阅读:1270回复:2
谁给讲一下下面这段exe2bat
@echo off
echo q | debug>nul echo Bj@jzh`0X-`/PPPPPPa(DE(DM(DO(Dh(Ls(Lu(LX(LeZRR]EEEUYRX2Dx=>sleep.com echo 0DxFP,0Xx.t0P,=XtGsB4o@$?PIyU WwX0GwUY Wv;ovBX2Gv0ExGIuht6>>sleep.com echo T}{z~~@GwkBG@OEKcUt`~}@MqqBsy?seHB~_Phxr?@zAB`LrPEyoDt@Cj?>>sleep.com echo pky_jN@QEKpEt@ij?jySjN@REKpEt@jj?jyGjN@SEKkjtlGuNw?p@pjirz>>sleep.com echo LFvAURQ?OYLTQ@@?~QCoOL~RDU@?aU?@{QOq?@}IKuNWpe~FpeQFwH?Vkk>>sleep.com echo _GSqoCvH{OjeOSeIQRmA@KnEFB?p??mcjNne~B?M??QhetLBgBPHexh@e=>>sleep.com echo EsOgwTLbLK?sFU`?LDOD@@K@xO?SUudA?_FKJ@N?KD@?UA??O}HCQOQ??R>>sleep.com echo _OQOL?CLA?CEU?_FU?UAQ?UBD?LOC?ORO?UOL?UOD?OOI?UgL?LOR@YUO?>>sleep.com echo dsmSQswDOR[BQAQ?LUA?_L_oUNUScLOOuLOODUO?UOE@OwH?UOQ?DJTSDM>>sleep.com echo QTqrK@kcmSULkPcLOOuLOOFUO?hwDTqOsTdbnTQrrDsdFTlnBTm`lThKcT>>sleep.com echo @dmTkRQSoddTT~?K?OCOQp?o??Gds?wOw?PGAtaCHQvNntQv_w?A?it\EH>>sleep.com echo {zpQpKGk?Jbs?FqokOH{T?jPvP@IQBDFAN?OHROL?Kj??pd~aN?OHROd?G>>sleep.com echo Q??PGT~B??OC~?ipO?T?~U?p~cUo0x>>sleep.com sleep.com>sleep.exe echo wait %1 seconds: sleep.exe %1000 del sleep.com del sleep.exe 一段代码首先定向到sleep.com,这个程序是一个DOS 16位的应用程序,使用DOS功能调用,对编码的内容进行控制台输出,然后输出的结果再定向到sleep.exe中,生成真正的windows程序。 这种编码的好处是不依赖debug程序就可以还原一个exe文件。而且比使用debug还原exe 批处理文件的大小要小很多。编码的风格类似于缓冲区溢出采用的特殊编码格式,目标是把不可视变成可视字符。回避特殊字符,不过sleep.com 汇编代码比较难懂,谁给分析一下。 |
|