Design And Implementation Of A Moitorring System Based On Remote Implantation And Hiding Of Process

Network security becomes more and more important with the rapid development of Internet. Remote monitoring and controlling is not only a important means to confrant hostile political forces and crack down on Internet criminals for a country, but also an indispensable component in the future network war. At present, the technology of long-range implantation and hiding integrates more and more with monitoring. So it has very important realistic meanings in researching the technology of monitoring based on long-range implantation and hiding.This paper analyses the technology of procedure implantation based on exploits and file binding, some methods to implement files hiding, process hiding and communication hiding. It introduces the technology of windows hook and port recall. Aimed at the requirement of specific application, a Remote Monitoring and Controlling System named Wakeman is designed on the basis of remote implantation and hiding. Work flow of the system is described and division of main modules is completed.On the basis of overall design of Wakeman, pivotal functional modules of the system are described. According the theory of buffer overflow, shellcode is programmed by exploiting MS06040 that has already been published, procedure is implanted into the target host by constructing malformations data packet. Then the detailed design of process hidden module is expanded, including Dynamic Link Library modularization of program, process operation and remote thread injection. At last, the implementation of file operation, process operation, screen-monitoring and key log is given. The problem that how packet penetrate firewall in network communication is solved base on port recall.It is shown by the results of experiment that Wakeman can be implanted into host by exploits. It can finish a series of functions including controlling target and capturing information while hiding itself, invading detection of some anti-virus software. It has big practical value as a remote monitoring and controlling tool.