如何制作一个在任何服务启动之前都可以启动的程序? [英] How to make a program that boots before any services start?
问题描述
大家好!!!!
我有一个问题需要回答:)...
如何使程序在任何服务启动之前启动?????
让我解释一下我的问题,例如,如果我要编写防病毒程序,而在尝试删除活动病毒时要编写此防病毒程序,则首先必须找到该病毒,然后必须停止该病毒在进程中的运行,在这种情况下,计算机必须重新启动,因此在系统启动时没有进程处于活动状态,然后我们可以轻松地将其从硬盘上删除.....当我提到系统在启动时计算机必须重新启动"时, s的意思是我必须先启动防病毒软件,然后才能启动任何进程或服务,以便可以从硬盘上删除该病毒....
当然,您会徘徊为什么启动系统,为什么只从进程列表中阻止该病毒?"这是一个很好的问题,但是某些病毒具有隐藏在系统和内存中的能力,因此无法删除它……
希望您能回答我的问题....... :)
感谢
Hi guys what''s up!!!
I have a quesion needs to be answered :)...
How to Make a program that boots before any services start????????
let me explain my quession, if I want to program an anti-virus for example and this anti-virus when try to delete an active virus, first the virus must located and then it''s must be stoped from its running in a process, in this case the computer must restart so no processes are active in when the system booting and then we can easly delete it from the hard disk..... when I mention "the computer must restart when the system booting" that''s mean I must make my anti-virus run before any processes or services get started so I can delete that virus from hard disk....
Ofcourse, you wander "why when system boot, why you just stop this virus from processes list?" it''s a good quession but some viruses have the ability to hide in the system and in the memory so can''t to delete it......
I hope you have answer to my quession....... :)
thanks
推荐答案
据我所知,此文件删除通常是使用Windows功能完成的,通常是 . 只需调用MoveFileEx,将文件标记为要在重新启动时删除,则将MOVEFILE_DELAY_UNTIL_REBOOT作为第三个参数.
这会将注册表项放置在注册表中,下次计算机启动时将对其进行处理.
有关更多信息,请参见此处:
http://stackoverflow.com/questions/7777874/how-to-cancel-deferred- movefileex-operation [ ^ ]
但是,这仍然不能解决在已经受到威胁的系统中查找和标识文件的问题.正如您提到的那样,因为某些病毒可以将自己隐藏在目录列表和ProcessList列表中.
As far as I know, this file deletion is typically done using a windows feature.
One simply marks a file for deletion at reboot by either calling MoveFileEx, with MOVEFILE_DELAY_UNTIL_REBOOT as the third param.
This places keys in the registry which are processed the next time the machine boots.
See here for more info:
http://stackoverflow.com/questions/7777874/how-to-cancel-deferred-movefileex-operation[^]
However, this still doesn''t solve the problem of locating and identifying files in an already compromised system. Since, as you mention - some virii are able to hide themselves from both Directory listings and ProcessList listings.
假设您正在询问Windows,我不相信您可以:该系统必须先完全启动,然后才能启动应用程序,并且完全启动需要启动并运行服务.我记得启动过程是
1.加载BIOS内核
2.执行硬件检查
3.启动硬件驱动程序
4.启动核心服务
5.在启动时启动所有用户的服务
5.等到用户登录
6.启动用户的启动服务
7.启动用户的启动应用程序
8.启动延迟启动服务
补充:我相信大多数防病毒软件在启动时都可以作为所有用户使用,并且具有很高的优先级,这意味着它是激活核心系统之外的第一批软件之一.病毒在此之前启动的可能性非常小:过去几年中,Microsoft对Windows所做的许多安全工作都涉及检查以确保驱动程序,核心服务和其他系统基础结构未被篡改. .如果基础结构组件之一确实被感染,则消除病毒本身可能为时已晚.您将需要擦除硬盘驱动器并从未感染的源重新安装操作系统.
当然,可能会有被篡改(木马而非实际病毒)的驱动程序;除了非常小心驱动程序的位置之外,没有其他事情可以做.
Assuming you are asking about Windows, I don''t believe you can: the system must completely boot before applications can be started, and a complete boot requires that services be up and running. As I remember, the launch process is
1. Load the BIOS kernel
2. Perform hardware checks
3. Launch the hardware drivers
4. Launch the core services
5. Launch the all-users at-startup services
5. Wait until the user logs in
6. Launch the user''s at-startup services
7. Launch the user''s at-startup applications
8. Launch the delayed-startup services
Added: I believe most anti-virus software operates as an all-users at-startup service with a very high priority, meaning that it is one of the very first pieces outside the core system to be activated. The likelihood that a virus would start before then is pretty small: a lot of the security work Microsoft has been doing to Windows in the last few years has involved checks to make sure that drivers, core services and other system infrastructure have not been tampered with. If one of the infrastructure components did get infected, it is probably too late to eliminate the virus itself; you would need to wipe the harddrive and reinstall the operating system from an uninfected source.
Of course it would be possible to have a driver that was tampered with (a trojan rather than an actual virus); there is not much that can be done about that other than being very careful about where you get your drivers.
我不认为可以.我认为这是错误的方法,尤其是在处理病毒时.而且,如果您要处理病毒,尤其是使用Root Kit,则您不应该再加载OS .相反,可以使用其他磁盘启动,大概是带有特殊系统节省工具的CD/DVD,或者卸下硬盘驱动器并将其连接到另一个运行正常的系统(确保启动的机会很少)驱动器,否则可能会感染另一个系统!)并在不启动操作系统的情况下处理磁盘.
始终将独立的扩展坞系统通过USB-2或USB-3和/或eSATA连接到PC,可以在其中插入驱动器,这非常好.这样的系统价格便宜,可用于许多其他工作(例如在其他情况下进行备份以及数据的传输或还原),并且确实可以使您免于遭受真正的灾难.
如果您使用第二种方法,我建议您不要治愈该病毒.相反,只需保存您的数据,然后重新安装操作系统.
—SA
I don''t think you can. I think this is wrong approach, especially if you are dealing with the virus. And if you are dealing virus, especially with a root kit, you should not load OS anymore. Instead, either boot with other disk, presumably a CD/DVD with special system-saving tools on it, or remove the hard drive and connect it to another, healthy system (make sure you don''t have even a tiny chance to boot you drive, otherwise you can infect one more system!) and deal with you disk without booting OS on it.
It''s very good to always have a stand-along docking system connected to a PC via USB-2 or USB-3 and/or eSATA, where you can plug your drives. Such systems are inexpensive, good for many other works (like backups and transferring or restoration of data in other cases) and can really save you from a real disaster.
If you use a second way, I would advice not to cure the virus. Instead, just save your data and then reinstall the OS.
—SA
这篇关于如何制作一个在任何服务启动之前都可以启动的程序?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
