“木马”检测软件

Trojan Horse Checking Software

本文重点介绍运用Socket端口扫描技术,判断端口是否打开;接着关联端口和进程名,找到打开端口的进程名,并依据木马的一些基本特征检测出系统中的木马。而系统中的端口数量巨大,为了提高扫描速度节约时间,采用VC++的多线程,把多线程和端口扫描融合在一起,进行多线程端口扫描。实验表明,本系统在扫描速度方面有较优越的性能。

This paper emphatically introduces the application of socket port scanning technology to detect which port has been opened, sequenciauy detect connect ports between process names, to find out the name of the process that has opened the port, and detect the Trojan horse with the fundamental characteristics in the system. Because there are many ports, we use threads in Visual C++ to speed up the of scanning and save the time. The experiment result shows that the system performs well in improving the scanning speed.