来源:lam's blog / g- a( E. C% S# Y% D, s, h
最近好象又开始流行播放器里插木马了,我于是在网上转了转,看有没有什么好东西能预防的.
2 L* q4 {2 }% g0 Y7 u0 g6 w( m" c结果在安天CERT小组 看到了这个: 6 J* |2 Y, } q6 J4 ~0 L5 A, N8 ?
软件名称:exe2swf
+ L8 \4 c" g6 [. p2 X适用系统:WIN 9x/ME/2000/NT
6 f- r% g, g* W6 z+ D1 I文件大小:11K
8 v0 V5 m* }" t1 E7 H% E文件说明:FLASH格式文件转换器为了防止有人在可执行的FLASH格式文件(.exe)中夹插木马,或者用flash图标的木马冒充flash文件,编写了一个简单的工具。
! [7 |9 t; y: t# o; E/ F下载:http://soft.hackbase.com/37/20050319/6389.html 9 F% }$ g+ l) F6 p* G1 z& C1 Y/ }
哈,但是还有还想不到的呢,我找到了一段可以实验这个功能的代码 - i2 r5 n7 R7 @& y
作者:海娃 # d; Z. y3 G( _5 a+ d7 n
用法:
0 S: f _% u. r4 h& v5 L$ P& W
- G! l3 a5 H. u- 将下面代码存为 exe2swf.vbs
, a# H/ X- W! _, g# b( l
- 将exe格式的flash拖放在此文件上,即可生成swf文件,
% X" M" ~! c @) e$ I$ @& ?2 b
6 @5 b2 @ L+ J'haiwa@http://www.51windows.Net
- \( t: @) j0 O& {'感谢jimbob提供帮助.
' w% K m7 m! }1 H, D) mdim AsoR,FlashFileName+ A6 {/ g) x: x, b) U7 [ q
Set ArgObj = WScript.Arguments
+ G% r; T1 U& h2 F* \# @" W$ Z9 Wdim PositionStart,OKed,Tag,EndSize4 }1 Z9 y$ a" J
PositionStart = 920000'flash 4的播放器的大致字节数3 t3 n: i& N+ C. X! J* j
EndSize = 8 'exe文件结尾字节数,其它版本可以设置为00 F$ K1 F: d- ^9 m
FlashFileName = ArgObj(0)'传递路径 9 e" R% {8 q" Z+ j! s" f
set AsoR=CreateObject("Adodb.Stream")
3 W4 }8 K p) R5 o. T% GAsoR.Mode=3 6 y7 V* a' i- e
AsoR.Type=1 4 }1 s/ t8 g8 f e* t
AsoR.Open
" i) d# q5 y( w0 D6 M1 _set AsoW=CreateObject("Adodb.Stream")
. [1 e* y b8 y1 FAsoW.Mode=3
3 F' b2 K5 n2 f/ C2 ?AsoW.Type=1 7 S$ I1 x* e# K
AsoW.Open' K% v; A2 ~# X+ [* x. U" U
AsoR.LoadFromFile(FlashFileName)
7 J1 R8 m5 b5 ~( d$ H' L- q& AOKed = true7 n5 H+ r0 J+ T2 R: E
dim filesize
8 P* u$ e) S& Lfilesize = AsoR.size - o0 r8 ] m9 ^( K( Q5 C
if filesize> ositionStart then; w9 o8 n& C. D2 z
while OKed
/ ?( t* U6 L) a. i* R3 x8 ~ AsoR.Position = PositionStart4 z3 _7 E. F; p0 F' c
Tag = Bin2Str(AsoR.read(20))3 ] J0 \1 B6 h O% ?4 b
if instr(Tag,"0000000") >0 then+ I: Z$ U4 Y& B- X; y
PositionStart = PositionStart + 1
% B0 ~( B3 T0 b' S' r3 N6 F else
3 \5 l# o( `+ p5 d PositionStart = PositionStart + 20
7 ?% @8 z4 x, Y8 d; `! v end if
# S Q* B! V# r if Tag = "00000000000000000708783" or Tag = "00000000000000000678783" then
- N# x* Z, s( @' K' F5 s6 v OKed = false4 g% L# [0 w( c, Z! S2 A
end if
* z& |2 E8 i0 J" P 'if PositionStart > filesize then: d$ B# a4 E5 ]4 m' H7 a; A. E# u
' OKed = false
# F7 R0 P2 h8 Z7 S L( \4 G 'end if. m4 L5 |3 @9 z0 q: A6 V. }& i, \
wend
1 _- r5 p0 }6 x7 W g, M0 |else7 Q9 B* V b6 I- O
msgbox "文件错误"
8 B( @& s) P, z! fend if: ?" i t5 E3 \" ~
PositionStart = PositionStart + 16! p. l) z5 J) O1 j; _! b
'msgbox PositionStart/ U: G( t2 \6 [6 C- h" ?
AsoR.Position = PositionStart
6 }/ c& g* X- q0 T7 l4 M; yAsoW.write AsoR.read(filesize-int(PositionStart)-int(EndSize)) 5 w1 [2 a/ W+ d3 s' N! o1 \
'新文件名( q* ^: I& _* e$ W" B
dim newFileName/ y- b& W/ n" F; X
'newFileName = left(FlashFileName,len(FlashFileName)-4) & ".swf"1 X3 |! n s4 o2 ]$ |7 p
newFileName = FlashFileName & ".swf" 0 ?( Z9 D$ ?: l
Set fso = CreateObject("Scripting.FileSystemObject")
, b. d3 ]3 c) X2 P4 VIf (fso.FileExists(newFileName)) Then
) X7 F1 k) {" E3 } overwrite = msgbox(newFileName&" 已存在"& vbnewline &"要替换它吗?",308,"文件已经存在 - exe2swf脚本")& k, D% h9 A! ]" S- g* W6 f
if overwrite=6 then7 t$ |4 t. ]! y* U! L
AsoW.SaveToFile newFileName, 2; K7 L3 ? `. n0 g* G
else
3 g V8 ~8 k- b! K, X* t: | msgbox "操作被取消",0,"exe2swf脚本"
8 |1 _- z+ n- a end if
) D$ o; o u8 v$ J) Z' S! Nelse" T4 e" X% M/ b' x2 ^7 f* z
AsoW.SaveToFile newFileName, 1! }9 S& ?3 U8 ~) _& d; T
end if
, u: U& C0 N& \- N$ Z9 y) gAsoR.close2 x3 O; ^! Y6 _6 x
set AsoR=nothing
1 W$ u e* M" {; Q8 A& o1 @AsoW.close
3 ?3 b7 o* v2 j# g. _set AsoW=nothing % O5 G/ Y8 w' {+ a2 f: _+ m
Function Bin2Str(Bin)
& d I" s+ \4 j/ N* [ Dim I, Str! y4 F6 I' @/ ]: \+ l
For I=1 to LenB(Bin)4 p6 ?2 n4 g4 \9 I
clow=MidB(Bin,I,1)
" \5 d0 E" K6 f, F q if ASCB(clow)<128 then
& Z+ B1 q! [- b" S# Z Str = Str & (ASCB(clow))
4 R7 u/ F# B% A9 B3 ? else
' ^5 G+ E3 T$ p8 ~$ l- ~0 Z3 B0 E# v I=I+1
# d. W# J! l" N, Q$ c# h6 X( J* r6 Z if I <= LenB(Bin) then Str = Str & (ASCW(MidB(Bin,I,1)&clow))
+ ~( I& Q. m) \' a( ] end if! n5 o3 L X& Y+ c+ o) N# T
Next + V- r7 z4 _* Y. H! Q) d
Bin2Str = Str
D& l7 M0 C. y$ X5 B1 f5 gEnd Function / e5 @6 m3 f0 M$ o: }# y/ ~
( C3 l% \; K- L" }+ Z6 O$ `' L4 [ |