kscan
2016-09-23 15:27:13 0 举报
登录查看完整内容
为你推荐
查看更多
抱歉,暂无相关内容 kscan是一款开源的端口扫描器,它支持多种操作系统,包括Windows、Linux和MacOS等。kscan具有简单易用、速度快、准确性高等特点,可以快速扫描目标主机的开放端口,帮助用户发现潜在的安全漏洞。此外,kscan还支持自定义端口范围、线程数、超时时间等参数,以满足不同用户的需求。总之,kscan是一款非常实用的网络安全工具,值得广大网民使用。
作者其他创作
大纲/内容
CKSESingleScanTask::_ScanFile 文件鉴定流程如下:
KSEScanWrapper3::_ScanFileThreadEx
KScanProcess::StartScan
piKSafeModeCoreImpMsgFunc-KSMCMFStartScan();
KSafeModeCoreImp
文件扫描相关- m_FileDiagnosis:FileDiagnosis- m_ScanResult:KScanResult- m_PacKScanFilter:KScanFilterPackage任务调度相关- m_ProcessQueue(任务队列)
任务调度相关+ ProcessItem(DISPATCH_ITEM& Item)(执行Task)+ TaskProcess(void* lParam)(调度ProcessQueue中的Task)+ Activate(开启线程运行TaskProcess函数)+ GetMsgFuncObj()
入口:KBootCareServiceProvider::StartScanpiKSafeModeCoreImpMsgFunc-KSMCMFStartScan();piKSafeModeCoreImpMsgFunc-KSMCMFAsyncMainPointScan();
KScanProcessWrapper::StartScan
KBootCareServiceProvider::StartScan
KScanProcessWrapper::OnFoundItem
KScanProcess::AsyncScan
主要耗时在此处
ISimplePlugScanCallback
+ BeginImpersonate()+ EndImpersonate()+ OnFoundPlugItem()
_GetLocalEngCacheStatus
IFileDiagnosisMsgFunc
+ FDMFSetSubScanSystemTrustList()+ FDMFFileCloudDiagnosisBegin()+ FDMFFileCloudDiagnosis()+ FDMFFileCloudDiagnosisEnd()+ QueryConnectState
查杀主流程
KSafeModeCoreImp::AsyncMainPointScan
_GetFileTypeByKae
_RecordWriteWfsFlagToStatus
KScanCallback::KAEReturnScanResult
_ConfirmOpenFile
如果存在扫描项
FileDiagnosis::NetDetectResult
AsyncScan(ScanType.StartupPoint)
KScanProcess::StartScan根据参数传入的扫描点及扫描类型参数进行扫描
_CheckTargetName
ScanThread
CallScanFileThread(往队列里加入元素)
_WfsOperation
根据扫描类型进行扫描
KScanProcessExport::StartScan
KScanProcessWrapper::ScanWithConfig
_ScanByPathFilter
队列中存在待鉴定项
KSEScanWrapper3
- m_ScanFileQueue (文件名队列)
_RecordCloseFileFlagToStatus
KSEScanWrapper3::InitScanThread
_FinalDecision
KScanProcessExport
- m_ScanProcess:KScanProcess
+ StartScan()
KSEScanWrapper3::_ScanFile 1、调用CKSESingleScanTask::_ScanFile对文件做鉴定2、根据鉴定结果改写状态
KScanFilterPackage::StartScan
_ScanByCloudNetDet2
KScanCallback::Process
KScanProcess
* m_ThreadPool:ThreadPool+ m_KAEAutorun:CKAEAutorunsEx
+ AsyncScan()
WaitAutorunScanFinish()
_UpdateScanInfo
CKSESingleScanTask::ScanFile
KScanCallback
- m_lpKSPScanCallback:IKScanProcessCallback*
ksscore.dll
_ScanByOle
KScanResult::AddResult
kscanner.dll
FileDiagnosis::FDMFFileCloudDiagnosis
CKAEAutorunsEx::ScanRegValue
KScanProcessWrapper
- m_lpScanProcess:IKScanProcess*
+ OnFoundItem(const KSP_SCAN_ITEM& item)+ SubmitToResultAnalyzer()+ StartScan()+ ScanWithConfig()
_ScanByResFilter
从队列中不断取出元素做鉴定
_ScanByCloudNetDet1
_FinishBlockScan
KsscoreServiceProvider
- m_KSafeModeCoreImp:type
IKAEAutorunsCallBack
+ KAEReturnScanResult(*pScanResult)
IKSafeModeCoreImpMsgFunc
_ScanByHeur
KScanFilterPackage
- m_Scanner:KScanProcessWrapper- m_SpecialScanner:KSpecialScanner- m_UsbScanWrapper:KUsbScanWrapper
KSEScanWrapper3::_ScanFile 文件鉴定
_ScanBySizeFilter
KAutorunCallbackHolder::KAEReturnScanResultEx
文件鉴定主流程
ScanThreadParam
+ pScanner:KScanProcess* ;+ nScanType:int;
CKAEAutorunsEx::Scan
KBootCareServiceProvider
-m_pSafeModeCore:KSafeModeCoreImp*
+StartScan(扫描入口)+Init(KSafeModeCoreImp& SafeModeCore)
KSafeModeCoreImp::ProcessItem
类之间主要关系:
_ScanByCloudLocalDet
_AllScan
KScanCallback::OnResultDispatch
KSEScanWrapper3::_ScanFile
m_lpKSPScanCallback在ScanWithConfig函数执行时绑定到KScanProcessWrapper
IKScanProcess
_ScanByArchExt
结束
KScanResult
- m_FileSecurityManager:KFileSecurityManager- m_ScanFileDetail:KScanDetailManager- m_KsysFileVerifier:KSysFileVerify
+ SRMFScanResultRefreshSecurityInfo(SecurityData)+ SRMFScanResultAddStartupPointData(& ScanItem)+ AddResult(ScanItem);+ RefreshSecurityInfo()+ Check3rdHijack1stFile()
配置扫描项
_ScanByWfs
IKScanProcessCallback
+ OnFoundItem(const KSP_SCAN_ITEM& item)
m_pCallBack-NetDetectResult鉴定结果上报
FileDiagnosis
- m_KSEScaner:KSEScanWrapper3
ksesscan.dll
CKAEAutorunsEx
- m_Callbackholder:KAutorunCallbackHolder- m_piCallBackEx:IKAEAutorunsCallBack*
+ ScanProcess()
KSafeModeCoreImp::TaskProcess
0 条评论
回复 删除
下一页
