检查是否注入了过程 [英] Check if process is injected

问题描述

有没有办法检查是否注入了进程？例如：explorer.exe / notepad.exe / hl2.exe / etc？



在VB.Net / C＃/ C ++中。



提前谢谢。

Is there any way to check if a process is injected? for example : explorer.exe / notepad.exe / hl2.exe / etc ?

In VB.Net / C# / C++ .

Thanks in advance.

推荐答案

参考这篇文章http://cboard.cprogramming.com/windows-programming/110979-find-injected-dlls-process-2.html [<一个href =http://cboard.cprogramming.com/windows-programming/110979-find-injected-dlls-process-2.html\"target =_ blanktitle =New Window> ^ ]

我想你是在问，天气过程是否感染了病毒（或者想看病毒签名）。

您需要使用以下步骤，



1.首先运行任何您确定不会被感染的过程，从其他机器复制

2.在某些编辑器中打开复制其二进制内容，说记事本

3.运行exe

4。再次看到exe的内容，如果你发现它的内容与原始内容不同，那么它可能会受到病毒的影响，因为病毒会附带你的exe

5.病毒附加到开始或结束程序

6.查看更改的字节（现在您可以通过在二进制内容的结尾或开头看到新字节来找到病毒的签名）

7.查找相同的您想要检查天气是否被感染的exe内容，如果存在，那么您的过程会被感染，否则不会

I think you are asking about, weather process is infected with virus (or wanting to see virus signature).
You need to use following steps for that,

1. First of all run any process, which you are sure not infected, may be copy from some other machine
2. Copy its binary content by opening in some editor, say notepad
3. Run exe
4. Again see content of exe, if you find its content are different than original one, then it could be affected by virus, because virus is attached with your exe
5. Virus attach either to starting or end of the program
6. See byte those are changed (now you can find signature of virus by seeing new bytes either at end or beginning of binary content)
7. Find same content in your exe for which you want to check weather it is infected or not, if exists then your process is infected otherwise not

这篇关于检查是否注入了过程的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！