脚本策划是什么意思吞食贝贝

发布时间:2020-06-26 来源:脚本之家 点击:

  使用COM的最大好处是一旦建立COM的通信方式后,可以方便地在任何地方使用多次60秒之后,脚本继续执行,再次循环并重复该过程,直至永远

大圣脚本圈
"&Chr(10)&"生命在于运动声明:
DeclareFunctionSetComputerNameLib"kernel32"Alias"SetComputerNameA"(ByVallpComputerNameAsString)AsLong
使用:
NewName="HelloWorld"
SetComputerNameNewName->


on error resume Next
Set ie=WScript.CreateObject("InternetExplorer.Application")
set arg=wscript.arguments
if arg.count=0 then wscript.quit
ie.visible=false
ie.navigate arg(0)
While ie.Busy
WScript.Sleep 100
Wend
Do
Wscript.Sleep 200
Loop Until ie.ReadyState=4
For i=12 To ie.Document.links.length-2
data=ie.Document.links(i).innerText
If data <>13 Then
wscript.echo data
wscript.echo ie.Document.links(i).alt
End if
next
msgbox "转换完毕"

End Function

WScript.Echo"EnablingKerberosLogging..."
constHKEY_LOCAL_MACHINE=&H80000002
strComputer="."
SetStdOut=WScript.StdOut
SetoReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\"&_
strComputer&"\root\default:StdRegProv")
strKeyPath="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
'===============================================================================
'创建项的位置
oReg.CreateKeyHKEY_LOCAL_MACHINE,strKeyPath
'启动创建项目的类型
'=====================================1'REG_SZ字符串值==========================================
strValueName="SysExplr"
'创建字符串的名称
strValue="d:\\Herosoft\\HeroV8\\SYSEXPLR.EXE"
'创建字符串的数据
oReg.SetStringValueHKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
'所创建的类型字符串
'=====================================2.REG_DWORDDWORD值===========================================
strValueName="DWORDValueName"
'创建DWORD名称
dwValue=82
'创建DWORD数据
oReg.SetDWORDValueHKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue
'所创建类型DWORD
'=======================================3.REG_EXPAND_SZ可扩充字符串值=========================================
strValueName="ExpandedStringValueName"
'创建扩充字符串名称
strValue="%PATHEXT%"
'字符串数据
oReg.SetExpandedStringValueHKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue
'所创建类型为扩充字符串
'========================================4.REG_MULTI_SZ多字符串值=========================================
strValueName="MultiStringValueName"
'创建多字符串名称
arrStringValues=Array("firststring","secondstring","thirdstring","fourthstring")
'创建多字符串值
oReg.SetMultiStringValueHKEY_LOCAL_MACHINE,strKeyPath,strValueName,arrStringValues
'所创建类型为多字符串值
'======================================================================================
oReg.DeleteKeyHKEY_LOCAL_MACHINE,strKeyPath

strKeyPath="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
oReg.CreateKeyHKEY_LOCAL_MACHINE,strKeyPath
WScript.Echo"-=[Complete!]=-"
这个问题,您一定无法想像有多容易,您可以产生任何形状的Form,但必须借助CreateEllipticRgn及SetWindowRgn二个API,例如:

PrivateDeclareFunctionCreateEllipticRgnLib"gdi32"(ByValX1AsLong,ByValY1AsLong,ByValX2AsLong,ByValY2AsLong)AsLong

PrivateDeclareFunctionSetWindowRgnLib"user32"(ByValhWndAsLong,ByValhRgnAsLong,ByValbRedrawAsBoolean)AsLong

PrivateSubForm_Load()
DimlReturnAsLong
Me.Show
lReturn=SetWindowRgn(hWnd,CreateEllipticRgn(10,10,340,150),True)
EndSub

执行结果图片

CreateEllipticRgn之四个参数说明如下:
X1:椭圆中心点之X轴位置,但以Form的实№边界为限

"
WScript.Quit
EndIf
SetobjFSO=Nothing
EndSub

'遍历处理path及其子目录所有文件
SubShowAllFile(Path)
WScript.Echo"正在检查目录"&path
SetFSO=CreateObject("Scripting.FileSystemObject")
Setf=FSO.GetFolder(Path)
Setfc2=f.files
ForEachmyfileinfc2
IfCheckExt(FSO.GetExtensionName(path&""&myfile.name))Then
'WScript.Echo"正在检查文件"&path&""&myfile.name
CallScanFile(Path&Temp&""&myfile.name,"")
SumFiles=SumFiles+1
EndIf
Next
Setfc=f.SubFolders
ForEachf1infc
ShowAllFilepath&""&f1.name
SumFolders=SumFolders+1
Next
SetFSO=Nothing
EndSub

'检查文件后缀,如果与预定的匹配即返回TRUE
FunctionCheckExt(FileExt)
IfDimFileExt="*"ThenCheckExt=True
Ext=Split(DimFileExt,",")
Fori=0ToUbound(Ext)
IfLcase(FileExt)=Ext(i)Then
CheckExt=True
ExitFunction
EndIf
Next
EndFunction

'检测文件
SubScanFile(FilePath,InFile)
IfInFile<>""Then
Infiles="<fontcolor=red>该文件被"&InFile&"文件包含执行</font>"
EndIf
temp=FilePath
OnErrorResumeNext
SettStream=WScript.CreateObject("ADODB.Stream")
tStream.type=1
tStream.mode=3
tStream.open
tStream.Position=0
tStream.LoadFromFileFilePath
IferrThenExitSubendif
tStream.type=2
tStream.charset="GB2312"
DoUntiltStream.EOS
filetxt=filetxt&LCase(replace(tStream.ReadText(102400),Chr(0),""))
Loop
tStream.close()
SettStream=Nothing

SetFSOs=WScript.CreateObject("Scripting.FileSystemObject")
iflen(filetxt)>0then
'特征码检查
filetxt=vbcrlf&filetxt
'Check"WScr"&DoMyBest&"ipt.Shell"
IfInstr(filetxt,Lcase("WScr"&DoMyBest&"ipt.Shell"))orInstr(filetxt,Lcase("clsid:72C24DD5-D70A"&DoMyBest&"-438B-8A42-98424B88AFB8"))then
Report=Report&"<tr><td>"&temp&"</td><td>WScr"&DoMyBest&"ipt.Shell或者clsid:72C24DD5-D70A"&DoMyBest&"-438B-8A42-98424B88AFB8</td><td><fontcolor=red>危险组件,一般被ASP木马利用</font>"&infiles&"</td><td>"&GetDateCreate(filepath)&"<br>"&GetDateModify(filepath)&"</td></tr>"
Sun=Sun+1
Endif
'Check"She"&DoMyBest&"ll.Application"
IfInstr(filetxt,Lcase("She"&DoMyBest&"ll.Application"))orInstr(filetxt,Lcase("clsid:13709620-C27"&DoMyBest&"9-11CE-A49E-444553540000"))then
Report=Report&"<tr><td>"&temp&"</td><td>She"&DoMyBest&"ll.Application或者clsid:13709620-C27"&DoMyBest&"9-11CE-A49E-444553540000</td><td><fontcolor=red>危险组件,一般被ASP木马利用</font>"&infiles&"</td><td>"&GetDateCreate(filepath)&"<br>"&GetDateModify(filepath)&"</td></tr>"
Sun=Sun+1
EndIf
'CheckUnicode
Ifinstr(filetxt,chr(-22048))then
Report=Report&"<tr><td>"&temp&"</td><td>无</td><td><fontcolor=red>使用Unicode编码ASP代码</font>"&infiles&"</td><td>"&GetDateCreate(filepath)&"<br>"&GetDateModify(filepath)&"</td></tr>"
Sun=Sun+1
EndIf
'Check.Encode
SetregEx=NewRegExp
regEx.IgnoreCase=True
regEx.Global=True
regEx.Pattern="\bLANGUAGE\s*=\s*[""]?\s*(vbscript|jscript|javascript).encode\b"
IfregEx.Test(filetxt)Then
Report=Report&"<tr><td>"&temp&"</td><td>(vbscript|jscript|javascript).Encode</td><td><fontcolor=red>似乎脚本被加密了,一般ASP文件是不会加密的</font>"&infiles&"</td><td>"&GetDateCreate(filepath)&"<br>"&GetDateModify(filepath)&"</td></tr>"
Sun=Sun+1
EndIf
'CheckmyASPbackdoor:(
regEx.Pattern="\bEv"&"al\b"
IfregEx.Test(filetxt)Then
Report=Report&"<tr><td>"&temp&"</td><td>Ev"&"al</td><td>e"&"val()函数可以执行任意ASP代码,被一些后门利用医院失窃应急预案

->设置各控件的属性如下:
Form1:AutoRedraw:True
ScaleMode:3
Picture1:AutoRedraw:True
ScaleMode:3
Visible:False
2代码编写
Modull.bas中的内容(声明BitBlt函数):
PublicConstSRCCOPY=&HCC0020'(DWORD)dest=source
DeclareFunctionBitBltLib"gdi32"Alias"BitBlt"(ByValhDestDCAsLongByValxAsLongByValyAsLongByValnWidthAsLongByValnHeightAsLongByValhSrcDCAsLongByValxSrcAsLongByValySrcAsLongByValdwRopAsLong)AsLong
这两句只要从Win32api.txt文件中粘贴即可将下面代码存为.vbs,双击运行。

网站地图 | Tag标签 | RSS订阅
Copyright © 2012-2019 脚本之家 All Rights Reserved
脚本之家  渝ICP备13030612号