Wonderful review:
I am an explorer thread
I am an antivirus thread
I am an IE thread
Bit Universe - The Birth of TCP/IP
Product vs Programmer: Do you know where the www comes from?
Hello, World!
I am a rogue software thread, I am not like those viruses and Trojan horses, I just make a little money through human computers, and I will not steal information to destroy computers, but even so, those security software still refuse to let me go.
I came to this land for the first time, this is a country that implements the Windows system. My goal is to tamper with the homepage of IE browser and turn it into a navigation website: hao235.com. As long as IE visits it once, I can go to hao235 company to get a penny later. As long as I slowly develop more sites in the future, it will add up to a lot of expenses!
What? You want to ask me how the hao235 company knows that it is me and not someone else who brings the traffic? The hao235 company assigned me an identification code called TN: 1345. I asked IE to bring this number when accessing hao235, and hao235 company will know that this is my contribution , like this:
| 1 |
|
It's an unspoken secret in our line of business.
———————————————————————————
I opened the first page of the "IE Browser Homepage Hijacking Manual": modify shortcuts.
While no one was paying attention, I quietly added a parameter to the IE shortcut managed by Explorer's desktop department:
In this way, every time the IE browser starts up, hao235 will be automatically opened, which will earn me a penny, happy
After several days, I still haven't received a notification from hao235 asking me to claim the money. Has my shortcut been changed by someone else? I glanced at it, it hasn't been changed, it's still mine!
I couldn't figure out where the problem was, so I took a quick look at it again. This time I saw it clearly, and it was written in full:
| 1 |
|
My number actually changed! ! !
No wonder hao235 company didn't let me get the money, co-authored the money and let the boy 9527 get it!
It seems that I am not the only one with rogue software on this computer, I have encountered a competitor!
—————————————— ——————————————
I opened the second page of "IE Browser Homepage Hijacking Manual": Function HOOK Dafa.
The content of this page is rich. It lists the detailed process function calls of the IE browser from double-clicking the icon to finally opening the webpage. As long as I can go to a function in the middle and change the URL parameters, I can do it. People don't know it, wonderful!
I decided to sneak into IE and implement this plan!
It was getting dark, and I sneaked into IE company. The IE company is very large, and many thread employees are working in an orderly manner.
I slipped into the code area, chose the easiest function to start with, and prepared to install a HOOK and write it into my code. According to the manual, I have to write a JMP instruction. Just when I was about to start, I suddenly found that the objective function was different from what was described in the manual. There was already a JMP instruction here. Did someone get there first?
Following the JMP jump, I walked over. This is the space where a DLL is located. I checked the digital signature, and it turned out to be from 361 antivirus company! Could it be that the sanctimonious 361 antivirus company also does this kind of business? I couldn't believe my eyes.
I continued to open the manual, and looked at the functions in the next link. Even if 361 changed it here, I still have the opportunity to change it back to my URL in the later process.
I came to the network department of IE company. This is where the network request is to be initiated. After finding the target function, I am going to execute HOOK. Unexpectedly, the same plot was staged again, and this place was also targeted, and the digital signature was: QB Computer Butler. Another security software company, life is too sad these days, not only to avoid the pursuit of security software, but also to compete with security software for business, it is too difficult for me~~~
—————————————— ———————————————
I continued to open the third page of the "IE Browser Homepage Hijacking Manual": the method of sending messages in the address bar.
I haven't used this trick before, and I can basically get it done with the first two tricks. I took a closer look at the operating instructions:
Monitor the appearance of the browser address bar window, set the address bar URL as soon as possible, and send an Enter key message, simulating human beings to manually open the web page.
It turned out that this move was really damaging! When human beings are not paying attention, steal the day and change the day, no matter who is hooking in front of you, in the end I will be the final winner with a smile!
I implemented the plan according to the manual and this time I finally succeeded.
But the good times didn't last long. After a few days, I found that the income was cut off again. I hurried to check what went wrong. Could it be that this trick was also discovered?
I checked all the way, and finally found that the message of the Enter key failed to be sent! It turns out that 361 antivirus company has made a new protection: within a short time after the browser is started, the address bar refuses to accept messages!
—————————————— —————————————
Life is so hard!
I opened the fourth page of the "IE Browser Homepage Hijacking Manual": Kernel Network Packet Tampering Dafa.
This trick seems to be very complicated, and the manual is densely written on several pages. Pushed to the brink, I decided to take action, and to survive, no matter how difficult or dangerous it was, I had to overcome it.
Step 1: Obtain the driver loading permission through the system kernel vulnerability. There are quite a few system kernel vulnerabilities recorded in the manual, so I picked one at random and tried it out.
Sudden! ! !
I couldn't move my body, and the 361 antivirus company turned on a red light, and I was about to be wiped out.
Before he died, a man in sunglasses from 361 antivirus company came to me with a smile and said to me: Your manual is too old, and the loopholes in it have already been patched by us, just wait for you villains to throw themselves into the trap!
Goodbye, World!
To be continued...