kscan

2016-09-23 15:27:13   0  举报





仅支持查看

kscan是一款开源的端口扫描器，它支持多种操作系统，包括Windows、Linux和MacOS等。kscan具有简单易用、速度快、准确性高等特点，可以快速扫描目标主机的开放端口，帮助用户发现潜在的安全漏洞。此外，kscan还支持自定义端口范围、线程数、超时时间等参数，以满足不同用户的需求。总之，kscan是一款非常实用的网络安全工具，值得广大网民使用。

作者其他创作

大纲/内容

CKSESingleScanTask::_ScanFile 文件鉴定流程如下：

KSEScanWrapper3::_ScanFileThreadEx

KScanProcess::StartScan

piKSafeModeCoreImpMsgFunc-KSMCMFStartScan();

KSafeModeCoreImp

文件扫描相关- m_FileDiagnosis：FileDiagnosis- m_ScanResult：KScanResult- m_PacKScanFilter：KScanFilterPackage任务调度相关- m_ProcessQueue（任务队列）

任务调度相关+ ProcessItem(DISPATCH_ITEM& Item)（执行Task）+ TaskProcess(void* lParam)（调度ProcessQueue中的Task）+ Activate（开启线程运行TaskProcess函数）+ GetMsgFuncObj()

入口：KBootCareServiceProvider::StartScanpiKSafeModeCoreImpMsgFunc-KSMCMFStartScan();piKSafeModeCoreImpMsgFunc-KSMCMFAsyncMainPointScan();

KScanProcessWrapper::StartScan

KBootCareServiceProvider::StartScan

KScanProcessWrapper::OnFoundItem

KScanProcess::AsyncScan

主要耗时在此处

ISimplePlugScanCallback

+ BeginImpersonate()+ EndImpersonate()+ OnFoundPlugItem()

_GetLocalEngCacheStatus

IFileDiagnosisMsgFunc

+ FDMFSetSubScanSystemTrustList()+ FDMFFileCloudDiagnosisBegin()+ FDMFFileCloudDiagnosis()+ FDMFFileCloudDiagnosisEnd()+ QueryConnectState

查杀主流程

KSafeModeCoreImp::AsyncMainPointScan

_GetFileTypeByKae

_RecordWriteWfsFlagToStatus

KScanCallback::KAEReturnScanResult

_ConfirmOpenFile

如果存在扫描项

FileDiagnosis::NetDetectResult

AsyncScan(ScanType.StartupPoint)

KScanProcess::StartScan根据参数传入的扫描点及扫描类型参数进行扫描

_CheckTargetName

ScanThread

CallScanFileThread（往队列里加入元素）

_WfsOperation

根据扫描类型进行扫描

KScanProcessExport::StartScan

KScanProcessWrapper::ScanWithConfig

_ScanByPathFilter

队列中存在待鉴定项

KSEScanWrapper3

- m_ScanFileQueue （文件名队列）

_RecordCloseFileFlagToStatus

KSEScanWrapper3::InitScanThread

_FinalDecision

KScanProcessExport

- m_ScanProcess：KScanProcess

+ StartScan()

KSEScanWrapper3::_ScanFile 1、调用CKSESingleScanTask::_ScanFile对文件做鉴定2、根据鉴定结果改写状态

KScanFilterPackage::StartScan

_ScanByCloudNetDet2

KScanCallback::Process

KScanProcess

* m_ThreadPool：ThreadPool+ m_KAEAutorun：CKAEAutorunsEx

+ AsyncScan()

WaitAutorunScanFinish()

_UpdateScanInfo

CKSESingleScanTask::ScanFile

KScanCallback

- m_lpKSPScanCallback：IKScanProcessCallback*

ksscore.dll

_ScanByOle

KScanResult::AddResult

kscanner.dll

FileDiagnosis::FDMFFileCloudDiagnosis

CKAEAutorunsEx::ScanRegValue

KScanProcessWrapper

- m_lpScanProcess：IKScanProcess*

+ OnFoundItem(const KSP_SCAN_ITEM& item)+ SubmitToResultAnalyzer()+ StartScan()+ ScanWithConfig()

_ScanByResFilter

从队列中不断取出元素做鉴定

_ScanByCloudNetDet1

_FinishBlockScan

KsscoreServiceProvider

- m_KSafeModeCoreImp:type

IKAEAutorunsCallBack

+ KAEReturnScanResult(*pScanResult)

IKSafeModeCoreImpMsgFunc

_ScanByHeur

KScanFilterPackage

- m_Scanner：KScanProcessWrapper- m_SpecialScanner：KSpecialScanner- m_UsbScanWrapper：KUsbScanWrapper

KSEScanWrapper3::_ScanFile 文件鉴定

_ScanBySizeFilter

KAutorunCallbackHolder::KAEReturnScanResultEx

文件鉴定主流程

ScanThreadParam

+ pScanner：KScanProcess* ;+ nScanType：int;

CKAEAutorunsEx::Scan

KBootCareServiceProvider

-m_pSafeModeCore:KSafeModeCoreImp*

+StartScan（扫描入口）+Init(KSafeModeCoreImp& SafeModeCore)

KSafeModeCoreImp::ProcessItem

类之间主要关系：

_ScanByCloudLocalDet

_AllScan

KScanCallback::OnResultDispatch

KSEScanWrapper3::_ScanFile

m_lpKSPScanCallback在ScanWithConfig函数执行时绑定到KScanProcessWrapper

IKScanProcess

_ScanByArchExt

结束

KScanResult

- m_FileSecurityManager：KFileSecurityManager- m_ScanFileDetail：KScanDetailManager- m_KsysFileVerifier：KSysFileVerify

+ SRMFScanResultRefreshSecurityInfo(SecurityData)+ SRMFScanResultAddStartupPointData(& ScanItem)+ AddResult(ScanItem);+ RefreshSecurityInfo()+ Check3rdHijack1stFile()

配置扫描项

_ScanByWfs

IKScanProcessCallback

+ OnFoundItem(const KSP_SCAN_ITEM& item)

m_pCallBack-NetDetectResult鉴定结果上报

FileDiagnosis

- m_KSEScaner：KSEScanWrapper3

ksesscan.dll

CKAEAutorunsEx

- m_Callbackholder：KAutorunCallbackHolder- m_piCallBackEx：IKAEAutorunsCallBack*

+ ScanProcess()

KSafeModeCoreImp::TaskProcess