vb.net实现木马注册机原理：动态配置exe

vb.net实现木马注册机原理：动态配置exe

vb.net实现木马注册机原理：动态配置exe 注册机就是批量生成相同功能的而内部配置不用程序文件的程序，这个程序的好处是不用在修改源代码重新编译的情况下产生新的文件，广泛应用与木马行业。

原理有很多，这里实现的是在文件结尾追加配置字符的方法。

程序下载，右键另存为rar文件：http://blog.csdn.net/images/blog_csdn_net/Qqwwee_Com/RAR_ExeProc.rar.gif

没有配置过的界面：

已经配置过的运行界面，背景是用notepad.exe打开文件可以看到文件最后的配置字符串：

主要源代码：

Private Sub b_OK_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles b_OK.Click

'检查配置

If Len(Me.tb_myConfig.Text) = 0 Then

Me.l_res.Text = '请输入你要设置的字符！'

Return

End If

'设置文件保存位置

Dim strUrl As String

If ofd.ShowDialog = DialogResult.OK Then

strUrl = ofd.FileName

Else

Return

End If

'复制本身到指定文件

IO.File.Copy(Application.ExecutablePath, strUrl, True)

Dim ms As IO.FileStream

Dim bw As IO.BinaryWriter

Try

' '打开文件

ms = New IO.FileStream(strUrl, IO.FileAccess.ReadWrite)

bw = New IO.BinaryWriter(ms)

'读取中文件配置的位置，以确定该文件是否被配置过

Dim ip As Integer = SeekPostion(Application.ExecutablePath)

If ip = 0 Then

'如果没有配置过，就定位到文件结尾

bw.Seek(0, IO.SeekOrigin.End)

Else

'已经配置过的话，就定位到配置位置

bw.Seek(ip, IO.SeekOrigin.Begin)

End If

'连续写2个 vbcrlf，这个就是是否被配置的标志

bw.Write(vbCrLf)

bw.Write(vbCrLf)

'这里写配置进去！

bw.Write(System.Text.Encoding.Default.GetBytes(Me.tb_myConfig.Text))

bw.Flush()

Catch ex As Exception

Me.l_res.Text = '错误：' & ex.Message

Return

Finally

'关闭文件

bw.Close()

ms.Close()

End Try

Try

'启动新程序

System.Diagnostics.Process.Start(strUrl)

'结束当前京城

Me.Dispose()

Catch ex As Exception

End Try

End Sub

Private Sub FrmMain_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load

'显示是否配置 以及配置结果

Me.tb_myConfig.Text = reanConfig(Application.ExecutablePath)

If SeekPostion(Application.ExecutablePath) = 0 Then

Me.l_res.Text = '该程序没有被配置过！'

Else

Me.l_res.Text = '该程序已经被配置过了！'

End If

End Sub

Function SeekPostion(ByVal strPath As String) As Integer

Dim ip As Integer = 0 '位置

Dim ms As IO.FileStream

Dim

br As IO.BinaryReader

Try

ms = New IO.FileStream(strPath, IO.FileMode.Open, IO.FileAccess.Read)

br = New IO.BinaryReader(ms)

'读取文件

Dim b() As Byte = br.ReadBytes(ms.Length)

Dim ic As Integer

For i As Integer = 0 To b.Length - 5

ic = i

'这里检查标志，就是上面连续写2个 vbcrlf vbcrlf

If b(ic) = 13 And b(ic + 1) = 10 And b(ic + 3) = 13 And b(ic + 4) = 10 Then

ip = ic

Exit For

End If

Next

Catch ex As Exception

Console.Write(ex.Message)

Finally

If Not ms Is Nothing Then

ms.Close()

End If

If Not

br Is Nothing Then

br.Close()

End If

End Try

Return ip

End Function

Private Function reanConfig(ByVal strPath As String) As String

Dim Ip As Integer = SeekPostion(strPath)

If Ip = 0 Then

Return Nothing

End If

Dim ms As IO.FileStream

Dim

br As IO.BinaryReader

Try

ms = New IO.FileStream(Application.ExecutablePath, IO.FileMode.Open, IO.FileAccess.Read)

br = New IO.BinaryReader(ms)

br.ReadBytes(Ip + 5) '舍弃前面的数据

'读取最后的数据！

Return System.Text.Encoding.Default.GetString(br.ReadBytes(ms.Length - Ip - 5))

Catch ex As Exception

Console.Write(ex.Message)

Return Nothing

Finally

If Not ms Is Nothing Then

ms.Close()

End If

If Not

br Is Nothing Then

br.Close()

End If

End Try

End Function

• ·ASP.NET学习日记文章集
• ·确定包含全角和半角字符的字符串长度（VB）
• ·NET高级开发一：用VB.net+ADO.NE
• ·【翻译】Managed DirectX（第九章
• ·在win2k下用vb得到硬件自检时的信息
• ·运用API函数获取系统信息
• ·VB6中的面向对象编程---实现类继承
• ·使用OleDbCommandBuilder时出
• ·在webform中清空多个控件的值的简单方法
• ·SharpDevelop插件系统创建过程全面分