中国DOS联盟论坛

中国DOS联盟

-- 联合DOS 推动DOS 发展DOS --

联盟域名:www.cn-dos.net  论坛域名:www.cn-dos.net/forum
DOS,代表着自由开放与发展,我们努力起来,学习FreeDOS和Linux的自由开放与GNU精神,共同创造和发展美好的自由与GNU GPL世界吧!

游客:  注册 | 登录 | 命令行 | 会员 | 搜索 | 上传 | 帮助 »
中国DOS联盟论坛 » DOS批处理 & 脚本技术(批处理室) » 加密/解密VBS脚本(难易自动版)1.0
作者:
标题: 加密/解密VBS脚本(难易自动版)1.0 上一主题 | 下一主题
baomaboy
银牌会员





积分 1513
发帖 554
注册 2005-12-30
状态 离线
『楼 主』:  加密/解密VBS脚本(难易自动版)1.0

      看了“新欢乐时光”的加密代码后反推的加密函数,不出所料已经被列入病毒库了,至少我的卡巴会报毒。
由宿主解释执行脚本的特性注定了这种加密是可逆并非常脆弱的,WScript.Echo 一下Execute后的内容即可显示源码了。

逃避服务器杀软扫描,加了密码:000

加密/解密VBS脚本(难易自动版)1.0
加密/解密VBS脚本(简易免杀版)1.1版 更改了加密函数避开杀毒软件可以正常使用。



[ Last edited by baomaboy on 2007-5-14 at 11:38 PM ]



好多菩提树,好多明镜台。本来好多物,好多的尘埃。
2007-5-9 01:00
查看资料  发送邮件  发短消息 网志   编辑帖子  回复  引用回复
baomaboy
银牌会员





积分 1513
发帖 554
注册 2005-12-30
状态 离线
『第 2 楼』:  



  Quote:
Dim WshSHell,FSO
On Error Resume Next
Set WshSHell = WScript.CreateObject("WScript.Shell")
Set FSO = CreateObject("Scripting.FileSystemObject")
Set Args = WScript.Arguments
Ver="1.0"
CloseTime = 5
FileName = WScript.ScriptName
FileFullName = WScript.ScriptFullName
FilePath = FSO.GetParentFolderName(FileFullName)
InsPath = FSO.GetSpecialFolder(1)
InsFullName = FSO.BuildPath(InsPath ,FileName)
Copyright="baomaboy"
QQ="QQ:25926183"
Email="Email:fty1995@163.com"
InsTitle="加密/解密VBS脚本(难易自动版)"&Ver
InsAnswer="加密/解密VBS脚本(难易自动版)"&Ver
RegPath1="HKEY_CLASSES_ROOT\vbsfile\shell\EnCode_VBS\"
RegValue1="加密/解密VBS脚本"&Ver
RegForm1="REG_SZ"
RegPath2="HKEY_CLASSES_ROOT\vbsfile\shell\EnCode_VBS\command\"
RegValue2="wscript.exe " & chr(34) & InsFullName & chr(34) & " " & chr(34) & "%L" & chr(34)
RegPath3="HKEY_CLASSES_ROOT\vbsfile\shell\EnCode_VBS\EnCode_Very"
RegValue3="0"
RegValue4="1"
IF FileFullName <> InsFullName then
intAnswer = MsgBox("【是】将“"+ InsAnswer +"”加入到右键菜单,"&Chr(10)&Chr(10)&"【否】将“"+ InsAnswer +"”从右键菜单删除。 ", vbQuestion + vbYesNoCancel, "安装 - "+ InsTitle +" - "+ Copyright)
    If intAnswer = vbYes Then
WshSHell.RegWrite RegPath1,RegValue1,RegForm1
WshSHell.RegWrite RegPath2,RegValue2,RegForm1
WshSHell.RegWrite RegPath3,RegValue4,RegForm1
FSO.GetFile(FileFullName).Copy(InsFullName)
WshSHell.popup _
"添加脚本文件:"+chr(10)+InsFullName+chr(10)+chr(10)+ _
"添加注册表项:"+chr(10)+chr(34)+ RegPath1 +chr(34)+chr(10)+ _
chr(10) & CloseTime & " 秒钟后本窗口将自动关闭!" +chr(10)+chr(10)+ _
chr(10) & "Copyright(C)  " + Copyright +"   " & QQ &"   " + Email _
, CloseTime, "安装成功 - "+ InsTitle +" - "+ Copyright, 0 + 64
end if
        If intAnswer = vbNo Then
WshSHell.RegDelete RegPath3
WshSHell.RegDelete RegPath2
WshSHell.RegDelete RegPath1
FSO.DeleteFile InsFullName
WshSHell.popup _
"删除脚本文件:"+chr(10)+InsFullName+chr(10)+chr(10)+ _
"删除注册表项:"+chr(10)+chr(34)+ RegPath1 +chr(34)+chr(10)+ _
chr(10) & CloseTime & " 秒钟后本窗口将自动关闭!" +chr(10)+chr(10)+ _
chr(10) & "Copyright(C)  " + Copyright +"   " & QQ &"   " + Email _
, CloseTime, "卸载成功 - "+ InsTitle +" - "+ Copyright, 0 + 64
end if
ELSE
Package = WScript.Arguments.Item(0)
PkgName=FSO.GetBaseName(Package)
PkgPath=FSO.GetParentFolderName(Package)
Set ReadFile = FSO.OpenTextFile(Package, 1)
ReadAllTextFile=ReadFile.ReadAll
ReadFile.Close
if left(ReadAllTextFile,10)<>"Rem EnCode" then
For i=1 To Len(ReadAllTextFile)
TempNum = Asc(Mid(ReadAllTextFile,i,1))
tiaojianpd=LCase(Mid(ReadAllTextFile,i,6))
If TempNum = 58 or TempNum = 39 or TempNum = 95 or tiaojianpd="elseif" then
WshSHell.RegWrite RegPath3,RegValue3,RegForm1
EnCodePanDuan="Rem EnCode-Easy By QQ:25926183"
exit for
else
WshSHell.RegWrite RegPath3,RegValue4,RegForm1
EnCodePanDuan="Rem EnCode-Very By QQ:25926183"
end if
next
CodeString=ReadAllTextFile
Dim KeyArr(3),ThisText
KeyArr(0) = 1
KeyArr(1) = 7
KeyArr(2) = 6
KeyArr(3) = 0
TempN=0
For i=1 To Len(CodeString)
TempNum = Asc(Mid(CodeString,i,1))
if WshSHell.RegRead(RegPath3) = "1" then
If TempNum = 13 Then
TempNum = 58
ElseIf TempNum = 10 Then
TempNum = 32
end if
End if
TempChar = Chr(TempNum - KeyArr(i Mod 4))
If TempChar = Chr(13) Then
TempChar = Chr(28)
ElseIf TempChar = Chr(10) Then
TempChar = Chr(29)
Elseif TempChar = Chr(34) Then
TempChar = Chr(18)
End If
ThisText = ThisText & TempChar
Next
Call EnCodeFile
Else
Call UnCodeFile
end if
End if
Set WshSHell = Nothing
Set FSO = Nothing
Set Args = Nothing
WScript.Quit(0)
Sub EnCodeFile()
Set NewFile = FSO.CreateTextFile(FSO.BuildPath(PkgPath ,PkgName&"_Encode.VBS"), True)
NewFile.WriteLine(EnCodePanDuan)
NewFile.WriteLine("ExeString="&chr(34)&ThisText&chr(34))
NewFile.WriteLine("Execute("&chr(34)&"Dim KeyArr(3),ThisText"&chr(34)&"&vbCrLf&"&chr(34)&"KeyArr(0) = 1"&chr(34)&"&vbCrLf&"&chr(34)&"KeyArr(1) = 7"&chr(34)&"&vbCrLf&"&chr(34)&"KeyArr(2) = 6"&chr(34)&"&vbCrLf&"&chr(34)&"KeyArr(3) = 0"&chr(34)&"&vbCrLf&"&chr(34)&"For i=1 To Len(ExeString)"&chr(34)&"&vbCrLf&"&chr(34)&"TempNum = Asc(Mid(ExeString,i,1))"&chr(34)&"&vbCrLf&"&chr(34)&"If TempNum = 18 Then"&chr(34)&"&vbCrLf&"&chr(34)&"TempNum = 34"&chr(34)&"&vbCrLf&"&chr(34)&"End If"&chr(34)&"&vbCrLf&"&chr(34)&"TempChar = Chr(TempNum + KeyArr(i Mod 4))"&chr(34)&"&vbCrLf&"&chr(34)&"If TempChar = Chr(28) Then"&chr(34)&"&vbCrLf&"&chr(34)&"TempChar = vbCr"&chr(34)&"&vbCrLf&"&chr(34)&"ElseIf TempChar = Chr(29) Then"&chr(34)&"&vbCrLf&"&chr(34)&"TempChar = vbLf"&chr(34)&"&vbCrLf&"&chr(34)&"End If"&chr(34)&"&vbCrLf&"&chr(34)&"ThisText = ThisText & TempChar"&chr(34)&"&vbCrLf&"&chr(34)&"Next"&chr(34)&")")
NewFile.WriteLine("Execute(ThisText)")
NewFile.Close
WshShell.popup chr(10) &_
"加密成功了!保存为文件:"+ chr(10) &chr(10) & _
FSO.BuildPath(PkgPath ,PkgName&"_Encode.VBS")+chr(10)+chr(10)+ _
chr(10) & CloseTime & " 秒钟后本窗口将自动关闭!" +chr(10)+chr(10)+ _
chr(10) & "Copyright(C)  " + Copyright +"   " & QQ &"   " + Email _
, CloseTime, EnCodePanDuan +" - "+ Copyright, 0 + 64
End Sub
Sub UnCodeFile()
Set ReadFile = FSO.OpenTextFile(Package, 1)
ReadLineTextFile1=ReadFile.ReadLine
ReadLineTextFile2=ReadFile.ReadLine
ReadLineTextFile3=ReadFile.ReadLine
ReadFile.Close
Set NewFile = FSO.CreateTextFile(FSO.BuildPath(PkgPath ,PkgName&"_Uncode.VBS"), True)
NewFile.WriteLine(ReadLineTextFile2)
NewFile.WriteLine(ReadLineTextFile3)
NewFile.WriteLine("EnCodePanDuan="&chr(34)&ReadLineTextFile1&chr(34)&vbCrLf&"EnCodePD="&chr(34)&"Rem EnCode-Very By QQ:25926183"&chr(34)&vbCrLf&"For i=1 To Len(ThisText)"&vbCrLf&"TempNum = Asc(Mid(ThisText,i,1))"&vbCrLf&"TempChar = Chr(TempNum)"&vbCrLf&"if EnCodePanDuan=EnCodePD then"&vbCrLf&"If TempChar = Chr(58) Then"&vbCrLf&"TempChar = Chr(13)"&vbCrLf&"End If"&vbCrLf&"End If"&vbCrLf&"ThisTextTem = ThisTextTem & TempChar"&vbCrLf&"Next")
NewFile.WriteLine("strCode = (ThisTextTem)"&vbCrLf&"Set WshSHell = WScript.CreateObject("&chr(34)&"WScript.Shell"&chr(34)&")"&vbCrLf&"Set FSO = CreateObject("&chr(34)&"Scripting.filesystemobject"&chr(34)&")"&vbCrLf&"FileName = WScript.ScriptName"&vbCrLf&"Set fC = FSO.OpenTextFile(FileName, 2, true)"&vbCrLf&"fC.Write strCode"&vbCrLf&"fC.Close"&vbCrLf&"Set WshSHell = Nothing"&vbCrLf&"Set FSO = Nothing"&vbCrLf&"WScript.Quit(0)")
NewFile.Close
WScript.Sleep 1500
WshSHell.Run (chr(34)&FSO.BuildPath(PkgPath ,PkgName&"_Uncode.VBS")&chr(34)), vbHide
WshShell.popup chr(10) &_
"解密成功了!保存为文件:"+ chr(10) &chr(10) & _
FSO.BuildPath(PkgPath ,PkgName&"_Uncode.VBS")+chr(10)+chr(10)+ _
chr(10) & CloseTime & " 秒钟后本窗口将自动关闭!" +chr(10)+chr(10)+ _
chr(10) & "Copyright(C)  " + Copyright +"   " & QQ &"   " + Email _
, CloseTime, "解密成功 - "+ InsTitle +" - "+ Copyright, 0 + 64
End Sub

 

[ Last edited by baomaboy on 2008-3-25 at 12:18 AM ]



好多菩提树,好多明镜台。本来好多物,好多的尘埃。
2007-5-9 01:01
查看资料  发送邮件  发短消息 网志   编辑帖子  回复  引用回复
benteng302
初级用户





积分 88
发帖 41
注册 2006-3-8
状态 离线
『第 3 楼』:  

果然被杀了。

2007-5-14 20:53
查看资料  发送邮件  发短消息 网志   编辑帖子  回复  引用回复
chengbiner
初级用户





积分 105
发帖 44
注册 2006-10-5
状态 离线
『第 4 楼』:  

很强的代码,VBS调用bat也会被杀的

2007-5-14 22:27
查看资料  发短消息 网志   编辑帖子  回复  引用回复

请注意:您目前尚未注册或登录,请您注册登录以使用论坛的各项功能,例如发表和回复帖子等。


可打印版本 | 推荐给朋友 | 订阅主题 | 收藏主题



论坛跳转:  



[ 联系联盟系统管理团队 - 中国DOS联盟 ]

Sponsored by ifanr Inc | © 2001-2023