˵ľû˲֪,ظλĻҸﶼҲ,ҵСĽѵ⼦,޶,
ôҲòҸ,ҪҪFTP.ѧ,Ȼ˵ĲԼдһ,Լд
Ӧò˰,ǾͿʼǵľ֮ð.
1.ͨż
    еҪ漰socketı,Ȼsocketʲô?
    socketUnixϵͳ,һʼҪڱؽͨ,ܿõC/S(client/server)ϵ̨֮
    ͨ.˵,socketһ(е㲻̫ǡ),̨,ȻڹӵһͷŶ,һͷͿ
    Щ.ӵȻǻҪвӵĹ,Щ߾socket.socket:
    int socket(int family, int type, int protocol);
    int closesocket(int socket);
    int bind(int s, const struct sockaddr * name, int namelen);
    int listen(int s, int backlog);
    int accept(int s, struct sockaddr *addr, int *addrlen);
    int connect(int s, struct sockaddr *name, int namelen);
    int send(int s, const char *buf, int len, int flags);
    int sendto(int s, const char *buf, int len, int flags, const struct sockaddr *to, int tolen);/* UDP */
    int recv(int s, char *buf, int len, int flasg);
    int recvfrom(int s, char *buf, int len, int flags, struct sockaddr *from, int *fromlen);/* UDP */
    Щ,ǲǺѽ,ԭôľôдɵѽ,ٺ
    ҾһӸҽһ⼸÷,ľӦǱȽϵ͵C/Sϵ,潫,
    һserver,һclient
	server˵(Ϊʹõsocket):
	socket(socket)->
	ɵsocket뱾صIPַָ˿ڰ(bind)->
	ڴsocketϼ(listen)->
	Կͻ˵(accept : accept᷵һµsocket,ԺͨŶڴsocketϽ)->
	ʼacceptɵsocketϽͨ(send, sendto, recv, recvfrom)->
	ͨϹر(closesocket : acceptɵsocketԭʼļsocketҪر)
	client˵:
	socket(socket)->
	ָķ(connect : ָIPַͶ˿)->
	ʼͨ(send, sendto, recv, recvfrom)->
	ͨŽر(closesocket)
	ȻֻһЩ,дֻЩûѧϰ̵,ʵܼ򵥵.
	(ʱ䲻ҪŸ˻,úѧϰ,ٺ)

	ϵĻ,Ѿд򵥵ľ,ֻҪǰִеȻ
	ִоͿ,ôӾͿԼ.

2.
	ǵľͨ,ܲܺԼȥִа(ôɵѽ,Ҳһ)
	2.1 ӵʼ˵.
	2.2 ӵƻﲢÿʱִ.
	2.3 ӵע,Ϊ漰ļֵ.
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices 
		HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
		HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\currentversion\runonce
		HKEY_CURRENT_USER\SOFTWARE\Microsoft\windowsnt\currentversion\windows 
			һַΪloadֵΪ·Ҫעļ 
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\windowsNT\CurrentVersion\Winlogon
	2.4 дWindowsķ,ΪԶ.(ṩʾ)
	2.5 滻windowsʵôķ.
	2.6 autorun.inf,U̲õķ.Ϊһautorun.infļ
		[AutoRun]
		open=Ҫִеļ
		shellexecute=Ҫִеļ
		shell\Auto\command=Ҫִеļ
		shell=Auto
	2.7 ļ,
		txtļĴ򿪷ʽΪNotepad.exeļ,һļľ,һtxtļ,
		ԭӦNotepad򿪸ļ,ȴľ
		HKEY_CLASSES_ROOT\exefile\shell\open\command,exeļĴ򿪷ʽ,ĬϼֵΪ:"%1"%*.
		ĬϼֵΪhorse.exe "%1"%*,ÿexeļ,horse.exeļͻᱻִ,
		עҲ漰ļ
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts 
	2.8 windowsļ
		õļWin.ini,system.ini,Autoexec.bat,Config.sys

3.ؼ
	ľķҲߵǵİȫʶ,Ƕûʲôɽ,ֻnetstat -anûʲôɶ˿
	3.1 ̵
		1.һ,ҪʲôMyDoor,MyHorseʲôɵӶ˲ʲôö,ʲôsvchostѽ,rundll32,ͻõĶ
		2.дDLLľ,ֱrundll32,ֻһrundll32̶.
			µʹ÷Ϊ:Rundll32.exe DLLname,Functionname [Arguments]  
			DLLnameΪҪִеDLLļ;FunctionnameΪǰҪִеDLLļľ;[Arguments]Ϊľ.  
			Ҫע:
			1.Dllļвܺпո,ļλc:\Program Files\Ŀ¼,Ҫ·ĳc:\Progra1\;  
			2.DllļDllڵĶŲ,򽫳ҲκϢ! 
			3.Ҫĵ:RundllкֵDll,Win32APIеGetUserName(),GetTextFace().
		3.DLLֱӲϵͳ̱explorer,svchostȵ(ǰ,ṩ)
		4.д,ں˼̵.(ѧϰ...ṩʾҳ)

	3.2 ˿ڵ
		1.һ֪,ǰ˿ûϱʹ,7.21.22.23......
		2.ʹ̽ľ,ȼݰٽз.(ṩ)

	3.3 ļ
		1.ͽһһõ.
		2.ļΪϵͳ+
		3.windows޷豸ļļ,Щ豸Ҫauxcom1com2prnconnul,windows2000/XP
		  и©豸ļļ,ľԶ.
		  巽:ʾ,Ȼmd c:con\,ԽһΪconĿ¼.Ĭ,windows޷
		  Ŀ¼,windows©ǲſԽĿ¼.
		4.NTFS
		   ü±½ıĵ,ֱΪ1.txt2.txt,Ϊļļ,CMDд,
		   ļļ, type 2.txt>1.txt: shujuliu.txt,س.ɽļ2.txtݼ1.txt,
		   ʽ,Ϊshujuliu.txt.Դв鿴ļ1.txt,ļ޸ںļС
		   ޱ仯,ɾ2.txt,ִ:notepad 1.txt:shujuliu.txt ,ɲ鿴ļеļ.(ṩ)




