Chapter 388 Middleman Attack

Category: Urban Romance Author: Crazy Xiaoqiang Title: Super Brain Hacker Although Windows3.1 has also designed permission control and layered the system, it has not done well in this regard, and it can even be said to be quite rough.

But this is also understandable. After all, the system has just come out, and in order to launch it as soon as possible, they were also in a hurry to implement some important functions first. For ordinary users, the permission control system they designed has basically met the requirements.

The Windows3X series operating system is not developed for the real-time operating system at all. The real-time system has a special WindowsNT series, and its permission control is much more perfect than this, and the stability is greatly enhanced. However, in the same way, it is more difficult for them to customize and modify the NT system. Generally speaking, it is not convenient to use this directly.

Moreover, the systems of the Windows series are all closed-source. To put it bluntly, this is commercial software. If you want to use it, you must buy it. They use it like this now, which is a violation of intellectual property law and uses piracy. If they are found by Microsoft, they can sue through judicial channels. Of course, as for the inadmissibility of domestic courts, this is another matter.

Although the permission system of the Windows3.1 system is simple, it is absolutely forbidden to operate on the system layer at the user level, because it will threaten the stability of the system. As long as a key data structure of the system is destroyed, it is likely to cause the system to crash.

involves the operation at the bottom of the system, which is realized through the system functions in the SDK package given by Microsoft. These system functions will not randomly manipulate the key data in memory, but will implement some functions in the way expected by the system programmer.

Doing so will not only affect the stability and security of the system, but also allow programmers who write application software to get the desired functions. It can also simplify the operation steps so that they do not have to care about the underlying operation mechanism. It is simply a good way to kill three birds with one stone.

Of course. It doesn't mean that there is something in the system layer. The user layer cannot be accessed at all. If those virus Trojans want to realize their own functions, they have largely taken advantage of the loopholes of the system and obtained permissions beyond the user layer.

However, their system has been extremely optimized by them, and some common vulnerabilities have been basically patched to find such vulnerabilities. It's still very difficult.

Therefore, Yu Bo heard Lin Hong's big words and said, "You have to get the permission yourself, and it will not be automatically delivered to your door." At that time, he couldn't help sneering and retorted, "You said it lightly. If you have the ability, can you take a look?"

Yubo still had some opinions about Lin Hong in his heart. After all, it was his arrival that caused everyone to panic. I'm worried that my hard work for it for many years will be pushed back. In addition. He is also very unaccustomed to Lin Hong's understatement. Even if your company has written a control system by itself, it can't be so talk about it, can it?

They have been immersed in this system for so long that they think that their understanding of this system is second only to those who develop the system.

Of course, he knows that the permission has to be taken by himself, and it is not automatically delivered to the door, but it is easier said than done. There are some things that stand and say that it doesn't hurt. He has seen a lot of such a person.

Yu Bo thought that it was Lin Hong who wanted to show himself in front of their leaders that he deliberately "insert his nostrils" like this - pretending to be.

When Lin Hong heard his words, he smiled and didn't pay attention to it. Instead, he said to Cao Xingping and Xu Zhizhong, "I have encountered this situation before. A lot of Trojan horses and worms. It is to intercept data by rewriting the functions at the bottom of the system. In the field of system security, there is a special term called 'man-in-the-middle attack'.

Middleman attack is a very old and effective attack method in the field of hacking.

Its essential principle is to connect an attacker's own "reponder" on the link of data flow to achieve the purpose of sniffing and stealing data.

This situation is like cutting off a water pipe and then connecting its own adapter on it. This adapter will not affect the normal flow of the water flow in the water pipe. It only monitors the water flow. Once it is found that a fish passes through the water flow, it is responsible for recording this information. It has other magical functions, such as replacing the fish with a loach.

And the people at both ends of the water pipe, due to the lack of communication, do not know what happened in the process of flowing.

They didn't know that the fish they sent privately was monitored by others, and even dropped. The sender thought they had sent a fish, while the receiver thought that the other party had sent a loach.

In the network field, this middleman can even be a computer. User A sends information to user B, but is secretly allowed to flow information to computer C, while AB users do not know that their information has been monitored. Since computer C only copies and backs up the data, does not modify the information at all, and is a passive text, it is difficult for AB to find this behavior.

In the stand-alone machine, the man-in-the-middle attacks more like this time to take over a link or function, which is equivalent to another layer outside. If you want to access the real content, you must enter from the middleman.

Lin Hong's super worm collects data, which is actually the same principle. On the surface, there is no difference between the infected system and the original system, which will not affect the normal flow of data or the stability of the system.

And their current radar control system is obviously the same. Something happens to take over a system function called in their system. However, when the other party is dealing with the underlying function, there is a place that is not handled well. As a result, when they call this function, there is no If the call is successful, there is no return value.

Xu Zhizhong and Cao Xingping looked at each other, and then Xu Zhizhong asked, "Xiao Hong, are you sure of this reason?"

What Lin Hong said was easy to understand, and they also understood it.

Although ** is inseparable, for the sake of safety, Lin Hong still has to verify it by himself before he can guarantee the ticket.

"Well, if it's convenient, I'll use my own way to verify it." He said.

Xu Zhizhong thought for a moment, then nodded and agreed.

Under Cao Xingping's signal, the aftershamp had to give up his seat.

Lin Hong sat up, then took up the compiler, and immediately started to write a small tool.

This small tool is very simple. It has only one function, that is, to continuously call the previous function, and then use the memory DUMP method to save the specified data in the memory in a text file. At the same time, it also monitors the return results of that function.

Then, Lin Hong redoed the process of the aftershrinkling, restarted, then entered a state of silence, and then recovered...

A new file is generated.

Lin Hong opened it with the editor and began to analyze the contents of the text file.

Standing behind Lin Hong, Yu Bo, who wanted to see his good show, was a little dumbfounded.

I don't know whether Lin Hong did it on purpose or something. His action was very fast, and he felt like he had written the code countless times in his heart. He wrote it directly. After slightly fixing a few errors caused by negligence, the small tool was quickly finished. The whole process took less than three minutes.

The aftershampu stood behind him and stared at him without keeping up with him. Although I understand the general meaning, I can't understand the details at all. I don't know why the other party wrote it like this.

When he saw the final generated text file, he was even more dumbfounded, because the content in it could not be accessed at all. It was the memory data of the system layer.

"This can't..." Yubo wanted to say something else, but he immediately shut up, because the facts were in front of him, and he said it was impossible. Isn't that nonsense?

Lin Hong quickly read the record, and finally nodded and said, "Sure enough. There is indeed a hidden program in it that takes over this function.

The record in this LOG file shows very clearly that when entering the silent state, the function stack in memory has changed significantly, and the data shows that a new function has been pressed into the stack.

Stack is a special data structure in the data structure. Its characteristic is that "first in and out". For example, the magazine is a typical stack structure. When the bullet is loaded, it is pressed in first, then ejected, and the first loaded is finally shot.

In the program, the data and variables in the function are also "pop-up" one by one after the execution is "pressed" one by one in a certain order.

If you want to monitor the change of the function, you just need to monitor the stack structure at the specified location. The data DUMP from Lin Hong's memory is what is in the stack.

As a result, the other three people present changed their faces.

This means that what Lin Hong said is correct. There is indeed a hidden program at the bottom of the system in secret activities, and they did not know anything about it before.

Xu Zhizhong was fine and psychologically prepared, but Cao Xingping's face became extremely ugly.

"Then why didn't you have this problem at the beginning of startup, and it didn't appear until you were silent?"

At this time, Yu Bo suddenly interrupted and asked. At this time, he was no longer in the mood to respond to Lin Hong.

"This is because when the system starts, your shell program starts first, and then the other party starts, so that it is not affected by it at all, and the two are safe. However, when entering the silent state, the shell program will be closed. When it starts again, the hidden program has completely taken over the entire function interface. It may be that the other party has not handled it well in this section, resulting in a conflict between the two. The function called by the shell program cannot return a valid value, and you happen to The return value was not judged and processed, which eventually led to the crash of the whole shell program.