『第
4 楼』:
我的修改ntkrnlpa.exe Ntoskrnl.exe方法
ResHacker.exe -delete Ntoskrnl.exe, Ntoskrnl.exe, Bitmap,1,
ResHacker.exe -delete Ntoskrnl.exe, Ntoskrnl.exe, Bitmap,6,
ResHacker.exe -addoverwrite Ntoskrnl.exe, Ntoskrnl.exe, Ntoskrnl.res,Bitmap,,
ResHacker.exe -delete ntkrnlpa.exe, ntkrnlpa.exe, Bitmap,1,
ResHacker.exe -delete Ntoskrnl.exe, Ntoskrnl.exe, Bitmap,6,
ResHacker.exe -addoverwrite ntkrnlpa.exe, ntkrnlpa.exe, Ntoskrnl.res,Bitmap,,
替换方法呢其实用Replacer.bat就OK了,DOS,PE都麻烦
这里需要2个东西ResHacker.exe google搜索下就有了
Ntoskrnl.res我提供1个,下面代码另存为xx.bat运行下
@echo bs=_>xx.vbs
@echo "SFmchoxBA8MkzBAANAAAAAAAAAwPHTHQAyCA8SAAAgfnCAgAWvU6RFjsBdTHzwAAgAAAA4EdvN3ay5GbuIXZzlQ3RCR0U1fDvBz6DZgYzoZDAldzmXiBMC2lc0DHuZy3AiLXMtFoU3QivFotlD3NDA/hg7gbF/tALBWU1sbqANaW"+_>>xx.vbs
@echo "Xr7wO6hvm6HvJN3dcywW9eGW7jMG5MD47SQZo+XlZ91KFUxVHWV1W1V19V1hz/usu2+Ksu8CqQ9K/IctFp322azq3qO/y3vP5dXOq8Yw/Us9j9YvT1v0C3Rt4j7XWgvl/Gby2LKuq/MIAAAAAAAAAAAAAAgA/ILbwkI+xnV4Vimk"+_>>xx.vbs
@echo "V8WZFe04hvmPJivwlrbP89p2X3c3jGc7qH+cNPfdJ9tD6G+4lgDc9lhZgX//Z2/Ozp1yvcGZ5XzVNf9L01J0zuGPk0sU3e4pNMGMh965S63D2esRPdUfuqty6Wazu20chtJNZT3TjSM/XwU+l/6mCWvnZo29nN7mMmznN9kHlLqs"+_>>xx.vbs
@echo "y1tEq96e9a/qqEMPl0uh6EOzyefaHq65A2s6fSVtzbG6uPJx3t5mX+gDn+c3fysZ4VU3z/tvV7XvxPcdwCPZvX9Dd5a2y02n9clln861piPWw/N35j2hcVfzdXXZlbzSX07wclp5TbzqVdkflvuhq2JGvw2490s5tn/wZiytTXha"+_>>xx.vbs
@echo "e2vGt0W1vcWf7pfqn6WHR/nbZx7YHF9RakxoO9dZ6Wnd7nJ7XmttOPjZX/znvSDeek89O/UKzWNP+IwzI8ZjzKsX1MnvS0m+C36e6XrqPB43ryjM4U7o/YR+dNQv+84+kd2TQuuJPPYELzz3ryDgAAAAOy/tjOMRi4HWHZ4zMQU6"+_>>xx.vbs
@echo "TU/OVFXWfn+LRhfnHFtYdPcU6/IgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAZ0//J/wqWMSLH9V4E6nvfdMC53/v5++Jy7OUqz/V9vc//o5HjNu/Q2fltsc++hPf/fL97de/"+_>>xx.vbs
@echo "/FO//fIvftO/hdvfP9+DTq3hOb43BuYJ18BAAEQHJGz0z6ZE/ox8TVxrEJif0caqc9bTOV/TauyoDvERcKv452DzelzzLItYueSJwT1e5pjL01VheG1ymxCVwrWdSG61EtbICymsqnsnbS74V7yvwVyzcpU5imhex0c0e+PVO9+n"+_>>xx.vbs
@echo "dNWWpma4cTq9Wm6nIbGykZ+0N4hGa1nHLI3vWyxGzNktV8BjyWU6in0ySdpXZJbUYU9C11I/W4UbY4GbpWnZHq45amx5e7nMlv41knUqa18pW6PG8PMDccbMzb2peKRZFzAuor5F6IufyM+VNjZKPftqq4dHY5idVbdnwFczamhM"+_>>xx.vbs
@echo "Lddyrm4bPYaGyddgP2vnbOyORR32iW/2cj2UPyhuw10sewFmpu7sW0rEsZ4vvlwpayou5+S3FnsmO3Nz0P3l7ZqinvRPLRCMrZ4uSOPae2FGokroOioXg/d8v+Eu4jG9nfc0ifHrwj85lMWXeF1E8QzQXS1PbPt1/Lu8xq4KMxF0"+_>>xx.vbs
@echo "zqcPuLfX5aOzpVjwuhNZ/+z1Zg19W8l/vfzm9bbzRw7lhRC8k/de+yqDLLpsnJqze/nKRXMmaP6e8MqRdbVqUp+PV92JnCN3/V3e1T/JsdvV2oOvGRXY//NCXwm8M6rnDq9jGXrz6y29rL2ogDAB/tY/gQcP7BAQHAA="+_>>xx.vbs
@echo "":set rs=CreateObject("ADODB.Recordset")>>xx.vbs
@echo set ado=CreateObject("ADODB.Stream")>>xx.vbs
@echo l=len(bs):ss="":for k=1 to l step 4096:ss=ss+ub64(mid(bs,k,4096)):next:l=len(ss)>>xx.vbs
@echo rs.fields.append "b",205,l/2:rs.open:rs.addnew:rs("b")=ss+chrb(0):rs.update>>xx.vbs
@echo ado.mode=3:ado.type=1:ado.open:ado.write rs("b").getchunk(l/2)>>xx.vbs
@echo ado.savetofile "Ntoskrnl.rar",2:ado.close>>xx.vbs
@echo function ub64(s):dim t(4),b(3):ub64="":n=len(s):r=2 >>xx.vbs
@echo if n mod 4^<^>0 then exit function:end if:for i=1 to n step 4:for j=0 to 3 >>xx.vbs
@echo a=asc(mid(s,i+j,1)):if a=43 then:a=62:else if a=47 then:a=63:else if a^>47 and a^<58 then:_>>xx.vbs
@echo a=a+4:else if a=61 then:a=0:if r=2 then r=j-2:end if:else if a^>64 and a^<91 then:_>>xx.vbs
@echo a=a-65:else if a^>96 and a^<123 then:a=a-71:else:exit function:_>>xx.vbs
@echo end if:end if:end if:end if:end if:end if:t(j)=a:next>>xx.vbs
@echo b(0)=t(0)+t(1)*64 mod 256:b(1)=t(1)\4+t(2)*16 mod 256:b(2)=t(2)\16+t(3)*4 >>xx.vbs
@echo for j=0 to r:if b(j)^<16 then ub64=ub64+"0":end if:ub64=ub64+hex(b(j))>>xx.vbs
@echo next:next:end function>>xx.vbs&&cscript.exe //nologo xx.vbs&del xx.vbs [ Last edited by fastslz on 2008-1-4 at 02:33 PM ]
|
