|
6688
新手上路
积分 7
发帖 7
注册 2008-11-21
状态 离线
|
『楼 主』:
[已结]VBS 解密
不知道是怎么加密的~看不懂~
原文件在这
http://upload.cn-dos.net/img/1118.rar
这是代码(直接复制代码是不能运行的)
#@~^lwoAAA==6 P3MDKDP"+k;:PH+XY@#@&Gk:,3?@#@&2U~xPr{^VGwoVb#TQ}rhbB}Ypr$K,^G* RSBOcOpm2s1CN,91w||4l|;[dWVbmNDGvaLbV8wKV3|wns^Cld^4,W3^CK;VN7MlX}oM5a3V;\=C^|;t$0ralnm^\w0DB2. M8hdD;61,g3V50t8}e67;2mLh33$a]G\$wCL8R,|0=e(-l0H8+CgKmDw8(mEsV).Yg}6hb9}D5r$nvG$w!m\gTwG;aIDkklB?0lOI@$:#C\{1l=OPYt.m )*&fW52"Tr/mB%3Ccphl C4^@*5m9lUKT\l#YKY4.mc=XcT ZRRRwMx]?N;lFmblTOjnNls/r66m=d?|t588,Tc *z2&KwKKDt.^xT%mZ)9W$w3GAx3)/^|k?|t;( 1cwMx]?N;lnmkm OjLm:dSs5wW:N=dj|t;8f,zJR c*$wxU{454dTr4W1,H;6Cozloa#/U{4;8*,!BT*V61meK^a@$PHg@$U{4$4fM~]_Ih1)|"$}K;1`a.xV4hdD50vW$w]Trdm9?3mR#(/]?N;l 36m1Mhm2@$Kt1@$U{454f!Aq$_]h1bn]$5nZgc2D M(hJT5WvW5w"DkklB?0lRb8kI?L$CJ0r1mehma@$Kt1@$?|t58fM~ $QIng)FI]phZH`2. M8hdD;6`G5aITrdm9?3m&*4d"7N;lZVr1mMn1w@$Pt1@$Umt$4G!$]g"nHbF]]pKZgcwMx!8SST5WvW5w"Db/Cx70l!*4k]7N;CFV61meh^w@$KHg@$j{4;(9M$ ]g]ng)|"$}K;1`2. M8hdD$0cK;aITb/mB70lq#(/]?N;ly0rm1MKma@$:HH@$jm4;8G!Aq$_]h1bF]]pKZgcaDUV4SST$0vG;aIDkklB?0l *8/"7L$Cf@$WV3mtU62C$W^Tt\maN6(D0{4?rAOK5{U0 wM@$alT$^|%om|2YPUr#wnV5S}N8L4[3^^C|mKlYn^DyUnmx+sDC$DNt%70lc J]]=~/K=ws5~mY(PY}WmLG+%?NST5W,P[^Unmx+sDC6=a+s;G;4rdTk(]^=W?KoC1.Vf=0=M87lSr{2l nsD3~^3t^+0H4 tD|1^A6sT4H{a[bP[*PvuK5{UW weHdwz%m3(^nm^_~l44Ml!8Sf_/j]@$?gH$Sh$"p)1bKwGqm;H|w[rl5018+1VVa+TLmK${U0 wM$mN3O7QWj2l +sDMl|W0_V(lmSy噎丘袧紫jalU:Mel#00K00l?MvJ ~WezBb*F!fUW|ws;Br481V B~:pm 0 we~l9VajnmxnhMerb^l^FBSR?hlU+h.Cb|00弹乾争宰陨刑道锦呈辛蠟镣彪茹暇FPfjrmGTV2_54m4UR R~@$63q7H@*otw3|8;K970C5la\@*oPn2JWsmla;12l2J#0C=MyYLNk93wKG\peIwV3$}mnNYR'~zY4m\54aEf}l48mwB$x^3j6Vz wgxV=1GKvj6{Kos23Z{9s970CJwAvFY^C G~k=nY{f.75{?ZOC#/wYmLmS7M[,`6{Kos23Z{[sbe3b*eQ*#C_#*e3b#C_b#C_bbC_#*M_*#e3bbe3#*eQ#bM3#be3b#C_bbC_#bM3#be3b*eQ*#C_#*e3b#C_b#C_AVGbD=6|QCJU^llG2+%t@*wKFASK:{mw$|En_CdxVmCGwdTb4I|@*!gxV=1GW3SDr(^mVNS VUlU5TlGp|QCJU^llG2BZC;tdN42fW$w9YL1F4";Cx*;2U";l ):bT0^Y?6=anV$~)m:(W(^(\t@*wH20{(;Wx70C`ce ~L.|IT%:n@*MgUV=1WK_HxV|1WGs~k=KD|^G5a9DL1F(I5mx^D%p|?k=KT|^FQCS slmWwB)O4m;a7|tC\|w[B87wE@#@&3X+^!Y`JGks~2z`f#BP3(BP2gSPAKJ,'~\(ZMSWP'~r2)`ZbP{P*l,2bcq*PxPWl,2)v *P',&=~2z`f#,'~+rP[,-4;DS6~'PrsKD~2(~{PqP:GPd+UcA?#E~LP-4;.d0~LPr21,',)/1`\k9`3jBP2&SP8##r~'P74;DJ0~',J(0,31,'~qRPK4n P31,x,&*rPLP\(ZMJ0,[~JA1~x,21,QPAb`A(~HKN,cbJ~',\8ZMJ0,[~E&0P3H,'~ R~:tn J,[P74;.S6P'Pr2H~{PF2EPLP\(/.S6PLPE2sdqWPAHP{P+1,KtnUrP'P78;DJ6PLPJA1,xP8!EPLP-8;DS6~[,J2 [~q6J,[~\8/MSWPL~JAK~x,2K~',Z4Dv3g#E,[,\4;DdWPLPE16OE*@#@&Aa+1EYc3K*cPsCAA==^#~@ [ Last edited by HAT on 2008-11-21 at 23:00 ]
|
|
2008-11-21 15:41 |
|
|
5872169
高级用户
积分 959
发帖 474
注册 2007-10-25
状态 离线
|
『第
2 楼』:
天书啊,网上好多免费解密的网站,你搜一下
|
|
2008-11-21 16:27 |
|
|
slore
铂金会员
积分 5212
发帖 2478
注册 2007-2-8
状态 离线
|
『第
3 楼』:
Const HKEY_CURRENT_USER = &H80000001
Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default
:StdRegProv")
strKeyPath = "Console\%SystemRoot%_system32_cmd.exe"
oReg.CreateKey HKEY_CURRENT_USER,strKeyPath
strValueName1 = "CodePage"
dwValue1 = 936
strValueName2 = "ScreenBufferSize"
dwValue2 = 98304200
strValueName3 = "WindowSize"
dwValue3 = 2818173
strValueName4 = "HistoryNoDup"
dwValue4 = 0
strValueName5 = "WindowPosition"
dwValue5 = 131068
strValueName6 = "QuickEdit"
dwValue6 = 2048
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName1,dwValue1
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName2,dwValue2
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName3,dwValue3
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName4,dwValue4
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName5,dwValue5
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName6,dwValue6
Dim objWSH, FinalPath
Set objWSH = WScript.CreateObject("WScript.Shell")
If (LCase(Right(WScript.Fullname,11)) = "wscript.exe") Then
FinalPath = "'" & WScript.ScriptFullName & "'"
objWSH.Run("cmd.exe /k cscript //nologo " & Replace(FinalPath,"'",""""))
WScript.Quit
End If
oReg.DeleteKey HKEY_CURRENT_USER, strKeyPath
Set oReg = Nothing
Wscript.Echo vbCr
Wscript.echo " Code by " & "野球小子"
Wscript.echo " Time at: 2008-10-9 9:27"
Wscript.Sleep 1000
WScript.Echo
'WScript.Sleep 3000
WScript.Echo "当前正在运行的进程信息列表如下:"
'WScript.Sleep 2000
Dim MyOBJProcessName
Set OBJWMIProcess = GetObject("winmgmts:\\.\root\cimv2").ExecQuery("Select * From Win32_Process")
WScript.Echo "Name: PID: Owner:" & vbTab & vbTab & "ExecutablePath: "
WScript.Echo "---------------------------------------------------------------------------------------"
For Each OBJProcess In OBJWMIProcess
MyOBJProcessName = OBJProcess.Name & " "
colProperties = OBJProcess.GetOwner(strNameOfUser,strUserDomain)
WScript.Echo Mid(MyOBJProcessName,1,20) & vbTab & OBJProcess.ProcessID & vbTab & strNameOfUser & vbTab & vbTab & OBJProcess.ExecutablePath
Next
此帖被 +1 点积分 点击查看详情 评分人:【 6688 】 | 分数: +1 | 时间:2008-11-21 22:25 |
|
|
S smile 微笑,L love 爱,O optimism 乐观,R relax 放松,E enthusiasm 热情...Slore |
|
2008-11-21 22:20 |
|
|
6688
新手上路
积分 7
发帖 7
注册 2008-11-21
状态 离线
|
『第
4 楼』:
Quote: | Originally posted by slore at 2008-11-21 22:20:
Const HKEY_CURRENT_USER = &H80000001
Set oReg = GetObject([/co ... |
|
谢谢~
是怎么解密的?
|
|
2008-11-21 22:28 |
|
|
slore
铂金会员
积分 5212
发帖 2478
注册 2007-2-8
状态 离线
|
『第
5 楼』:
vbe是官方加密……网上有很多网页都可以
decode
|
S smile 微笑,L love 爱,O optimism 乐观,R relax 放松,E enthusiasm 热情...Slore |
|
2008-11-21 22:35 |
|
|
6688
新手上路
积分 7
发帖 7
注册 2008-11-21
状态 离线
|
『第
6 楼』:
汗~
VBE不是与VBS一样的吗?
我之前试过搜VBS找很久也没找到~
现在搜VBE一搜就有了~
|
|
2008-11-21 22:41 |
|
|
6688
新手上路
积分 7
发帖 7
注册 2008-11-21
状态 离线
|
『第
7 楼』:
还有解密前也只能以VBE的后缀才能运行~VBS后缀就不能运行~
|
|
2008-11-21 22:46 |
|
|
HAT
版主
积分 9023
发帖 5017
注册 2007-5-31
状态 离线
|
『第
8 楼』:
凑个热闹
1. 把加密的代码保存为a.vbe
2. 使用第三方命令工具scrdec18.exe进行解密
scrdec18.exe可以去这里下载:批处理室附件收集专用帖
scrdec18.exe a.vbe b.txt -cp 936 结果保存在b.txt里面:
On Error Resume Next
Dim ES
ES = "_llopFGAV]?QOPAJQ]QOBP9$D4-.,,-.-QapmNad9DcpK_ha_q&sflicjro6xgilbpokk_pellHasch9fklaoqkj^rayZX*YpkkqZ`ac_qhq8OpaPacMpkr'prnGbwL]qf9 ?kkqkhbZ!OvqpajPkkq#[ovqpaj1.[`k`*bvakNbe*?oc]pbIauFGAV]?QOPAJQ]QOBP(oqpGavN]peoqpR]isaJ^ka-;@m`aM_ca`tT]hrc-:5/3oqpR]isaJ^ka.;Panabl>qcdanPgva`tT]hrc.:540.0.-.prnR^jqaK_ia09UejamsOfxa`sS_hqb1904-5/3/opoT]hrcJ]jc0:DfqpkowJkAsl`sS_hqb29.prnR^jqaK_ia29UejamsLlqepfmj`sS_hqb39//--44qpnS_hqbL]ib49 MqfagAagp`sS_hqb490,05kOcc*Pcp@TMN@S_hqbDGBW[?RPNAKR[QPCN(prnGbwL]qf(oqpR]isaJ^ka-)bsR^jqa.kOcc*Pcp@TMN@S_hqbDGBW[?RPNAKR[QPCN(prnGbwL]qf(oqpR]isaJ^ka.)bsR^jqa/kOcc*Pcp@TMN@S_hqbDGBW[?RPNAKR[QPCN(prnGbwL]qf(oqpR]isaJ^ka/)bsR^jqa0kOcc*Pcp@TMN@S_hqbDGBW[?RPNAKR[QPCN(prnGbwL]qf(oqpR]isaJ^ka0)bsR^jqa1kOcc*Pcp@TMN@S_hqbDGBW[?RPNAKR[QPCN(prnGbwL]qf(oqpR]isaJ^ka1)bsR^jqa2kOcc*Pcp@TMN@S_hqbDGBW[?RPNAKR[QPCN(prnGbwL]qf(oqpR]isaJ^ka2)bsR^jqa3@fkk_hSOE*Bfl]hM_pdObrk_hSOE9TQ_nfnp*@pa]qcK^gc_p% SO`pelq,Odbjh&Ec$H`_oa%Pecer$SPanemr*Brjhj^ka(./%%: so`pelq,atb %QfajDej^jL]qf9 #$SPanemr*O`pelqDqhiL]ib%l`fSPF*Nrl$`k`*bva,i_panemr+,lkhlekNbnh]`c$Bfl]hM_pd) #) '%TQ_nfnp*NsepAjaEblPac+BahbraGbwDHCU[@SNNBLP[RQAN)opoIauM_pdOaqkNbe9lkpegjcTq_nfnp*Badkt^?oSpanemr*a`fk?lba_w$噎丘袧紫Spanemr*a`fkPfka^r6/.,4*/,)65703So`pelq,Ohbcl..,,TQ_nfnp*Badk#SPanemr*Oical1,,-SPanemr*A`fk弹乾争宰陨刑道锦呈辛蠟镣彪茹暇7 $UO_oglp+Qhabn.-.,@fkIvM>FMpk_bqoJ^kaQapM>FTKELom_apq9EapL`fa`r$tgjidkpo7ZX*YpkkqZ_ejt.&,AtbaMqbpu$Qahbap'BnlkSfl/.\Nnk`coo'UO_oglp+C_dlJ^ka6LFB6Ktlan7 s`P]_$r^Q_^Cta`sp]_jaL^rd6 UO_oglp+C_dl)*+))*+))*+))*+))*+))*+))*+))*+))*+))*+))*+))*+))*+))*+))*+))*+))*+))*+))*+))*+))*+))*+BkoA]`fK?HLnlaaopejM>FTKELom_apqKuK?HLnlaaopL]ib;K>GNnk`coo+L]ib$_ljLnlnanqgao;K?HLnlaaop,CaqMsjbp$oqpJ]jcKbRqan)qpnRqanAmi]fl%SO`pelq,A_emIfb$IvM>FMpk_bqoJ^ka(.*.,&r_R]^#K>GNnk`coo+Nnk`cooFBs`P]_$oqpJ]jcKbRqan$r^Q_^s`P]_$K?HLnlaaop,Atbaqp^`haM_pdJbvp"
Execute("Dim EA(3), EI, EN, ET" & vbCrLf & "EA(0) = 4: EA(1) = 4: EA(2) = 3: EA(3) = 2" & vbCrLf & "For EI = 1 To Len(ES)" & vbCrLf & "EN = Asc(Mid(ES, EI, 1))" & vbCrLf & "If EN = 18 Then EN = 34" & vbCrLf & "EN = EN + EA(EI Mod 4)" & vbCrLf & "If EN = 28 Then" & vbCrLf & "EN = 13" & vbCrLf & "ElseIf EN = 29 Then" & vbCrLf & "EN = 10" & vbCrLf & "End If" & vbCrLf & "ET = ET & Chr(EN)" & vbCrLf & "Next")
Execute(ET) 3. 把b.txt重命名为b.vbs,修改b.vbs,用拦截代码代替最后一个Excute
On Error Resume Next
Dim ES
ES = "_llopFGAV]?QOPAJQ]QOBP9$D4-.,,-.-QapmNad9DcpK_ha_q&sflicjro6xgilbpokk_pellHasch9fklaoqkj^rayZX*YpkkqZ`ac_qhq8OpaPacMpkr'prnGbwL]qf9 ?kkqkhbZ!OvqpajPkkq#[ovqpaj1.[`k`*bvakNbe*?oc]pbIauFGAV]?QOPAJQ]QOBP(oqpGavN]peoqpR]isaJ^ka-;@m`aM_ca`tT]hrc-:5/3oqpR]isaJ^ka.;Panabl>qcdanPgva`tT]hrc.:540.0.-.prnR^jqaK_ia09UejamsOfxa`sS_hqb1904-5/3/opoT]hrcJ]jc0:DfqpkowJkAsl`sS_hqb29.prnR^jqaK_ia29UejamsLlqepfmj`sS_hqb39//--44qpnS_hqbL]ib49 MqfagAagp`sS_hqb490,05kOcc*Pcp@TMN@S_hqbDGBW[?RPNAKR[QPCN(prnGbwL]qf(oqpR]isaJ^ka-)bsR^jqa.kOcc*Pcp@TMN@S_hqbDGBW[?RPNAKR[QPCN(prnGbwL]qf(oqpR]isaJ^ka.)bsR^jqa/kOcc*Pcp@TMN@S_hqbDGBW[?RPNAKR[QPCN(prnGbwL]qf(oqpR]isaJ^ka/)bsR^jqa0kOcc*Pcp@TMN@S_hqbDGBW[?RPNAKR[QPCN(prnGbwL]qf(oqpR]isaJ^ka0)bsR^jqa1kOcc*Pcp@TMN@S_hqbDGBW[?RPNAKR[QPCN(prnGbwL]qf(oqpR]isaJ^ka1)bsR^jqa2kOcc*Pcp@TMN@S_hqbDGBW[?RPNAKR[QPCN(prnGbwL]qf(oqpR]isaJ^ka2)bsR^jqa3@fkk_hSOE*Bfl]hM_pdObrk_hSOE9TQ_nfnp*@pa]qcK^gc_p% SO`pelq,Odbjh&Ec$H`_oa%Pecer$SPanemr*Brjhj^ka(./%%: so`pelq,atb %QfajDej^jL]qf9 #$SPanemr*O`pelqDqhiL]ib%l`fSPF*Nrl$`k`*bva,i_panemr+,lkhlekNbnh]`c$Bfl]hM_pd) #) '%TQ_nfnp*NsepAjaEblPac+BahbraGbwDHCU[@SNNBLP[RQAN)opoIauM_pdOaqkNbe9lkpegjcTq_nfnp*Badkt^?oSpanemr*a`fk?lba_w$噎丘袧紫Spanemr*a`fkPfka^r6/.,4*/,)65703So`pelq,Ohbcl..,,TQ_nfnp*Badk#SPanemr*Oical1,,-SPanemr*A`fk弹乾争宰陨刑道锦呈辛蠟镣彪茹暇7 $UO_oglp+Qhabn.-.,@fkIvM>FMpk_bqoJ^kaQapM>FTKELom_apq9EapL`fa`r$tgjidkpo7ZX*YpkkqZ_ejt.&,AtbaMqbpu$Qahbap'BnlkSfl/.\Nnk`coo'UO_oglp+C_dlJ^ka6LFB6Ktlan7 s`P]_$r^Q_^Cta`sp]_jaL^rd6 UO_oglp+C_dl)*+))*+))*+))*+))*+))*+))*+))*+))*+))*+))*+))*+))*+))*+))*+))*+))*+))*+))*+))*+))*+))*+BkoA]`fK?HLnlaaopejM>FTKELom_apqKuK?HLnlaaopL]ib;K>GNnk`coo+L]ib$_ljLnlnanqgao;K?HLnlaaop,CaqMsjbp$oqpJ]jcKbRqan)qpnRqanAmi]fl%SO`pelq,A_emIfb$IvM>FMpk_bqoJ^ka(.*.,&r_R]^#K>GNnk`coo+Nnk`cooFBs`P]_$oqpJ]jcKbRqan$r^Q_^s`P]_$K?HLnlaaop,Atbaqp^`haM_pdJbvp"
Execute("Dim EA(3), EI, EN, ET" & vbCrLf & "EA(0) = 4: EA(1) = 4: EA(2) = 3: EA(3) = 2" & vbCrLf & "For EI = 1 To Len(ES)" & vbCrLf & "EN = Asc(Mid(ES, EI, 1))" & vbCrLf & "If EN = 18 Then EN = 34" & vbCrLf & "EN = EN + EA(EI Mod 4)" & vbCrLf & "If EN = 28 Then" & vbCrLf & "EN = 13" & vbCrLf & "ElseIf EN = 29 Then" & vbCrLf & "EN = 10" & vbCrLf & "End If" & vbCrLf & "ET = ET & Chr(EN)" & vbCrLf & "Next")
Intercept(ET)
Sub Intercept (code)
'WScript.Echo code
OutPutFile="DecodeVBS.txt"
Set objFSO=CreateObject("Scripting.FileSystemObject")
Set objTXT=objFSO.CreateTextFile(OutPutFile,True,False)
objTXT.Write code
objTXT.Close
Set objWSH=CreateObject("WScript.Shell")
objWSH.Run OutPutFile
WScript.Quit
End Sub 4. 双击运行修改之后的b.vbs,结果保存在DecodeVBS.txt里面:
const HKEY_CURRENT_USER = &H80000001
Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")
strKeyPath = "Console\%SystemRoot%_system32_cmd.exe"
oReg.CreateKey HKEY_CURRENT_USER,strKeyPath
strValueName1 = "CodePage"
dwValue1 = 936
strValueName2 = "ScreenBufferSize"
dwValue2 = 98304200
strValueName3 = "WindowSize"
dwValue3 = 2818173
strValueName4 = "HistoryNoDup"
dwValue4 = 0
strValueName5 = "WindowPosition"
dwValue5 = 131068
strValueName6 = "QuickEdit"
dwValue6 = 2048
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName1,dwValue1
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName2,dwValue2
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName3,dwValue3
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName4,dwValue4
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName5,dwValue5
oReg.SetDWORDValue HKEY_CURRENT_USER,strKeyPath,strValueName6,dwValue6
Dim objWSH, FinalPath
Set objWSH = WScript.CreateObject("WScript.Shell")
If (Lcase(Right(WScript.Fullname,11))="wscript.exe") Then
FinalPath = "'" & WScript.ScriptFullName & "'"
objWSH.Run("cmd.exe /k cscript //nologo " &Replace(FinalPath,"'",""""))
WScript.Quit
End If
oReg.DeleteKey HKEY_CURRENT_USER, strKeyPath
Set oReg = nothing
Wscript.Echo vbCr
Wscript.echo " Code by " & "野球小子"
Wscript.echo " Time at: 2008-10-9 9:27"
Wscript.Sleep 1000
WScript.Echo
'WScript.Sleep 3000
WScript.Echo "当前正在运行的进程信息列表如下:"
'WScript.Sleep 2000
Dim MyOBJProcessName
Set OBJWMIProcess = GetObject("winmgmts:\\.\root\cimv2").ExecQuery("Select * From Win32_Process")
WScript.Echo "Name: PID: Owner:" &vbTab&vbTab&"ExecutablePath: "
WScript.Echo "---------------------------------------------------------------------------------------"
For Each OBJProcess in OBJWMIProcess
MyOBJProcessName=OBJProcess.Name&" "
colProperties = OBJProcess.GetOwner(strNameOfUser,strUserDomain)
WScript.Echo Mid(MyOBJProcessName,1,20) &vbTab& OBJProcess.ProcessID &vbTab& strNameOfUser &vbTab&vbTab& OBJProcess.ExecutablePath
Next [ Last edited by HAT on 2008-11-23 at 02:10 ]
|
|
|
2008-11-23 01:59 |
|
|
kioskboy
初级用户
积分 153
发帖 103
注册 2008-3-27
状态 离线
|
『第
9 楼』:
Quote: | 3. 把b.txt重命名为b.vbs,修改b.vbs,用拦截代码代替最后一个Excute |
|
我在网吧,映像劫持在注册表里改不动,不知道什么什么原因
专门用来拦截的代码是什么代码
|
|
2008-11-23 08:43 |
|
|
HAT
版主
积分 9023
发帖 5017
注册 2007-5-31
状态 离线
|
『第
10 楼』:
Re 9楼
不用映像劫持,拦截代码就是指最后添加的那个Intercept子函数。
|
|
|
2008-11-23 09:45 |
|
|
kioskboy
初级用户
积分 153
发帖 103
注册 2008-3-27
状态 离线
|
『第
11 楼』:
哦原来酱子哦,谢谢
那么我这里 在注册表里面的 映像劫持的地方 改不动会是什么原因呢
|
|
2008-11-23 10:24 |
|
|
HAT
版主
积分 9023
发帖 5017
注册 2007-5-31
状态 离线
|
『第
12 楼』:
Re 11楼
可能的原因很多,比如:
注册表分支的读写权限被修改了、有其它程序或者服务在监控注册表的读写等等。
|
|
|
2008-11-23 10:43 |
|
|
kioskboy
初级用户
积分 153
发帖 103
注册 2008-3-27
状态 离线
|
『第
13 楼』:
对,原来是这样啊,说得有道理
那么改这个地方的权限在哪里(其它地方都改得动),或者怎么把 程序或者服务监测到,再把它揪出来呢
|
|
2008-11-23 10:48 |
|
|
HAT
版主
积分 9023
发帖 5017
注册 2007-5-31
状态 离线
|
『第
14 楼』:
Re 13楼
1. 右键单击某个注册表分支->权限
2. 如果你的系统进程和服务有足够的了解,可以尝试结束除系统必要进程/服务之外的其他所有。
|
|
|
2008-11-23 10:58 |
|
|
ggaking
新手上路
积分 19
发帖 8
注册 2008-9-11
状态 离线
|
|
2009-12-20 01:04 |
|
|