用户工具

站点工具


jaysnote:2345_com

差别

这里会显示出您选择的修订版和当前版本之间的差别。

到此差别页面的链接

两侧同时换到之前的修订记录 前一修订版
jaysnote:2345_com [2019/07/29 14:13]
jaylee
jaysnote:2345_com [2019/07/29 14:15] (当前版本)
jaylee 已恢复为旧版 (2019/01/21 17:18)
行 1: 行 1:
-<​markdown>​+<​markdown>​
  
-gac-350 node development env set up +2345.com # 
- +浏览器被污所有主页均设置为2345.com,​日狗,按照网上方法依次尝,无果。自己着手解决。 
-本文详细介绍基于gac-350 门禁的node windows 开发环境的搭建以及用以该门禁远程编译调node工程。 +## 网上的一些方法 ## 
- +* 尝试在浏览器中设主页 
-gac-350 ​ `smart-device-node` 工程代码通过[gitlab](http://gitlab.mxj360.com/)管理. +[IE主页被改成2345网址大全怎么删除2345网址导航](http://jingyan.baidu.com/article/656db9189f1560e380249c73.html
- +无效 
-* [smart-device-node gitlab](http:​//gitlab.mxj360.com/​smart-device/​smart-device-node/​tree/​master+确定桌面快方式中浏览器命令被更改。 
- +确定未更改 
-    > ​**提示**:在`MyDreamPlus` 环境可能连接[aws.ovpn]()连接[gitlab](http://​gitlab.mxj360.com/​))初次下载应用包后需要手解压根目录下咱node_modules.zip 压缩包。 +* 设置注册表 
- +无效 
-gac-350 smart-device-node 通过typescript 编码实现,ts通过解释成js后运行。 +* 删除注册表中所有2345.com相关项 
- +删除后无效 
-- [typestript](https://​www.typescriptlang.org/​docs/​home.html) +* 删除浏览器重新安装 
-- [TypeScript in 5 minutes](https://​www.typescriptlang.org/​docs/​handbook/​typescript-in-5-minutes.html) +徐晓 
-[Running and debugging TypeScript](https://www.jetbrains.com/help/idea/running-and-debugging-typescript.html) +* 删除2345 安装插件 
-[Running and Debugging Node.js](https://www.jetbrains.com/help/idea/​running-and-debugging-node-js.html) +[怎么彻底删除2345主页?2345网址导航彻底清理教程!](http://www.sdbeta.com/mf/2014/1128/24207.html) 
- +没有找到该插件 
-集成开发环境使用itellij,习惯vs的可以选择vs201x/​vscode. +* 找到2345首页文件,尝试替换后锁定。 
- +[win7系统彻底删除2345网址导航](http://jingyan.baidu.com/article/03b2f78c1bdbd05ea337ae62.html) 
-[ide itellij idea](https://​www.jetbrains.com/​idea/​download/#​section=windows) +未找到 
- +卸载谷歌浏览器 ​ 
-gac-350 门禁通过supervisor守护node 工程运行,程序入口通过supervisor配置文件到npm start 再到 `packge.json` 包管理的start命令+重装问题依然
  
 +## 尝试自己解决 ##
 +怀疑是有一个守护进程,以上更改生效后立即被重新更改,导致无效。尝试在`任务管理器`->​性能->​资源监视器->​CPU 选项卡中搜索2345,出现以下句柄。
 +![](http://​www.leconiot.com/​md_res/​jaysnote/​2345_com/​images/​2345Handle.png)
 ``` ```
-supervisor->​smart-device-node->​npm start->​packge.json->​node node_modules/cross-env/dist/bin/​cross-env.js DEBUG=info:app:*,​error:​app:​* node app/App+映像 PID 类型 句柄名称 
 +explorer.exe 9484 Mutant \Sessions\1\BaseNamedObjects\http:​//www.2345.com/ 
 +explorer.exe 9484 File C:\Users\JaysThinkPad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I4IR8LS1\2345_160926[1].eot 
 +explorer.exe 9484 File C:\Users\JaysThinkPad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VFB0GG7W\2345_com[1].htm
 ``` ```
 +不难看出这里主要是资源管理器相关,怀疑是有程序直接注入了explorer.exe,​尝试删除以上关联句柄的注册表和本地文件。但是在启动浏览器时候又马上被生成。
  
-## install ​ and compile+我们尝试按照一线方法结束资源管理器进程的这些Mutex。 
 +[Kill mutex (mutant) of an other process](https://​autohotkey.com/​boards/​viewtopic.php?​t=14397) 
 +下载handle.exe 
 +```bat 
 +Microsoft Windows [版本 6.1.7601] 
 +版权所有 (c) 2009 Microsoft Corporation。保留所有权利。
  
-### itellij+C:​\Users\JaysThinkPad>​cd /d H:\Program Files\Handle
  
-itellij 直接通过 [ide itellij idea](https://​www.jetbrains.com/​idea/​download/#​section=windows)官方下载,直接双击安装,成功安装后破解参考[IntelliJ IDEA 最新注册码](https://​guobinhit.blog.csdn.net/​article/​details/​89040919)。 +H:\Program Files\Handle>handle64.exe -p 9300 -a 2345
- +
-* 修改本机host文件 +
- +
-    ```bash +
-    0.0.0.0 account.jetbrains.com +
-    0.0.0.0 www.jetbrains.com +
-    ``` +
- +
-* 添加注册码 +
- +
-    ```bash +
-    56ZS5PQ1RF-eyJsaWNlbnNlSWQiOiI1NlpTNVBRMVJGIiwibGljZW5zZWVOYW1lIjoi5q2j54mI5o6I5p2DIC4iLCJhc3NpZ25lZU5hbWUiOiIiLCJhc3NpZ25lZUVtYWlsIjoiIiwibGljZW5zZVJlc3RyaWN0aW9uIjoiRm9yIGVkdWNhdGlvbmFsIHVzZSBvbmx5IiwiY2hlY2tDb25jdXJyZW50VXNlIjpmYWxzZSwicHJvZHVjdHMiOlt7ImNvZGUiOiJJSSIsInBhaWRVcFRvIjoiMjAyMC0wMy0xMCJ9LHsiY29kZSI6IkFDIiwicGFpZFVwVG8iOiIyMDIwLTAzLTEwIn0seyJjb2RlIjoiRFBOIiwicGFpZFVwVG8iOiIyMDIwLTAzLTEwIn0seyJjb2RlIjoiUFMiLCJwYWlkVXBUbyI6IjIwMjAtMDMtMTAifSx7ImNvZGUiOiJHTyIsInBhaWRVcFRvIjoiMjAyMC0wMy0xMCJ9LHsiY29kZSI6IkRNIiwicGFpZFVwVG8iOiIyMDIwLTAzLTEwIn0seyJjb2RlIjoiQ0wiLCJwYWlkVXBUbyI6IjIwMjAtMDMtMTAifSx7ImNvZGUiOiJSUzAiLCJwYWlkVXBUbyI6IjIwMjAtMDMtMTAifSx7ImNvZGUiOiJSQyIsInBhaWRVcFRvIjoiMjAyMC0wMy0xMCJ9LHsiY29kZSI6IlJEIiwicGFpZFVwVG8iOiIyMDIwLTAzLTEwIn0seyJjb2RlIjoiUEMiLCJwYWlkVXBUbyI6IjIwMjAtMDMtMTAifSx7ImNvZGUiOiJSTSIsInBhaWRVcFRvIjoiMjAyMC0wMy0xMCJ9LHsiY29kZSI6IldTIiwicGFpZFVwVG8iOiIyMDIwLTAzLTEwIn0seyJjb2RlIjoiREIiLCJwYWlkVXBUbyI6IjIwMjAtMDMtMTAifSx7ImNvZGUiOiJEQyIsInBhaWRVcFRvIjoiMjAyMC0wMy0xMCJ9LHsiY29kZSI6IlJTVSIsInBhaWRVcFRvIjoiMjAyMC0wMy0xMCJ9XSwiaGFzaCI6IjEyMjkxNDk4LzAiLCJncmFjZVBlcmlvZERheXMiOjAsImF1dG9Qcm9sb25nYXRlZCI6ZmFsc2UsImlzQXV0b1Byb2xvbmdhdGVkIjpmYWxzZX0=-SYSsDcgL1WJmHnsiGaHUWbaZLPIe2oI3QiIneDtaIbh/​SZOqu63G7RGudSjf3ssPb1zxroMti/​bK9II1ugHz/​nTjw31Uah7D0HqeaCO7Zc0q9BeHysiWmBZ+8bABs5vr25GgIa5pO7CJhL7RitXQbWpAajrMBAeZ2En3wCgNwT6D6hNmiMlhXsWgwkw2OKnyHZ2dl8yEL+oV5SW14t7bdjYGKQrYjSd4+2zc4FnaX88yLnGNO9B3U6G+BuM37pxS5MjHrkHqMTK8W3I66mIj6IB6dYXD5nvKKO1OZREBAr6LV0BqRYSbuJKFhZ8nd6YDG20GvW6leimv0rHVBFmA0w==-MIIElTCCAn2gAwIBAgIBCTANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1KZXRQcm9maWxlIENBMB4XDTE4MTEwMTEyMjk0NloXDTIwMTEwMjEyMjk0NlowaDELMAkGA1UEBhMCQ1oxDjAMBgNVBAgMBU51c2xlMQ8wDQYDVQQHDAZQcmFndWUxGTAXBgNVBAoMEEpldEJyYWlucyBzLnIuby4xHTAbBgNVBAMMFHByb2QzeS1mcm9tLTIwMTgxMTAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxcQkq+zdxlR2mmRYBPzGbUNdMN6OaXiXzxIWtMEkrJMO/​5oUfQJbLLuMSMK0QHFmaI37WShyxZcfRCidwXjot4zmNBKnlyHodDij/​78TmVqFl8nOeD5+07B8VEaIu7c3E1N+e1doC6wht4I4+IEmtsPAdoaj5WCQVQbrI8KeT8M9VcBIWX7fD0fhexfg3ZRt0xqwMcXGNp3DdJHiO0rCdU+Itv7EmtnSVq9jBG1usMSFvMowR25mju2JcPFp1+I4ZI+FqgR8gyG8oiNDyNEoAbsR3lOpI7grUYSvkB/​xVy/​VoklPCK2h0f0GJxFjnye8NT1PAywoyl7RmiAVRE/​EKwIDAQABo4GZMIGWMAkGA1UdEwQCMAAwHQYDVR0OBBYEFGEpG9oZGcfLMGNBkY7SgHiMGgTcMEgGA1UdIwRBMD+AFKOetkhnQhI2Qb1t4Lm0oFKLl/​GzoRykGjAYMRYwFAYDVQQDDA1KZXRQcm9maWxlIENBggkA0myxg7KDeeEwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMA0GCSqGSIb3DQEBCwUAA4ICAQAF8uc+YJOHHwOFcPzmbjcxNDuGoOUIP+2h1R75Lecswb7ru2LWWSUMtXVKQzChLNPn/​72W0k+oI056tgiwuG7M49LXp4zQVlQnFmWU1wwGvVhq5R63Rpjx1zjGUhcXgayu7+9zMUW596Lbomsg8qVve6euqsrFicYkIIuUu4zYPndJwfe0YkS5nY72SHnNdbPhEnN8wcB2Kz+OIG0lih3yz5EqFhld03bGp222ZQCIghCTVL6QBNadGsiN/​lWLl4JdR3lJkZzlpFdiHijoVRdWeSWqM4y0t23c92HXKrgppoSV18XMxrWVdoSM3nuMHwxGhFyde05OdDtLpCv+jlWf5REAHHA201pAU6bJSZINyHDUTB+Beo28rRXSwSh3OUIvYwKNVeoBY+KwOJ7WnuTCUq1meE6GkKc4D/​cXmgpOyW/​1SmBz3XjVIi/​zprZ0zf3qH5mkphtg6ksjKgKjmx1cXfZAAX6wcDBNaCL+Ortep1Dh8xDUbqbBVNBL4jbiL3i3xsfNiyJgaZ5sX7i8tmStEpLbPwvHcByuf59qJhV/​bZOl8KqJBETCDJcY6O2aqhTUy+9x93ThKs1GKrRPePrWPluud7ttlgtRveit/​pcBrnQcXOl1rHq7ByB8CFAxNotRUYL9IF5n3wJOgkPojMy6jetQA5Ogc8Sm7RG6vg1yow== +
-    ``` +
- +
-### node +
- +
-node 解释器和sdk通过[nodejs.org](https://​nodejs.org/​zh-cn/​),成功下载后双击默认安装。 +
- +
-### run +
- +
-成功安装itellij后通过New->Project->​node->​Node.js and NPM 导入代码到工程。 +
- +
-> **提示**:​初次下载工程需要手动解压根目录下在的node_modules.zip压缩包。 +
- +
-如果要在windows上面编译工程,需要添加 Run-> Edit Configurationss->+ npm +
- +
-* package.json 为工程根目录下的`package.json` 文件; +
-* command 为`start` +
-* Node interprter 为如上node安装路径。 +
-* 详细配置如下:![itellij debug node](intellij_node_debug.png) +
- +
-同时可配置远程机器运行直接配置到gac-350门禁上运行调试。 +
- +
-*  初次使用该功能需要手动添加node.js 远程解释器插件。  +
- +
-    File->​Settings/​Preferences ​ (Ctrl+Alt+S)->​ Plugins->​Maketplace->​Node.js Remote Interpreter; +
- +
-    > **提示**:详细参考[Configure Node.js Remote Interpreter Dialog](https://​www.jetbrains.com/​help/​idea/​configure-node-js-remote-interpreter.html) +
- +
-* 成功安装node.js 远程插件过后通过Run->​ Edit Configurationss->​+ Node.js +
- +
-* 详细配置如下图: +
- +
-    ![远程调试](note_js_remote_interpreter.png) +
- +
-    > **提示**: 需要提前远程设备root账号和密码,同时允许ssh root账号登录。 +
- +
-## troubleshooting +
- +
-### 编译失败 +
- +
-```bash +
-Error:(2, 21) TS2307: Cannot find module '​fs'​. +
-Error:(6, 16) TS2503: Cannot find namespace '​NodeJS'​.+
 ``` ```
 +```bat
 +H:\Program Files\Handle>​handle64.exe -p 1480 -a 2345
  
 +Nthandle v4.1 - Handle viewer
 +Copyright (C) 1997-2016 Mark Russinovich
 +Sysinternals - www.sysinternals.com
  
- +explorer.exe       pid1480   type: File           F88C:\Users\JaysThinkPad\
-### 本地运行提示 Cannot find cross-env.js +ppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I4IR8LS1\234 
- +5_160926[1].eot 
-```bash +explorer.exe       pid1480   typeMutant ​        FA8: \Sessions\1\BaseNamedOb 
-internal/​modules/​cjs/​loader.js:584 +jects\http://​www.2345.com/ 
-    throw err; +explorer.exe       pid1480   typeFile          1228: C:​\Users\JaysThinkPad\A 
-    ^ +ppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UN36B2RC\234 
- +5_com[1].htm 
-ErrorCannot find module 'D:\MyProject\smart-device-node\node_modules\cross-env\dist\bin\cross-env.js' +explorer.exe       pid1480   typeFile          16EC: G:​\MyProject\2016-12-14 
-    at Function.Module._resolveFilename (internal/​modules/​cjs/​loader.js:582:15) +-2345.com 
-    at Function.Module._load (internal/​modules/cjs/loader.js:508:25) +explorer.exe       pid1480   typeFile          16F4: G:​\MyProject\2016-12-14 
-    at Function.Module.runMain (internal/​modules/​cjs/​loader.js:754:12) +-2345.com
-    at startup (internal/​bootstrap/​node.js:283:19) +
-    at bootstrapNodeJSCore (internal/​bootstrap/​node.js:622:3)+
 ``` ```
- +```bat 
-上文,已经反复提示初次安装需要手解压安装根目录下node_modules.zip 压缩包。 +>​handle64.exe -p 9300 -c F88 
- +``` 
-### 远调试提示Illegal instruction +按照以方法结束了所有的2345句柄,同时尝试删除注册表和本地问题依然。 
- +但是这里发现一个问题,就是explorer中的句柄并不是一直存在的是启浏览器后被主动注入的。 
-```bash +但是启动搜狗浏览器的时候却没有改句柄,说明是浏览器序本身被污染了。 
-/​usr/​bin/​node --inspect=0.0.0.0:57309 --debug-brk app/App node_modules/​cross-env/​dist/​bin/​cross-env.js +同时不难看出IE浏览器也是同样的方式被注入了句柄。 
-bash: line 1: 11260 Illegal instruction ​    env "​FORCE_COLOR"​="​true"​ "​ELECTRON_NO_ATTACH_CONSOLE"​="​true"​ "​npm_config_color"​="​always"​ "​DEBUG_COLORS"​="​true"​ "​MOCHA_COLORS"​="​1"​ "​DEBUG"​="​info:​app:​*,​error:​app:​* " "​JETBRAINS_REMOTE_RUN"​="​1"​ "​COLORTERM"​="​true"​ '/usr/bin/​node'​ '​--inspect=0.0.0.0:​57309'​ '​--debug-brk'​ 'app/App' '​node_modules/​cross-env/​dist/​bin/​cross-env.js'​+``` 
 +映像 PID 类型 句柄名称 
 +iexplore.exe 4744 File C:​\Users\JaysThinkPad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I4IR8LS1\2345_160926[1].eot 
 +iexplore.exe 4744 File C:\Users\JaysThinkPad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UN36B2RC\2345_com[1].htm 
 +iexplore.exe 4744 Mutant \Sessions\1\BaseNamedObjects\http://www.2345.com/
 ``` ```
  
-暂时地,门禁版本过于7,不支持debug功能。 +### Handles and Objects ### 
- +[Pushing the Limits of Windows: Handles](https://​blogs.technet.microsoft.com/​markrussinovich/​2009/​09/​29/​pushing-the-limits-of-windows-handles/​) 
-'--inspect=0.0.0.0:​57546'​ 参数无效 +The kernel-mode core of Windows, which is implemented in the %SystemRoot%\System32\Ntoskrnl.exe image, consists of various subsystems such as the Memory Manager, Process Manager, I/O Manager, Configuration Manager (registry), which are all parts of the ExecutiveEach of these subsystems defines one or more types with the Object Manager to represent the resources they expose to applicationsFor example, the Configuration Manager defines the key object to represent an open registry key; the memory manager defines the Section object for shared memory; the Executive defines Semaphore, Mutant (the internal name for a mutex), and  Event synchronization objects (these objects wrap fundamental data structures defined by the operating system’s Kernel subsystem); the I/O Manager defines the File object to represent open instances of device driver resources, which include file system files; and the Process Manager the creates Thread and Process objects I discussed in my last Pushing the Limits post. Every release of Windows introduces new object types with Windows 7 defining a total of 42. You can see the objects defined by running the Sysinternals [Winobj ](https://technet.microsoft.com/en-us/sysinternals/bb896657.aspx)utility with administrative rights and navigating to the ObjectTypes directory in the Object Manager namespace:
- +
-https://nodejs.org/zh-cn/docs/​guides/​debugging-getting-started/+
  
-```bash +### [Hunting Malware with Memory Analysis](https://​www.solutionary.com/​resource-center/​blog/​2012/​12/​hunting-malware-with-memory-analysis/​) ### 
-在版本 7 以及更早的版本使用 ​--debug 或 --debug-brk 开关启动调试时,Node.js 侦听由中断定义的调试命令,TCP 端口上的 V8 调试协议,默认为 5858。任何遵守此协议的调试客户端都可以连接并调试运行这个进程,下面有一些热门的说明。+```BAT 
 +H:\Program Files\volatility_2.4.win.standalone>​volatility-2.4.standalone.exe ​-f memory_images/​example.vmem ​--profie=Win7SP1x64 handles ​-p 3488  -t Mutant -s 
 +H:\Program Files\volatility_2.4.win.standalone>​volatility-2.4.standalone.exe -f memory_images/​example.vmem imageinfo 
 +H:\Program Files\volatility_2.4.win.standalone>​volatility-2.4.standalone.exe -f memory_images/​example.vmem --profie=Win7SP1x64 ​ pslist 
 +H:\Program Files\volatility_2.4.win.standalone>​volatility-2.4.standalone.exe -f memory_images/​example.vmem --profie=Win7SP1x64 vaddump -p 1752 -D memory_images/​procdump/​
 ``` ```
  
-http://mirrors.sohu.com/debian/pool/main/n/nodejs/+### 360 系统急救箱 ### 
 +**12/​17/​2016 3:47:47 PM** 
 +最后还是通过360系统急救箱扫描解决问题,有些异常可能和2345.com有关系。安装过程发现根本没有办法安装系统急救箱工具,因为在不能在 资源管理器中新建 “SuperKiller.exe”,怀疑其和Explorer启动项有关系。将360压缩包中的SuperKiller.exe 重命名后解压正常。 
 +![](http://www.leconiot.com/md_res/jaysnote/2345_com/images/ExplorerStartItem.png)
  
-低版本node不支持itellij 调试,需要安装高版本的node->debian Jessie 版本太低不支持高版本node所以需要切换到sid、experimental 源更新libc和gcc->​装了高版本node过后发现npm 不在了,通过apt-get install 重新安装了npm。->​之后发现electron不能正常启动。+</​markdown>
  
-</​markdown>​ 
jaysnote/2345_com.txt · 最后更改: 2019/07/29 14:15 由 jaylee