一、escape和unescape这个函数以前我只在javascript解密的时候看到过,今天无意中发现原来vbs中也有escape和unescape,也可以开发的函数实现escape和unescape相同的功能,代码如下:
Function vbsEscape(str)
Dim i,s,c,a
s=""
For i=1 to Len(str)
c=Mid(str,i,1)
a=ASCW(c)
If (a>=48 and a<=57) or (a>=65 and a<=90) or (a>=97 and a<=122) Then
s=s & c
ElseIf InStr("@*_+-./",c)>0 Then
s=s & c
ElseIf a>0 and a<16 Then
s=s & "%0" & Hex(a)
ElseIf a>=16 and a<256 Then
s=s & "%" & Hex(a)
Else
s=s & "%u" & Hex(a)
End If
Next
vbsEscape=s
End Function
Function vbsUnEscape(str)
Dim i,s,c
s=""
For i=1 to Len(str)
c=Mid(str,i,1)
If Mid(str,i,2)="%u" and i<=Len(str)-5 Then
If IsNumeric("&H" & Mid(str,i+2,4)) Then
s=s & CHRW(CInt("&H" & Mid(str,i+2,4)))
i=i+5
Else
s=s & c
End If
ElseIf c="%" and i<=Len(str)-2 Then
If IsNumeric("&H" & Mid(str,i+1,2)) Then
s=s & CHRW(CInt("&H" & Mid(str,i+1,2)))
i=i+2
Else
s=s & c
End If
Else
s=s & c
End If
Next
vbsUnEscape=s
End Function
Response.Write vbsEscape(" Response.Write vbsUnEscape("%60%7E%21@%23%24%25%5E%26*%28%29-%3D_+%5B%5D%5C%7B%7D%7C%3B%27%3A%2C./%3C%3E%3Fabc123%u554A")
Response.Write "<br>"
Response.Write escape(" Response.Write unescape("%60%7E%21@%23%24%25%5E%26*%28%29-%3D_+%5B%5D%5C%7B%7D%7C%3B%27%3A%2C./%3C%3E%3Fabc123%u554A")
二、其实大家不知道,unescape在vbs的病毒免杀中可是很有用的噢!比如你的vbs病毒要写入注册表,必须要用到如下语句:
WSHshell = GetObject("Wscript.shell") 绑定对象对吧,可病毒是绝对不会这么写的
它会这么写:
WSHshell = GetObject(UnEscape("%57%73%63%52%69%70%54%2E%73%68%65%4C%6C"))
转载于:https://blog.51cto.com/332374363/960954
扫一扫
808
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
