, but it can only be used for asynchronous write operations, and includes a complete callback, setfilepointer, to set the current read / write location in a file, setendoffile, for an open file, to set the current file location as CloseHandle at the end of the file to close an internal core object. These include files, file maps, processes, threads, security, and synchronization objects

_Lcreat creates a file, opens the specified file in binary mode, reads the data in the file into the memory buffer, writes the data from the memory buffer to a file, sets the current location for reading and writing from the memory buffer, closes the specified file, reads the data in the file into the memory buffer, writes the data from the memory buffer Enter a file

Openfilemappinga opens an existing file mapping object createfilemappinga creates a new file mapping object mapviewofile maps a file mapping object to the address space mapviewofileex of the current application (the content is the same as above)

Createdirectorya create a new directory createdirectoryexa create a new directory removedirectorya delete the specified directory setcurrentdirectorya set the current directory

Movefilea move file deletefilea delete the specified file copyfilea copy file comparefiletime compare the time of two files setfileattributesa set the file attribute setfiletime set the file creation, access and last modification time findfirstfilea find the file findnextfilea according to the file name find the file according to a file name specified when calling the FindFirstFile function A file findclose closes a search handle created by the FindFirstFile function searchpatha to find the specified file

Getbinarytypea determines whether the file can execute getfileattributesa determines the attribute of the specified file GetFileSize determines the file length GetFileTime obtains the time information of the specified file getfiletype judges the file type 5, registry processing function on the premise that the file handle is given

Regopenkeya opens an existing registry key regopenkeyexa opens an existing registry key regcreatekeya creates or opens a key regcreatekeyexa under the specified key a more complex way to create a new key under the specified key regdeletekeya deletes a specified subkey regdeletevaluea under the existing key regdeletevaluea deletes a value regqueryvaluea under the specified key Regqueryvalueexa gets the setting value of a key regsetvaluea sets the value of a specified key or subkey regsetvalueexa sets the value of a specified key RegCloseKey closes a key (or key) in the system registry 6. Time processing function

Comparefiletime compares the file creation of two file times GetFileTime, accesses the last time, modifies the current local time of GetLocalTime, GetSystemTime, the current system time of GetTickCount, starts windows to the current millisecond of setfiletime, sets the file time, setlocaltime, sets the local time, setsystemtime, sets the system time

7. Process function

Createprocessa create a new process ExitProcess close a process in a clean way findexecutablea find the filename of the program associated with a specified file freelibrary release the specified dynamic chain library getcurrentprocess get a pseudo handle of the current process getcurrentprocessid get a unique identifier of the current process getcurrentthread get Getexitcodeproces, a pseudo handle of the current thread, gets the exit code of an ended process, GetExitCodeThread, getmodulehandlea, an exit code of an ended thread, getpriorityclasa, a module handle of an application or dynamic link library, gets the priority of a specific process

Loadlibraryaload the specified DLL and map it to the address space used by the current process loadlibraryexa load the specified DLL and map it to the address space loadmodule for the current process load a Windows application and run it in the specified environment

Terminateprocess ending a process

Published 338 original articles, won praise 18, visited 1.14 million+

© 2023