{"id":478808,"date":"2023-08-09T09:38:29","date_gmt":"2023-08-09T09:38:29","guid":{"rendered":""},"modified":"2023-09-05T11:17:36","modified_gmt":"2023-09-05T11:17:36","slug":"runpe-technique","status":"publish","type":"wiki","link":"https:\/\/oneproxy.pro\/vn\/wiki\/runpe-technique\/","title":{"rendered":"K\u1ef9 thu\u1eadt RunPE"},"content":{"rendered":"

Th\u00f4ng tin t\u00f3m t\u1eaft v\u1ec1 k\u1ef9 thu\u1eadt RunPE<\/p>\n

K\u1ef9 thu\u1eadt RunPE \u0111\u1ec1 c\u1eadp \u0111\u1ebfn m\u1ed9t ph\u01b0\u01a1ng ph\u00e1p \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 \u1ea9n m\u00e3 \u0111\u1ed9c trong m\u1ed9t quy tr\u00ecnh h\u1ee3p ph\u00e1p ch\u1ea1y tr\u00ean h\u1ec7 th\u1ed1ng m\u00e1y t\u00ednh. B\u1eb1ng c\u00e1ch ti\u00eam m\u00e3 \u0111\u1ed9c v\u00e0o m\u1ed9t quy tr\u00ecnh h\u1ee3p l\u1ec7, k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 tr\u00e1nh b\u1ecb c\u00e1c c\u00f4ng c\u1ee5 b\u1ea3o m\u1eadt ph\u00e1t hi\u1ec7n v\u00ec c\u00e1c ho\u1ea1t \u0111\u1ed9ng c\u00f3 h\u1ea1i b\u1ecb che d\u1ea5u b\u1edfi c\u00e1c ho\u1ea1t \u0111\u1ed9ng b\u00ecnh th\u01b0\u1eddng c\u1ee7a quy tr\u00ecnh b\u1ecb nhi\u1ec5m.<\/p>\n

L\u1ecbch s\u1eed ngu\u1ed3n g\u1ed1c c\u1ee7a k\u1ef9 thu\u1eadt RunPE v\u00e0 s\u1ef1 \u0111\u1ec1 c\u1eadp \u0111\u1ea7u ti\u00ean v\u1ec1 n\u00f3<\/h2>\n

K\u1ef9 thu\u1eadt RunPE (Run Portable Executable) c\u00f3 ngu\u1ed3n g\u1ed1c t\u1eeb \u0111\u1ea7u nh\u1eefng n\u0103m 2000. Ban \u0111\u1ea7u n\u00f3 \u0111\u01b0\u1ee3c c\u00e1c t\u00e1c gi\u1ea3 ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i s\u1eed d\u1ee5ng \u0111\u1ec3 tr\u1ed1n tr\u00e1nh s\u1ef1 ph\u00e1t hi\u1ec7n c\u1ee7a ph\u1ea7n m\u1ec1m ch\u1ed1ng vi-r\u00fat v\u00e0 n\u00f3 nhanh ch\u00f3ng tr\u1edf th\u00e0nh m\u1ed9t c\u00f4ng c\u1ee5 ph\u1ed5 bi\u1ebfn cho t\u1ed9i ph\u1ea1m m\u1ea1ng. T\u00ean c\u1ee7a k\u1ef9 thu\u1eadt n\u00e0y xu\u1ea5t ph\u00e1t t\u1eeb \u0111\u1ecbnh d\u1ea1ng Portable Executable (PE), m\u1ed9t \u0111\u1ecbnh d\u1ea1ng t\u1ec7p ph\u1ed5 bi\u1ebfn \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng cho c\u00e1c t\u1ec7p th\u1ef1c thi trong h\u1ec7 \u0111i\u1ec1u h\u00e0nh Windows. L\u1ea7n \u0111\u1ea7u ti\u00ean \u0111\u1ec1 c\u1eadp \u0111\u1ebfn RunPE c\u00f3 ph\u1ea7n \u00edt ng\u01b0\u1eddi bi\u1ebft \u0111\u1ebfn, nh\u01b0ng n\u00f3 b\u1eaft \u0111\u1ea7u xu\u1ea5t hi\u1ec7n tr\u00ean c\u00e1c di\u1ec5n \u0111\u00e0n v\u00e0 c\u1ed9ng \u0111\u1ed3ng ng\u1ea7m, n\u01a1i c\u00e1c hacker chia s\u1ebb c\u00e1c k\u1ef9 thu\u1eadt v\u00e0 c\u00f4ng c\u1ee5.<\/p>\n

Th\u00f4ng tin chi ti\u1ebft v\u1ec1 k\u1ef9 thu\u1eadt RunPE. M\u1edf r\u1ed9ng ch\u1ee7 \u0111\u1ec1 K\u1ef9 thu\u1eadt RunPE<\/h2>\n

K\u1ef9 thu\u1eadt RunPE l\u00e0 m\u1ed9t ph\u01b0\u01a1ng ph\u00e1p ph\u1ee9c t\u1ea1p th\u01b0\u1eddng \u0111\u00f2i h\u1ecfi ki\u1ebfn th\u1ee9c s\u00e2u r\u1ed9ng v\u1ec1 n\u1ed9i b\u1ed9 h\u1ec7 \u0111i\u1ec1u h\u00e0nh. N\u00f3 bao g\u1ed3m c\u00e1c b\u01b0\u1edbc sau:<\/p>\n

    \n
  1. Ch\u1ecdn m\u1ed9t quy tr\u00ecnh m\u1ee5c ti\u00eau<\/strong>: K\u1ebb t\u1ea5n c\u00f4ng ch\u1ecdn m\u1ed9t quy tr\u00ecnh h\u1ee3p ph\u00e1p \u0111\u1ec3 \u0111\u01b0a m\u00e3 \u0111\u1ed9c v\u00e0o.<\/li>\n
  2. T\u1ea1o ho\u1eb7c chi\u1ebfm quy\u1ec1n \u0111i\u1ec1u khi\u1ec3n m\u1ed9t quy tr\u00ecnh<\/strong>: K\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 t\u1ea1o m\u1ed9t quy tr\u00ecnh m\u1edbi ho\u1eb7c chi\u1ebfm quy\u1ec1n \u0111i\u1ec1u khi\u1ec3n m\u1ed9t quy tr\u00ecnh hi\u1ec7n c\u00f3.<\/li>\n
  3. H\u1ee7y \u00e1nh x\u1ea1 m\u00e3 g\u1ed1c<\/strong>: M\u00e3 g\u1ed1c trong ti\u1ebfn tr\u00ecnh \u0111\u00edch \u0111\u01b0\u1ee3c thay th\u1ebf ho\u1eb7c \u1ea9n \u0111i.<\/li>\n
  4. Ti\u00eam m\u00e3 \u0111\u1ed9c h\u1ea1i<\/strong>: M\u00e3 \u0111\u1ed9c \u0111\u01b0\u1ee3c ti\u00eam v\u00e0o ti\u1ebfn tr\u00ecnh \u0111\u00edch.<\/li>\n
  5. Th\u1ef1c thi chuy\u1ec3n h\u01b0\u1edbng<\/strong>: Lu\u1ed3ng th\u1ef1c thi c\u1ee7a ti\u1ebfn tr\u00ecnh \u0111\u00edch \u0111\u01b0\u1ee3c chuy\u1ec3n h\u01b0\u1edbng \u0111\u1ec3 th\u1ef1c thi m\u00e3 \u0111\u1ed9c.<\/li>\n<\/ol>\n

    C\u1ea5u tr\u00fac b\u00ean trong c\u1ee7a k\u1ef9 thu\u1eadt RunPE. K\u1ef9 thu\u1eadt RunPE ho\u1ea1t \u0111\u1ed9ng nh\u01b0 th\u1ebf n\u00e0o<\/h2>\n

    C\u1ea5u tr\u00fac b\u00ean trong c\u1ee7a k\u1ef9 thu\u1eadt RunPE xoay quanh vi\u1ec7c thao t\u00e1c b\u1ed9 nh\u1edb ti\u1ebfn tr\u00ecnh v\u00e0 lu\u1ed3ng th\u1ef1c thi. D\u01b0\u1edbi \u0111\u00e2y l\u00e0 m\u1ed9t c\u00e1i nh\u00ecn s\u00e2u h\u01a1n v\u1ec1 c\u00e1ch n\u00f3 ho\u1ea1t \u0111\u1ed9ng:<\/p>\n

      \n
    1. Ph\u00e2n b\u1ed5 b\u1ed9 nh\u1edb<\/strong>: Kh\u00f4ng gian b\u1ed9 nh\u1edb \u0111\u01b0\u1ee3c ph\u00e2n b\u1ed5 trong ti\u1ebfn tr\u00ecnh \u0111\u00edch \u0111\u1ec3 l\u01b0u tr\u1eef m\u00e3 \u0111\u1ed9c.<\/li>\n
    2. Ch\u00e8n m\u00e3<\/strong>: M\u00e3 \u0111\u1ed9c \u0111\u01b0\u1ee3c sao ch\u00e9p v\u00e0o kh\u00f4ng gian b\u1ed9 nh\u1edb \u0111\u01b0\u1ee3c ph\u00e2n b\u1ed5.<\/li>\n
    3. \u0110i\u1ec1u ch\u1ec9nh quy\u1ec1n b\u1ed9 nh\u1edb<\/strong>: Quy\u1ec1n b\u1ed9 nh\u1edb \u0111\u01b0\u1ee3c thay \u0111\u1ed5i \u0111\u1ec3 cho ph\u00e9p th\u1ef1c thi.<\/li>\n
    4. Thao t\u00e1c b\u1ed1i c\u1ea3nh ch\u1ee7 \u0111\u1ec1<\/strong>: Ng\u1eef c\u1ea3nh lu\u1ed3ng c\u1ee7a ti\u1ebfn tr\u00ecnh \u0111\u00edch \u0111\u01b0\u1ee3c s\u1eeda \u0111\u1ed5i \u0111\u1ec3 chuy\u1ec3n h\u01b0\u1edbng th\u1ef1c thi sang m\u00e3 \u0111\u1ed9c.<\/li>\n
    5. Ti\u1ebfp t\u1ee5c th\u1ef1c thi<\/strong>: Qu\u00e1 tr\u00ecnh th\u1ef1c thi \u0111\u01b0\u1ee3c ti\u1ebfp t\u1ee5c v\u00e0 m\u00e3 \u0111\u1ed9c ch\u1ea1y nh\u01b0 m\u1ed9t ph\u1ea7n c\u1ee7a quy tr\u00ecnh \u0111\u00edch.<\/li>\n<\/ol>\n

      Ph\u00e2n t\u00edch c\u00e1c t\u00ednh n\u0103ng ch\u00ednh c\u1ee7a k\u1ef9 thu\u1eadt RunPE<\/h2>\n