[译]后孔XP
By robot-v1.0
本文链接 https://www.kyfws.com/applications/back-orifice-xp-zh/
版权声明 本博客所有文章除特别声明外,均采用 BY-NC-SA 许可协议。转载请注明出处!
- 10 分钟阅读 - 5002 个词 阅读量 0[译]后孔XP
原文地址:https://www.codeproject.com/Articles/12847/Back-Orifice-XP
原文作者:Javier Aroche
译文由本站 robot-v1.0 翻译
前言
Back Orifice XP (BOXP) is a network administration tool based on BO2K
Back Orifice XP(BOXP)是基于BO2K的网络管理工具
介绍(Introduction)
Back Orifice XP(BOXP)是可用于Microsoft Win32环境的网络管理工具.(Back Orifice XP (BOXP) is a network administration tool available for the Microsoft Win32 environment.)
基于Back Orifice和Back Orifice 2000的成功,Back Orifice XP使网络管理员可以控制系统,网络,注册表,密码,文件系统和进程.除了BOXP较小,更快,免费而且非常非常可扩展之外,这是因为它基于插件体系结构,可确保在不释放所有新二进制文件的情况下添加新功能.(Built upon the success of Back Orifice and Back Orifice 2000, Back Orifice XP puts network administrators in control of the system, network, registry, passwords, file system, and processes. Except that BOXP is smaller, faster, free, and very, very extensible, because is based on plug-ins architecture that ensures new features can be added without releasing all new binaries.)
我(哈维尔`阿罗什)说:(I (Javier Aroche) say: “)我的想法是重组BO2K的代码(称为BOXP),解决许多影响它的问题并添加新功能.目前,BO2K可以工作^但还不能完全完成,有必要进行深层更改以支持TRUE插件接口,这样它们才能与系统一起正常工作,并且在它们之间正确运行,这在BO2K中是不可能的.因此,有必要重新编写当前源代码以创建一个新的接口,该接口允许插件使用框架的所有内部功能以及其他插件的功能(It is my idea to restructure the code of BO2K, called BOXP, fix many problems that affect it and add new features. At this moment BO2K works… but not completely, it is necessary to make deep changes to support a TRUE Plugin Interface, so that these work with the system and between them correctly, something that in BO2K it is not possible nowadays. And so arises the need to re-write the current sources to create a new interface that allows the plugins to use all the internal functions of the framework and functions from other plugins)”.(".)
BO2K存在许多概念问题,错误和局限性,但主要问题是有限的插件链接(PL). BO2K 1.1 PL只是BO2K 1.0 PL的扩展,增加了更多成员并完成了工作.但是这些补充并不能解决概念问题^只是给我们一个错误的希望.(BO2K has many concept problems, bugs and limitations, but the major problem is the limited Plugin Linkage (PL). The BO2K 1.1 PL is just is an extension of the BO2K 1.0 PL, has added more members and done; but those additions don’t resolve the concept problems… just give us a false hope.)
因此,我准备对bo2k及其插件链接的结构进行全面的重新设计.我们需要重新编码,因为:(Therefore I have prepared a full redesign of the structure of bo2k and his Plugin Linkage. We need to recode because:)
- BO2K无法处理高级技术(例如(BO2K can’t handle advanced techniques (like)
RemoteThread
,进程注入,内存映像压缩/加密,“热插拔"功能更新,…).(, Process Injection, Memory Image Compression/Encryption, “Hot plug” function updates,…).) - PL太有限.(The PL is too Limited.)
- 使用运行线程的插件时出现问题.(Problems working with plugins that runs threads.)
- BO2K在运行时无法更新(或者,如果我们更新所有函数调用或使用其他技术将函数重定向到我们的新函数).(BO2K can’t be updated when it is running (well maybe if we update all function calls or redirect the function with other technique to our new function).)
- BO2K不支持多语言.需要重新编译以更改字符串.(BO2K don’t supports multi-languages. It needs to be recompiled to change the strings.)
- 灵活性确实受到限制,并非在不触摸内存映像的情况下,并非所有BO2K功能/对象都可以更新.(The flexibility really is limited, not all BO2K functions/objects could be updated, without touching the Memory Image.)
- 插件无法访问所有功能.(Plugins don’t have access to all functions.)
- BO2K不知道插件是否正在运行线程.(BO2K does not knows if a plugin is running a thread.)
- 客户端和配置工具基于MFC,几乎无法通过插件来进行GUI扩展.(The Client and the Config Tool are based in MFC, that does the GUI extensions almost impossible via plugins.)
- 内部插件之间的通信几乎是不可能的!(Inter plugin communications is (almost?) impossible!!)
框架(The FrameWork)
这是主要概念,是服务器,客户端和配置工具的代码库.这三个应用程序将共享同一框架,从而为这三个应用程序提供标准的初始化和对象加载.当框架已经启动时,它将控件传递给应用程序,以便它开始并加载其自己的对象并开始其实际执行.(This is the primary concept, the code base of the server, client and config tool. The three applications will share the same Framework, giving a standard initialization and load of objects for the three applications. When the Framework is already initiated, it passes the control to the application so it begins and loads its own objects and begins its real execution.)
正如我已经提到的,该框架的目的是提供一个通用的基础,以方便插件访问应用程序的界面.每个应用程序所做的是扩展框架,为此添加了更多功能和对象.必须注意的是,如果不能单独执行Framework,则应用程序需要维护执行以及与用户的交互.(As I already mentioned, the objective of the Framework is to provide a common base, facilitating to the plugins the access to the interface of the application. What each application does is extend the Framework adding more functions and objects to this. It must be noticed that the Framework for if alone could not be executed, the application needs to maintain the execution and the interaction with the user.)
框架应包含实用程序功能,访问控制,日志,全局变量和功能.应用程序应包含用户界面,并使用框架执行常见任务(例如处理插件).(The Framework should contain utility functions, control of accesses, logs, global variables and functions. The application should contain user’s interface, using the Framework for the common tasks (like handling plugins).)
插件链接(The Plugin Linkage)
新插件链接将集成到:(The New Plugin linkage will be integrated for:)
[where '+'=good point and '-'=bad point]
API(指向API的指针)(API (pointers to API))
- +可以绕过/更改它们,只需更改指针地址并完成(+ Can bypass/change them, just change the pointer address and done)
- +通用访问方式(+ Common access way)
-
- EXE文件中没有明显存在的API(+ No API clearly present in the EXE file)
- +较小的插件大小,不需要PE标头中的"导入表”(+ Less plugin size, don’t need the ‘Import Table’ in the PE header)
- +更快的插件加载,无需查找API地址(+ Faster plugin load, don’t need to find the API addresses)
- +/-在FrameWork启动时需要加载(需要将API名称存储在字符串中).(+/- Needs to be loaded when the FrameWork startup (need to store the API name in strings).)
- -必须小心处理,NULL/Zero值会使执行崩溃.(- Must be handled with care, a NULL/Zero value crashes the execution.)
函数(函数指针)(Functions (pointers to functions))
- +可以绕过/更改它们,只需更改指针地址即可.(+ Can bypass/change them, just change the pointer address and done.)
- +通用访问方式. -当FrameWork启动时,需要一对一地添加.(+ Common access way. - need to add one for one when the FrameWork starts up.)
- -必须小心处理,NULL/Zero值会使执行崩溃.(- Must be handled with care, a NULL/Zero value crashes the execution.)
全局变量(指针和静态变量)(Global Variables (pointers and statics))
字符串和二进制数据(Strings and Binary data)
- +可以绕过/更改它们,只需更改指针地址即可.(+ Can bypass/change them, just change the pointer address and done.)
- +/-必须结构化.(+/- Must be structured.)
- -必须小心处理,NULL/Zero值会使执行崩溃.(- Must be handled with care, a NULL/Zero value crashes the execution.)
应用程序上下文(函数,变量,字符串等)(Application Context (functions, vars, strings, …))
- +通用访问方式.(+ Common access way.)
- +插件知道我们正在运行,而无需进行复杂的测试.(+ Plugins know we are running without complex test.)
- -必须谨慎处理,NULL/Zero值会使执行崩溃.(- Must be handled with careful, a NULL/Zero value crashes the execution.) 通过这种结构,插件可以轻松访问有问题的全局对象.所有数据都是共享的.(With this structure, the plugins can access global objects easily, with problems. All data is shared.)
框架功能(FrameWork Features)
字串
- 允许替换它们(用于多语言支持). +允许压缩/加密它们. * [配置] +添加,将其删除.(Allow to replace them (for multilanguage support). + Allow to compress/encrypt them. * [Configuration] + Add, remove them.)
- 从中保存/加载配置(Save/load configuration from)**.ini(.ini)**文件.(file.)
- 允许全局访问所有变量(因此我们可以检查其他插件的配置).(Allow global access of all variables (so we could check the config of other plugin).)
- 允许更改值将新值存储在(Allow change values storing the new values in a)**.ini(.ini)**文件.(file.)
主题
- 保留在FrameWork中运行的线程列表.(Keep a list of threads running in the FrameWork.)
- 开始,停止,暂停,继续.(Start, Stop, Suspend, resume them.)
- 当关闭开始时,必须停止所有线程以避免崩溃框架.(When the shutdown starts, must stop all threads to avoid crash the Framework.)
- 创建线程时可以传递自定义数据.(Custom data could be passed when the thread is created.)
- 控制执行变量包含在线程信息结构中.因此,我们可以轻松地停止线程.(Control execution variable included in Thread info structure. Therefore we could stop threads in an easy way.)
- 通过ID字符串查找线程.(Find threads by ID String.)
插件
- 加载/卸载它们.(Load/Unload them.)
- 在启动时允许运行一个主线程.(Allow to run one main thread at startup.)
- 共享自定义数据,可用于将指针传递给上下文结构.(Share custom data, could be used to pass a pointer to a context structure.)
- 允许替换字符串(用于多语言支持).(Allow replace strings (for multi-language support).)
- 保留要在启动时加载的插件列表(仅当(Keep a list of plugins to load at startup (only if)**.ini(.ini)**支持已启用),因此在重新启动时会加载已添加的插件.(support is enabled) so when restarts loads the plugins added.)
- 更改配置,而无需编辑磁盘映像(仅当(Change configuration, without editing the disk image (only if)**.ini(.ini)**支持已启用).(support is enabled).)
- 任何类型的文件都可以附加到服务器.(Any kind of file could be attached to the server.)
- 允许自插件删除.(Allow self plugin remove.)
- 按ID字符串查找插件.(Find Plugins by ID String.)
- 附件是校验和.(Attachments are checksummed.)
功能
- 处理额外功能表.(Handle a table of extra functions.)
- 添加/删除额外的功能.(Add/remove extra functions.)
- 通过ID字符串查找函数.(Find functions by ID String.)
[加密模块]([Encryption modules])
- 添加/删除引擎.(Add/remove engines.)
[输入/输出模块]([Input/Output modules])
- 添加/删除引擎.(Add/remove engines.)
[认证模块]([Authentication modules])
- 添加/删除引擎.(Add/remove engines.)
- 更好地支持多用户体系结构.(Better support of multi users architecture.)
- 如果"连接"或"监听"操作失败,则返回错误代码.(If Connect or Listen operations fail, returns error code.)
记录中
- 调用重要函数会生成日志((Calls to important functions generates logs ()
AddPlugin
,(,)RemovePlugin
,(,)AddThread
,…)(,…)) - 插件可以生成日志.(Plugins can generate logs.)
- 将日志字符串写入文件或在Debugger Output中.(Write log strings to a file or in Debugger Output.)
- 输出文件可配置.(Output file configurable.)
其他
- 包括基本的Windows Viewer.(Basic Windows Viewer included.)
- 包括Basic Process Viewer(用于NT和9x). +基本的C ++实用程序功能. +包含DLL Image Loader.(Basic Process Viewer included (for NT and 9x). + Basic C++ utility functions included. + DLL Image Loader included.)
- 包括LZH压缩.(LZH Compression included.)
- 如果重要功能失败,它将生成错误代码.(Important functions generate error codes if it fails.)
服务器新功能(Server New Features)
- 注册命令时允许传递自定义数据.稍后,当调用该命令时,它可以访问自定义数据.(Allow to pass custom data when registering a command. Later, when the command is called, it could access the custom data.)
- 直接调用服务器命令,不需要创建套接字并连接到服务器中的另一个套接字即可执行它们.(Direct call of Server Commands, don’t need to create a socket and connect to another socket in the server to execute them.)
- 管理多种语言.(Manage multiple languages.)
- 更好地控制侦听套接字和连接套接字.使用互斥.(Better control of Listening Sockets and Connection Sockets. Uses mutex.)
- 自定义发布命令回复功能.(Custom Issue command reply function.)
- 命令答复可以存储在缓冲区中,而不是发送给套接字.(Command replies could be stored in a buffer, instead send them to the socket.)
- 配置存储在(Configuration stored in)**.ini(.ini)**文件;但可以被禁用.(file; but could be disabled.)
配置工具的新功能(Configuration Tool New Features)
- 必须支持插件.(Must support plugins.)
- 注册插件命令.(Register Plugins Commands.)
- 并非基于MFC,因此扩展很容易实现.(Not based in MFC, doing the extensions are easy to implement.)
- 管理多种语言.(Manage multiple languages.)
- 首选项对话框.(Preferences dialog box.)
- GUI更改:使用工具栏,平面按钮(GUI changes: Use Toolbar, flat buttons)
- 允许将服务器配置导出到文件.(Allow exporting the server configuration to file.)
- 配置存储在(Configuration stored in)**.ini(.ini)**文件.(file.)
客户端新功能(Client New Features)
- 不是基于MFC,而是易于实现扩展.(Not based in MFC, doing the extensions easy to implement.)
- 管理多种语言.(Manage multiple languages.)
- 首选项对话框.(Preferences dialog box.)
- 工作区是校验和.避免加载损坏的数据.(Workspaces are checksummed. Avoid load corrupted data.)
- 对话框,字体,背景色可自定义.(Dialog, font, background colors are customizable.)
- 添加了平面按钮.(Flat buttons added.)
- 客户端配置存储在(Client configuration stored in)**.ini(.ini)**文件.可以运行具有不同配置的多个客户端,而不会出现问题.(file. Could run multiple clients with different configuration without issues.)
- 更好的性能.可能会收到很多服务器回复并全部处理!(Better performance. Could receive a lot of server replies and process them all!.)
出(Out)
这只是boxp当前特征(或计划中的特征)的一个示例,它并没有寻求成为特征的完整列表,它们只是那些对boxp比较有用的特征.(This is only a sample of the current characteristics (or that are planned) of boxp, it doesn’t seek to be a complete listing of characteristics, they are only those that are good for the boxp comparison.)
Back Orifice XP官方网站是:(The official Back Orifice XP web site is:) http://boxp.sourceforge.net/(http://boxp.sourceforge.net/) .请查看更多详细信息,最新版本和支持.(. Check it out for further details, last versions and support.)
哈维尔`阿罗什(Javier Aroche)(Javier Aroche)(j_aroche AT用户DOT sourceforge DOT网)((j_aroche AT users DOT sourceforge DOT net)) BOXP项目管理员(BOXP Project Admin) http://boxp.sourceforge.net/(http://boxp.sourceforge.net/)
许可
本文以及所有相关的源代码和文件均已获得The Code Project Open License (CPOL)的许可。
C++ C VC6 WinXP Win2003 Windows Win2K Dev 新闻 翻译