Unlock instant, AI-driven research and patent intelligence for your innovation.
Method and device for realizing host remote control based on PE file structure
What is Al technical title?
Al technical title is built by PatSnap Al team. It summarizes the technical point description of the patent document.
A technology of remote control device and file structure, applied in computer security devices, electrical components, instruments, etc., can solve the problems of remote control failure, no introduction of methods, loss of host authority, etc., so as to avoid being detected and killed and reduce the loss of host computers. The effect of permissions
Pending Publication Date: 2021-09-24
SHANGHAI GUAN AN INFORMATION TECH
View PDF6 Cites 0 Cited by
Summary
Abstract
Description
Claims
Application Information
AI Technical Summary
This helps you quickly interpret patents by identifying the three key elements:
Problems solved by technology
Method used
Benefits of technology
Problems solved by technology
However, this method has gradually become familiar to the blue team. Through multiple defense methods such as firewalls and edr devices, powershell scripts and loaders can be effectively checked and killed. The situation where the control fails and the host authority is lost
[0005] "Windows System Security Attack and Defense Technology" released by Baidu Library on March 5, 2019 introduces the basic structure of the Windows operating system, the core structure and components of the Windows system, Windows process and thread management, Windows memory management, Windows file system, PE files format, Windows registry, Windows security, etc., but there is no introduction to the method of remote control host related to Windows system security attack and defense technology
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more
Image
Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
Click on the blue label to locate the original text in one second.
Reading with bidirectional positioning of images and text.
Smart Image
Examples
Experimental program
Comparison scheme
Effect test
Embodiment 1
[0039] Such as figure 1 As shown, a method for realizing remote control of a host based on a PE file structure, the method includes:
[0040] S1: Obtain the PE file of the Windows operating system, and determine the target PE file according to the preset condition; the preset condition is the running frequency of the PE file; the step of determining the target PE file according to the preset condition includes: when the PE file When the running frequency is greater than the preset threshold, the PE file is determined as the target PE file.
[0041] S2: Find the blank area of the target PE file, and inject shellcode into the found blank area; the specific process is:
[0042] step by step through the PE structure pointer to find the location of the section table of the target PE file;
[0043] Align all the sections of the target PE file, and after the alignment, the part other than the actual data location of each section is used as the blank area;
[0044] Determine the ...
Embodiment 2
[0076] Based on Embodiment 1 of the present invention, Embodiment 2 of the present invention also provides a device for realizing remote control of a host based on a PE file structure, and the device includes:
[0077] The target PE file obtaining module is used to obtain the PE file of the Windows operating system, and determines the target PE file according to preset conditions;
[0078] The shellcode injection module is used to find the blank space of the target PE file, and inject shellcode into the blank space found;
[0079] The entry point acquisition module of the target PE file is used to use the starting address of the shellcode as the entry point of the target PE file;
[0080] The jump module is used to jump to the original entry point of the PE file after the shellcode is executed.
[0081]Further, the Shellcode injection module is also used for:
[0082] step by step through the PE structure pointer to find the location of the section table of the target PE fil...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More
PUM
Login to View More
Abstract
The invention discloses a method and device for realizing host remote control based on a PE file structure. The method comprises the steps of: obtaining a PE file of a Windows operation system, and determining a target PE file according to a preset condition; searching a blank area of the target PE file, and injecting a shellcode into the searched blank area; taking an initial address of the shellcode as an entry point of the target PE file; and after executing the shellcode, skipping to an original entry point of the PE file. With the mode of remotely controlling the host in a stealthy manneris adopted, a client is prevented from being searched and killed, and the situation that the permission of the host is lost due to remote control failure is reduced.
Description
technical field [0001] The invention relates to the field of host remote control, and more particularly relates to a method and device for realizing host remote control based on a PE file structure. Background technique [0002] In 2016, the "Network Security Law" was promulgated, and relevant regulations on network security drills were introduced: operators of critical information infrastructure should "develop contingency plans for network security incidents and conduct regular drills." As a key task at the national level to promote the smooth construction of important information systems in various industries, strengthen the network security protection of key information infrastructure, and improve the level of emergency response, network security combat-oriented offensive and defensive drills promote the improvement of network security protection capabilities through actual combat and confrontation. is of great significance. [0003] With the development of large-scale ...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More
Application Information
Patent Timeline
Application Date:The date an application was filed.
Publication Date:The date a patent or application was officially published.
First Publication Date:The earliest publication date of a patent with the same application number.
Issue Date:Publication date of the patent grant document.
PCT Entry Date:The Entry date of PCT National Phase.
Estimated Expiry Date:The statutory expiry date of a patent right according to the Patent Law, and it is the longest term of protection that the patent right can achieve without the termination of the patent right due to other reasons(Term extension factor has been taken into account ).
Invalid Date:Actual expiry date is based on effective date or publication date of legal transaction data of invalid patent.
Login to View More 
Login to View More