| With the advent of computer and internet information technology era, internet acts as a more and more important role in science, education, commerce, even our daily life and works. The debugging problems in applications development with network input and output data to software engineers is a big trouble. Moreover, with the circulation of large information resources, a variety of baleful codes and illegal data are mixed in it as well, thus security problems fall upon us. How to keep a tab on and filter out these harmful data gradually becomes a pressing issue. Therefore, it is urgent to search out a means to control and alter the input and output data in the network process dynamically.We should firstly solve several technical problems for monitoring and debugging the input or output data between running process and network. The first one is how can we access the private virtual memory space under the protect mode. The second one is how can we capture the data just before they are sent out or received in. The third one is how can we inform our monitor or debugger process thisevent, transfer the data to the monitor or debugger, and get the results back.As far as Microsoft Windows operation system is concerned, which mostly has been installed on personal computers and partly server cmputers, softwares access data in internet through Windows Socket Application Program Interface. There are two series interface installed on the OS in advance, the one is called BSD socket designed by Berkeley Software, with the working mode of blocking synchronization, nonblocking asynchronization and polling, the other is named WinSock designed by Microsoft, worked via the way of windows message driven.As the foundation of process socket seizing technologies under Microsoft Windows, API(Application Program Interface) hook technology is the core to achieve those softwares with especial functions. Contrast with traditional packet filter techniques which based on NDIS (Network Driver Interface Specification), it can capture data of any process in application layer. However, the hook techniques are pretty complicated. The roots can be traced to earlier Win3. x era in the world. Nowadays, it blossoms out into two kinds of mature injection modes, dynamic link library injection and remote thread injection, And what's more, two kinds of mature interception modes, Mr. Jeffrey's import section alteration method and ancient jumper instructions method. Almost every words grabber and translation applications worked via the combination of preceding ways. How ever, those techniques are not compatible with all of current Microsoft Windows series operation systems. Aimed at to search out a hijack technology that can be compatible with all of current Win32 platforms, we begin our research with system core.In this thesis we expatiate on the related virtual memory image map structure in windows operation system, process and thread synchronization and communication technologies, windows socket library. Then via the way of analyzing the mature hook techniques we solve the problems we meet on our study gradually, and searched out a new technology in combination with breakpoint method and direct instructions injection method. Eventually achieve our object to hijack network input and output data in any process, with detail code written in C++ language under Visual Studio platform.
|
PDF Full Text Request