Ó²ÅÌÊý¾Ý»Ö¸´µ¼º½
RAIDÊý¾Ý»Ö¸´µ¼º½
 | ÍøÕ¾Ê×Ò³ | Êý¾Ý»Ö¸´×ÊÁÏ | Êý¾Ý»Ö¸´Èí¼þ | ×ÉѯÁôÑÔ | Êý¾Ý»Ö¸´²©¿Í | Êý¾Ý»Ö¸´ÂÛ̳ | 
Êý¾Ý»Ö¸´Èí¼þÏÂÔØ
¹«Ë¾¼ò½é Êý¾Ý»Ö¸´³É¹¦°¸Àý Êý¾Ý»Ö¸´±¨¼Û Êý¾Ý»Ö¸´Åàѵ Êý¾Ý»Ö¸´¼¼ÊõÎÄÕ Êý¾Ý»Ö¸´¿Í·þÖÐÐÄ Êý¾Ý»Ö¸´·þÎñÁªÏµ·½Ê½
ÄúÏÖÔÚµÄλÖ㺠±±ÑÇÊý¾Ý»Ö¸´¼¼ÊõÕ¾ >> Êý¾Ý»Ö¸´×ÊÁÏ >> Ïà¹Ø±à³Ì×ÊÁÏ >> ÎÄÕÂÕýÎÄ
´´½¨SvcHost.exeµ÷ÓõķþÎñÔ­ÀíÓëʵ¼ù¶þ            ¡¾×ÖÌ壺С ´ó¡¿
´´½¨SvcHost.exeµ÷ÓõķþÎñÔ­ÀíÓëʵ¼ù¶þ
×÷Õߣºa    ÎÄÕÂÀ´Ô´£ºÍøÂç    µã»÷Êý£º    ¸üÐÂʱ¼ä£º2009-5-4
; ============================== FuncServiceMain() ===========================================
.text:01001504 FuncServiceMain proc near               ; DATA XREF: PrepareSvcTable+44o
.text:01001504
.text:01001504 arg_0           = dword ptr  8
.text:01001504 arg_4           = dword ptr  0Ch
.text:01001504
.text:01001504                 push    ecx
.text:01001505                 mov     eax, [esp+arg_4]
.text:01001509                 push    ebx
.text:0100150A                 push    ebp
.text:0100150B                 push    esi
.text:0100150C                 mov     ebx, offset unk_1003000
.text:01001511                 push    edi
.text:01001512                 mov     edi, [eax]
.text:01001514                 push    ebx
.text:01001515                 xor     ebp, ebp
.text:01001517                 call    ds:EnterCriticalSection
.text:0100151D                 xor     esi, esi
.text:0100151F                 cmp     dwGroupSize, esi
.text:01001525                 jbe     short loc_1001566
.text:01001527                 and     [esp+10h], esi
.text:0100152B
.text:0100152B loc_100152B:                            ; CODE XREF: FuncServiceMain+4Aj
.text:0100152B                 mov     eax, svcTable
.text:01001530                 mov     ecx, [esp+10h]
.text:01001534                 push    dword ptr [eax+ecx]
.text:01001537                 push    edi
.text:01001538                 call    ds:lstrcmpiW
.text:0100153E                 test    eax, eax
.text:01001540                 jz      short StartThis
.text:01001542                 add     dword ptr [esp+10h], 0Ch
.text:01001547                 inc     esi
.text:01001548                 cmp     esi, dwGroupSize
.text:0100154E                 jb      short loc_100152B
.text:01001550                 jmp     short loc_1001566
.text:01001552 ; =================================================
.text:01001552
.text:01001552 StartThis:                              ; CODE XREF: FuncServiceMain+3Cj
.text:01001552                 mov     ecx, svcTable
.text:01001558                 lea     eax, [esi+esi*2]
.text:0100155B                 lea     eax, [ecx+eax*4]
.text:0100155E                 push    eax
.text:0100155F                 call    GetDLLServiceMain
.text:01001564                 mov     ebp, eax        ; dll ServiceMain Function address
.text:01001566
.text:01001566 loc_1001566:                            ; CODE XREF: FuncServiceMain+21j
.text:01001566                                         ; FuncServiceMain+4Cj
.text:01001566                 push    ebx
.text:01001567                 call    ds:LeaveCriticalSection
.text:0100156D                 test    ebp, ebp
.text:0100156F                 jz      short loc_100157B
.text:01001571                 push    [esp+10h+arg_4]
.text:01001575                 push    [esp+14h+arg_0]
.text:01001579                 call    ebp
.text:0100157B
.text:0100157B loc_100157B:                            ; CODE XREF: FuncServiceMain+6Bj
.text:0100157B                 pop     edi
.text:0100157C                 pop     esi
.text:0100157D                 pop     ebp
.text:0100157E                 pop     ebx
.text:0100157F                 pop     ecx
.text:01001580                 retn    8
.text:01001580 FuncServiceMain endp ; sp = -8
; ============================== FuncServiceMain() end ========================================


ÓÉÓÚsvchostÒѾ­µ÷ÓÃÁËStartServiceCtrlDispatcherÀ´·þÎñµ÷¶Èº¯Êý£¬Òò´ËÎÒÃÇÔÚʵÏÖDLLʵÏÖʱ¾Í²»ÓÃÁË£¬ÕâÖ÷ÒªÊÇÒòΪһ¸ö½ø³ÌÖ»Äܵ÷ÓÃÒ»´ÎStartServiceCtrlDispatcher API¡£µ«ÊÇÐèÒªÓà RegisterServiceCtrlHandler À´×¢²áÏìÓ¦¿ØÖÆÇëÇóµÄº¯Êý¡£×îºóÎÒÃǵÄDLL½ÓÊյĶ¼ÊÇunicode×Ö·û´®¡£

ÓÉÓÚÕâÖÖ·þÎñÆô¶¯ºóÓÉsvchost¼ÓÔØ£¬²»Ôö¼ÓеĽø³Ì£¬Ö»ÊÇsvchostµÄÒ»¸öDLL£¬¶øÇÒÒ»°ã½øÐÐÉó¼Æʱ¶¼²»»áÈ¥HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost ¼ì²é·þÎñ×éÊÇ·ñ±ä»¯£¬¾ÍËãÈ¥¼ì²é£¬Ò²²»Ò»¶¨ÄÜ·¢ÏÖÒì³££¬Òò´ËÈç¹ûÌí¼ÓÒ»¸öÕâÑùµÄDLLºóÃÅ£¬Î±×°µÄºÃ£¬ÊDZȽÏÒþ±ÎµÄ¡£


4. °²×°·þÎñÓëÉèÖÃ
Ҫͨ¹ýsvchostµ÷ÓÃÀ´Æô¶¯µÄ·þÎñ£¬¾ÍÒ»¶¨ÒªÔÚHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvchostÏÂÓи÷þÎñÃû£¬Õâ¿ÉÒÔͨ¹ýÈçÏ·½Ê½À´ÊµÏÖ£º
1£© Ìí¼ÓÒ»¸öеķþÎñ×飬ÔÚ×éÀïÌí¼Ó·þÎñÃû
2£© ÔÚÏÖÓÐ×éÀïÌí¼Ó·þÎñÃû
3£© Ö±½ÓʹÓÃÏÖÓзþÎñ×éÀïµÄÒ»¸ö·þÎñÃû£¬µ«±¾»úûÓа²×°µÄ·þÎñ
4£© ÐÞ¸ÄÏÖÓзþÎñ×éÀïµÄÏÖÓзþÎñ£¬°ÑËüµÄServiceDllÖ¸Ïò×Ô¼º

ÆäÖÐÇ°Á½ÖÖ¿ÉÒÔ±»Õý³£·þÎñʹÓã¬ÈçʹÓõÚ1ÖÖ·½Ê½£¬Æô¶¯Æä·þÎñÒª´´½¨ÐµÄsvchost½ø³Ì£»µÚ2ÖÖ·½Ê½Èç¹û¸Ã×é·þÎñÒѾ­ÔËÐУ¬°²×°ºó²»ÄÜÁ¢¿ÌÆô¶¯·þÎñ£¬ÒòΪsvchostÆô¶¯ºóÒѾ­°Ñ¸Ã×éÐÅÏ¢±£´æÔÚÄÚ´æÀ²¢µ÷ÓÃAPI StartServiceCtrlDispatcher() Ϊ¸Ã×éËùÓзþÎñ×¢²áÁ˵÷¶È´¦Àíº¯Êý£¬ÐÂÔö¼ÓµÄ·þÎñ²»ÄÜÔÙ×¢²áµ÷¶È´¦Àíº¯Êý£¬ÐèÒªÖØÆð¼ÆËã»ú»òÕ߸Ã×éµÄsvchost½ø³Ì¡£¶øºóÁ½ÖÖ¿ÉÄܱ»ºóÃÅʹÓã¬ÓÈÆäÊÇ×îºóÒ»ÖÖ£¬Ã»ÓÐÌí¼Ó·þÎñ£¬Ö»ÊǸÄÁË×¢²á±íÀïÒ»ÏîÉèÖ㬴ӷþÎñ¹ÜÀí¿ØÖÆ̨ÓÖ¿´²»³öÀ´£¬Èç¹û×÷ΪºóÃÅ»¹ÊǺÜÒþ±ÎµÄ¡£
ÎÄÕ¼È룺a    ÔðÈα༭£ºa 
  • ÉÏһƪÎÄÕ£º

  • ÏÂһƪÎÄÕ£º ûÓÐÁË
    		•
    ¡¾·¢±íÆÀÂÛ¡¿¡¾¼ÓÈëÊղء¿¡¾¸æËߺÃÓÑ¡¿¡¾´òÓ¡´ËÎÄ¡¿¡¾¹Ø±Õ´°¿Ú¡¿
    ÍøÓÑÆÀÂÛ£º£¨Ö»ÏÔʾ×îÐÂ10Ìõ¡£ÆÀÂÛÄÚÈÝÖ»´ú±íÍøÓѹ۵㣬Óë±¾Õ¾Á¢³¡Î޹أ¡£©
    ¹ØÓÚÎÒÃÇ | RAIDÊý¾Ý»Ö¸´ | ÓÑÇéÁ´½Ó | RSSÉú³É | XMLÉú³É | ÎÄÕÂHTMLµØͼ | ÏÂÔØHTMLµØͼ

    °æȨËùÓÐ ±±ÑÇÊý¾Ý»Ö¸´ÖÐÐÄ
    È«¹úͳһ¿Í·þµç»°:4006-505-808
    ±±¾©Êк£µíÇøÓÀ·á»ùµØ·á»ÛÖз7ºÅвÄÁÏ´´Òµ´óÏÃB×ù205ÊÒ
    ¾©ICP±¸05011939
    ÂÀ£¨/