bump - any information ??
I Would like to start on network programming using low level hooks / possibly driver hooks for remote control etc and from what I can gather I think C++ would be the better option although C Sharp may be able to do it but just need confirmation of which language would be the better one to use and from there book recomendations that will get me started on network programming - I am aware of codeproject.com but with only doing very basic C++ ie variables, loops, arrays, cin, cout etc I think I would also need a book that covered more advanced topics ie memory handling, classes, functions, pointers etc in C++ and also the vital one network programming and low level hooks - I am guessing I would need at least 4 or so books but am not sure.
If there are any book suggestions - any chance of a link to amazon or the likes so I know which book you are referencing
bump - any information ??
I found for the networking side of things and API hooking - it's easier to learn from RAT source codes (IMO), easier to see something already working and play with it than to do from scratch.
Cplusplus.com is another good resource, fairly easy to read and follow - this has an easy to follow tut on pointers.
Book wise... books never really worked from me, my friends had success with Sams Learn C++ in 21 days (or something close to that name).
mac_shinobi (13th March 2010)
RAT usually stands for Remote Administration Tool. It's usually a small piece of software allowing a remote admin to take control of a machine. However there are also malicious RAT's, sometimes called Remote Access Trojans. Both are quite similar really, although the trojan version will have more focus on nefarious actions such as hiding itself and perhaps data theft. Think Sub7.
Either way, reviewing the code of one will show you how to use the API's needed.
As for books, I've heard good things about UNIX Network Programming by Richard Stevens. It's based on C rather than C++ though I believe.
Last edited by freak; 13th March 2010 at 01:10 PM.
Computer Networks 4/e from Prentice Hall PTR
This is a standard university course text and should give you a good overview of the whole of networking in general. It'll set you back around £40, but you might be able to find a previous edition for under £10 and the basics haven't changed much in the past couple of decades.
You can exchange data between applications via HTTP, i.e. using "web services", which might be something to look at. This has the advantage that they can generally be used through firewalls easily, and of course are dead easy to program - you just write your own small webserver or a standard CGI script.
HTTP is just another layer on top of TCP, so if you want to transmit something without too much overhead then you should look at TCP sockets. This isn't nearly as complicated as it sounds, all modern languages will have a library or built-in capability to handle sockets.
If your problem is simply that you don't know enough about programming in general then you should probably sort that out first, although writing an application that uses socket-based communications is a good way to learn both programming in general and networking. Writing such an application used to be set as a second-year exercise when I did my degree, although it did regularly bring the CS department's network to a grinding halt as people made assorted errors.
as as books go
C++ The Complete Reference by herb schildt
won't help you with the networking or windows specifics but its a great reference book for C++
You are thinking more trojan / keylogger, many legit RATs exist... used for network control, they make good use of sockets (as opposed to irc connectivity like most new-age trojans), Windows API's... & are developed and used to make our lives easier... dameware is a RAT
Last edited by dwhyte85; 13th March 2010 at 07:10 PM.
And yes, I know exactly what Sub7 is. I gave it as an example as a trojan in the last post.
Last edited by freak; 13th March 2010 at 11:27 PM.
In the olden days when everyone had dial up connections direct to the net, no router in-between RATs could be used effectively to do the same as a trojan. I guess in principal it could be the same now... if the user had a Win98 box, dial-up/usb modem attached & no AV or security software at all...
Rat: Used for remote administration of a system, e.g., let's close down a machine without walking over to it... you could consider the use of WMI in a VB script a remote access tool. Purposely installed within a LAN to help do tasks that can only normally be done at a machine.
Trojan: Used to gain entry to a remote system, often bound to other software, crypted (think themida but cruder and unknown by AV) and installed by deceiving the user.
The code maybe similar in principal... but then again any amount of source code could be used for bad things, infact many of the education monitoring systems that exist use fundamentals of these tools... bad word monitoring (e.g, kids typing swear words into Word) that then capture an image of the profanity... work off of a keylogger, screen capture & sending the picture to a 'server'.
Last edited by dwhyte85; 14th March 2010 at 05:22 PM.
I hate to quote Microsoft (Danger: Remote Access Trojans - http://technet.microsoft.com/en-us/l...d632947.aspx):
They also give Sub7 as an example (same page):RATs are malicious programs that run invisibly on host PCs and permit an intruder remote access and control. On a basic level, many RATs mimic the functionality of legitimate remote control programs such as Symantec's pcAnywhere but are designed specifically for stealth installation and operation. Intruders usually hide these Trojan horses in games and
Therefore I stick to my original view that RATs can be either. But again, from your post I can't tell what you're trying to argue. From the looks of it we are saying the same thing.The most popular RATs, such as Back Orifice or SubSeven, are all-in-one intruder toolshops that do everything
Getting back to the original post...
A [R.A] trojan... will not have quite the same calibre of code as a RAT and will be absolute no use to OP as it will be a copy and paste-fest. They are not interchangeable, they are for different purposes and despite having the same acronym aren't the same. Sub7 was never considered a remote access tool... it's programmed badly in VB6, c++ offers some amount of interoperability dependant on libraries used.
I don't know how much code you've seen so I can't comment on what you do or don't know, if you've ever used Sub7/BO2k/Netbus you'd understand why they're not really RATs but trojans, although the code for BO2K is pretty helpful as it's well written (and avail. on sourceforge) and has been branded as a RAT now - although it was not written for that purpose.
Stating what I know as a coder, having used both trojans & RATs and my knowledge of new/old trojan & RAT sources...
Anyway, Mac_Shinobi - if you need any clarification drop me a PM.
Last edited by dwhyte85; 14th March 2010 at 08:21 PM.
You're clearly quite passionate about this, and may be looking over the fact that this argument is inane. As far as I can see, we are arguing about completely different things. Not only that but this has gone completely off topic and has hijacked the thread. For this reason I'll stop posting here. However, if you'd like to clear things up dwhyte, please feel free to PM me. Sorry for the hijack Mac_Shinobi
There are currently 1 users browsing this thread. (0 members and 1 guests)