找回密码
 欢迎注册
查看: 19986|回复: 18

[原创] 用脚本写2进制文件

[复制链接]
发表于 2008-6-18 06:53:27 | 显示全部楼层 |阅读模式

马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。

您需要 登录 才可以下载或查看,没有账号?欢迎注册

×
用脚本写2进制文件
在Xfocus看到一篇经典的文章Do All in Cmd Shell,觉得脚本却是强大!
但脚本一直很难直接操作2进制文件,人们常用的方法有:
1,用经典的debug。方法早就被用烂了,这里就不多说。但这种方法依赖于windows自带的debug程序,比较难以成功,比如我的电脑上,众多DOS命令行程序被我删掉,连cmd.exe也要把它删掉!为了安全啊!
2,FSO可以写文件,但绝对不能写2进制的
3,ADODB.stream对象,也可以写文件,用来写文本文件没问题的。里面有个type属性,type=2为文本模式,type=1为2进制模式。但在type=1,也就是2进制模式的时候,到目前为止我还没见到成功的案例。连Do All in Cmd Shell里的高手也提到,无法构造需要的数据类型,不能成功。
那么要怎么才能用脚本来写2进制文件呢?
先看下下面这个吧,是很久以前我在网络上摘抄的:引用:
注意利用解释型语言与CPU代码相结合的新型病毒
2000-05-26 00:00 作者: 袁哥 出处: 不详 责任编辑:

流行WORD宏病毒时,认为宏是解释执行,所以认为宏病毒很简单,关键技术在于WORD的文件格式。我想提醒大家注意,解释执行虽然没有获得CPU的控制权,并不代表不能干大事。关键在于你提供的语言方便不方便。其实解释型语言也可能获得CPU的控制大权的。所以JAVA也可能染毒!所以源文件型病毒并不需要很多专家说的那样要几百行的程序。
下面是DOS下的。BAT文件,你粘贴下来运行一下,你就会明白。它会释放一提示。此只是一演示,不含病毒!但其中的技术完全可以在JAVA,WORD,源文件中实现,也很简单!所以提醒大家(特别是一些杀毒厂家)应真正的理解解释执行与CPU代码执行在本质上并没有区别!

:0jeX4e-005POP]hWeX5ddP^1,FFFFF1,FFF1,4rP^P_jeX4aPY-x-AAR`0`*=00uPBOIAAAAFKAOBPIDMCBALEAJMNCBJALIAAEMMNCBFEGIGFCAENGBGDHCGPHGGJHCHFHDCAGJHDCAGDGPGNGJGOGHCACOCOCOCOCOCOANAKCEAAqqqq
@ECHO OFF
COPY %0.BAT /B C:\BATVIR.COM /B /Y
C:\BATVIR.COM
DEL C:\BATVIR.COM

=========================

1EE7:0100 3A30 CMP DH,[BX+SI] ;这一语句前面是冒号,在BAT里是解释
1EE7:0102 6A65 PUSH 65 ;'e'
1EE7:0104 58 POP AX
1EE7:0105 3465 XOR AL,65 ;得到AX=0X0000 ;'e'
1EE7:0107 2D3030 SUB AX,3030
1EE7:010A 35504F XOR AX,4F50
1EE7:010D 50 PUSH AX
1EE7:010E 5D POP BP ;得到BP=0X8080
1EE7:010F 685765 PUSH 6557
1EE7:0112 58 POP AX
1EE7:0113 356464 XOR AX,6464 ;得到AX=0X0133
1EE7:0116 50 PUSH AX
1EE7:0117 5E POP SI ;得到SI=AX=0X0133
1EE7:0118 312C XOR [SI],BP ;字节[0X0133],[0X0134]的最高位置1
1EE7:011A 46 INC SI
1EE7:011B 46 INC SI
1EE7:011C 46 INC SI
1EE7:011D 46 INC SI
1EE7:011E 46 INC SI
1EE7:011F 312C XOR [SI],BP ;[0X138],[0X139]
1EE7:0121 46 INC SI
1EE7:0122 46 INC SI
1EE7:0123 46 INC SI
1EE7:0124 312C XOR [SI],BP ;[0X13B],[0X13C]
1EE7:0126 3472 XOR AL,72 ;'r'
1EE7:0128 50 PUSH AX ;得到AX=0X141=0X133XOR0X72
1EE7:0129 5E POP SI ;得到SI=AX=0X141
1EE7:012A 50 PUSH AX
1EE7:012B 5F POP DI ;得到DI=AX=0X141
1EE7:012C 6A65 PUSH 65 ;'e'
1EE7:012E 58 POP AX
1EE7:012F 3461 XOR AL,61 ;'a'
1EE7:0131 50 PUSH AX
1EE7:0132 59 POP CX ;得到CX=AX=0X04
1EE7:0133 AD LODSW ;在字符串中是0X2D,
1EE7:0134 F8 CLC ;在字符串中是0X78,
1EE7:0135 2D4141 SUB AX,4141
1EE7:0138 D2E0 SHL AL,CL ;在字符串中是 0X5260
1EE7:013A 30E0 XOR AL,AH ;在字符串中是 0X3060
1EE7:013C AA STOSB ;在字符串中是 0X2A
1EE7:013D 3D3030 CMP AX,3030
1EE7:0140 75F1 JNZ 0133 ;对0X141开始的字符串解码,qqqq是串结束
- ;0XF1是PB解码的结果。
这儿CPU代码编码方法:
CPU代码的每一个字节用两个字母表示,用ABCDEFGH IJKLMNOP 分别表示01234567 89ABCDEF,解码方法相反的过程!这是袁哥的大作,对了,他就实现了用脚本来写2进制,其中用到的方法确是太巧妙了!
因为这个真的太巧妙,我几年来一直收藏着。
汇编强的人可以很容易弄懂上面袁哥大作的,这里我就不卖弄了,毕竟大家都是汇编高手,所以,我就直接拿出我做的东西吧。
毋因群疑而阻独见  毋任己意而废人言
毋私小惠而伤大体  毋借公论以快私情
 楼主| 发表于 2008-6-18 06:54:01 | 显示全部楼层
我只是对他的成果,改动了下,利用他的原理,把程序改的友好点,实用点。
加入了int 21h,这样就可以写2进制文件了。具体代码如下:

----------------------------------
@echo off
rem Body变量的长度请不要超过8000字节!

set Name=11231234.rar
set Body=526172211A0700CF907300000D00000000000000A74C7420922E0026030000000C000002AF488355228350361D33090020000000712E6578650001C00300B008AF2F081D55110C9BCD411EAEE6293CDC811088446E0442688E106283A117239307C722E33C043ED2CB72EDCF07332E17E031158C571D091F1D2BA574415D4EA884D10480C2287D107C2687C81D134285A480BA2689A2262555DDE78DAD5D5E66111174A4D53B85676B9DE76BBDE76EE8BFE72BBCEF6BBC3A73B55C3F7EE72FB4585D68BD17A2C2AE3FEEB8290128703D499223180B74EC02F4652CD5EC3C3560C5A6F3D86314FA59770A1A465F2284144D8C640363C7413338A7988A91CC872AB7E0DD1919038F7555554F633E93CAF973BDBB991F490C6BC1DAD1916637F8FBDF691B80E873FE62B730E04268F07F067EF581F15F916F627ADEB1ACC06B0AA82B555202D67562C72BE193F2EB5BC67B8031D98AFDB0767BE439BE539D2BE8B88CEC747B7D2542FF399FDFD09D267DFA627B85028E080E3F6A0BD7489C6A6688C929B81FA78667B0EC5DBA6E6C164B4B49F26945E72193D246050F04BB5F29D7D80D4F30BFE4402BD81F44774CB47730F4452C44C4A793B523C02084B5D2C7EAF1067DE6167743C989FFBDCB6BA3B2EF5520AFBABAB1D89F80081CC5A37CCEB3DF8CCFF57248D9ED9BA001C7840E692FAA8E1749EAB2AD1A1072C573BA8CC2CE1EC22A24A94B2C94C261C15F67A66C5512BC229ABC95AE2442A757115EDB48237E19285AFCCAD8A18226A3213AD2030049366FC4E6FBF09EE3F9725C932BE65496A530EA37CD11AF188A50BCDD6B27D6B03995548D36AD60CA6A7F6B90D7FF9A4EC76C67E0558B415B30D785C86B435C1DA04C0D886C82E0200D289D3B6EAD82C608F58615E1637B95DAF0E78FE11DD2EBF5D3839831FA165D2CE398DCBE9B18C44DAE218F97A4878B613FE33D30BABB03C44F3533F870E39C8721EDFDB030016E7F19B13F450816C34B9A30D2BE9C4810AE0F4923609E387AE2B767A74458253E40D39E288A482332C815DEC0423CC7E229FA0927C2521D09D06515727C164F67245E4536692D01B22EEA1337377A1AE4BBB44D8E94DD9C3A1CA0700BBCBE3A8A8AE2894EFDAECDD1D1628F36064465F695A39F2E0069C788468CC8473E601A7D4C45240E5229FBC1C4968EF1C79DE9B5168523FCDAE0D6661A4930F90065057753CC108B81FBA0C43D7B00400700


rem ==================================================================
set hexarr0=A
set hexarr1=B
set hexarr2=C
set hexarr3=D
set hexarr4=E
set hexarr5=F
set hexarr6=G
set hexarr7=H
set hexarr8=I
set hexarr9=J
set hexarr10=K
set hexarr11=L
set hexarr12=M
set hexarr13=N
set hexarr14=O
set hexarr15=P
rem ==================================================================
set AsciiArr=AA
set AsciiArr^ =CA
:set AsciiArr^!=CB
:set AsciiArr^"=CC
:set AsciiArr^#=CD
:set AsciiArr^\$=CE
:set AsciiArr^%=CF
:set AsciiArr^&=CG
:set AsciiArr^'=CH
set AsciiArr^(=CI
set AsciiArr^)=CJ
:set AsciiArr^*=CK
:set AsciiArr^+=CL
:set AsciiArr^,=CM
:set AsciiArr^-=CN
set AsciiArr^.=CO
:set AsciiArr^/=CP
set AsciiArr^0=DA
set AsciiArr^1=DB
set AsciiArr^2=DC
set AsciiArr^3=DD
set AsciiArr^4=DE
set AsciiArr^5=DF
set AsciiArr^6=DG
set AsciiArr^7=DH
set AsciiArr^8=DI
set AsciiArr^9=DJ
set AsciiArr^A=EB
set AsciiArr^B=EC
set AsciiArr^C=ED
set AsciiArr^D=EE
set AsciiArr^E=EF
set AsciiArr^F=EG
set AsciiArr^G=EH
set AsciiArr^H=EI
set AsciiArr^I=EJ
set AsciiArr^J=EK
set AsciiArr^K=EL
set AsciiArr^L=EM
set AsciiArr^M=EN
set AsciiArr^N=EO
set AsciiArr^O=EP
set AsciiArr^P=FA
set AsciiArr^Q=FB
set AsciiArr^R=FC
set AsciiArr^S=FD
set AsciiArr^T=FE
set AsciiArr^U=FF
set AsciiArr^V=FG
set AsciiArr^W=FH
set AsciiArr^X=FI
set AsciiArr^Y=FJ
set AsciiArr^Z=FK
:set AsciiArr^[=FL
:set AsciiArr^\=FM
:set AsciiArr^]=FN
:set AsciiArr^^=FO
set AsciiArr^_=FP
:set AsciiArr^\`=GA
set AsciiArr^a=GB
set AsciiArr^b=GC
set AsciiArr^c=GD
set AsciiArr^d=GE
set AsciiArr^e=GF
set AsciiArr^f=GG
set AsciiArr^g=GH
set AsciiArr^h=GI
set AsciiArr^i=GJ
set AsciiArr^j=GK
set AsciiArr^k=GL
set AsciiArr^l=GM
set AsciiArr^m=GN
set AsciiArr^n=GO
set AsciiArr^o=GP
set AsciiArr^p=HA
set AsciiArr^q=HB
set AsciiArr^r=HC
set AsciiArr^s=HD
set AsciiArr^t=HE
set AsciiArr^u=HF
set AsciiArr^v=HG
set AsciiArr^w=HH
set AsciiArr^x=HI
set AsciiArr^y=HJ
set AsciiArr^z=HK
:set AsciiArr^{=HL
:set AsciiArr^|=HM
:set AsciiArr^}=HN
:set AsciiArr^~=HO
:set AsciiArr^=HP
rem ==================================================================

set Head1=:0jeX4e-005POP]hWeX5ddP
set Head2=1,FFFFF1,FFF1,4rP
set Head3=P_jeX4aPY-x-AAR\`0\`*=00uPBLKFPABLJAAAALEDMMNCBILAOHAABLKHCABIJMDLEEAMNCBLEDOMNCBMNCA
set Tail=qqqq


call:GetLength
set /a thisLength=%Length%/2
call:GetLengthCode %thisLength%
call:GetNameCode
call:GetBodyCode
: echo %Length%
: echo %LengthCode%
: echo %NameCode%
: echo %BodyCode%
: echo %Body%
@echo %Head1%^^%Head2%^^%Head3%%NameCode%AA%LengthCode%%BodyCode%%Tail% > "%~n0.com"
"%~n0.com"
del "%~n0.com"
goto:EOF
:GetBodyCode
set BodyCode=%Body%
set BodyCode=%BodyCode:F=P%
set BodyCode=%BodyCode:E=O%
set BodyCode=%BodyCode:D=N%
set BodyCode=%BodyCode:C=M%
set BodyCode=%BodyCode:B=L%
set BodyCode=%BodyCode:A=K%
set BodyCode=%BodyCode:9=J%
set BodyCode=%BodyCode:8=I%
set BodyCode=%BodyCode:7=H%
set BodyCode=%BodyCode:6=G%
set BodyCode=%BodyCode:5=F%
set BodyCode=%BodyCode:4=E%
set BodyCode=%BodyCode:3=D%
set BodyCode=%BodyCode:2=C%
set BodyCode=%BodyCode:1=B%
set BodyCode=%BodyCode:0=A%
goto:EOF

:GetLength
set /a LenMax=131072
set /a LenMin=0
:GetLength_start_loop
set /a Len=(%LenMin%+%LenMax%)/2
set /a var=%LenMin%-%LenMax%
if %var% GEQ -1 (if %var% LEQ 1 (goto GetLength_end_loop))
call:CompLength "%%Body:~%Len%,1%%"
if %CmpLen%==LSS (set /a LenMax=%Len%-1) else (if %CmpLen%==GTR (set /a LenMin=%Len%))
goto GetLength_start_loop
:GetLength_end_loop
call:CompLength "%%Body:~%LenMax%,1%%"
if %CmpLen%==LSS (set /a Length=%LenMax%) else (set /a Length=%LenMax%+1)
goto:EOF
:CompLength
if %1=="" (set CmpLen=LSS) else (set CmpLen=GTR)
goto:EOF
:GetLengthCode
set /a InPutLength="%1 >> 4"
set  /a InPutLength="%InPutLength% & 0xf"
call set  Hex1=%%hexarr%InPutLength%%%
set /a InPutLength=%1
set  /a InPutLength="%InPutLength% & 0xf"
call set  Hex2=%%hexarr%InPutLength%%%
set /a InPutLength="%1 >> 12"
set  /a InPutLength="%InPutLength% & 0xf"
call set  Hex3=%%hexarr%InPutLength%%%
set /a InPutLength="%1 >> 8"
set  /a InPutLength="%InPutLength% & 0xf"
call set  Hex4=%%hexarr%InPutLength%%%
set LengthCode=%Hex1%%Hex2%%Hex3%%Hex4%
goto:EOF
:GetNameCode
set NameCode=x
for /l %%i in (0,1,15) do call:start_switchover_asc %%Name:~%%i,1%%
set NameCode=%NameCode:~1,32%
goto:EOF
:start_switchover_asc
call set NameCode=%NameCode%%%AsciiArr%1%%
goto:EOF
-------------------------------------------
毋因群疑而阻独见  毋任己意而废人言
毋私小惠而伤大体  毋借公论以快私情
 楼主| 发表于 2008-6-18 06:54:31 | 显示全部楼层
把以上代码保存成bat文件,运行,就的到一个文件了!
说明:
使用的时候,仅需改动2个地方就可以了!
1,开头的一句set Name=11231234.rar,表示要写的文件名,注意名字不能太长(最长16byte),也不能用非法的标点符号。
2,后面一句set body=。。。。,表示文件的内容,使用16进制格式,是不是很方便呢!
在这个例子里,我用bat写了个rar文件,解压后是个小的最简单的windows汇编程序,无害的。


这个方法,确是可以不依靠象debug那样的外部程序,来实现写二进制文件,但缺点是,它使用了中间文件,一个com文件,是工作于DOS下的,使用int 21h进行文件操作,而以后dos逐渐淡化,什么是后int 21h不能用了都不知道


于是,我又在思考别的方法。
由于所知有限,想来想去,也没找到什么实用的,仅用脚本搞定的东西

ADODB.stream有个二进制的模式,既然有这个模式,应该是可以使用的!

但是对ADODB.stream的试验表明,不论使用一般数组,还是byte数组,都出错。难以构造合适的数据类型!

后来终于灵光一闪, 发现可以绕果构造合适的数据类型这步!

阅读ADODB.stream的资料就会知道,ADODB.stream写的文本文件,其charset属性,有unicode,有acsii...等等好多
而unicode其实就是二进制!只是显示出来是文本文件罢了!

我的方法是,先用ADODB.stream的文本模式,并设置charse为unicode,这时把要写的数据载入。
然后利用ADODB.stream的copyto方法,拷贝刚才的数据到另一个二进制模的式ADODB.stream对象,再写入文件,是不是大功告成了呢!
贴出例子代码如下:
毋因群疑而阻独见  毋任己意而废人言
毋私小惠而伤大体  毋借公论以快私情
 楼主| 发表于 2008-6-18 06:55:09 | 显示全部楼层
--------------------------------
dim fso,ados,ados_,s
set fso=createobject("scripting.filesystemobject")
if fso.fileexists(FileName.value) then
  msgbox "文件已存在,不能创建"
  set fso=nothing
  exit sub
end if
set fso=nothing
s= h2b("000100005374616E64617264204A65742044420001000000B56E03626009C255E9A96772403F009C")
s=s &   h2b("7E9F90FF859A31C579BAED30BCDFCC9D63D9E4C3D341FB8ABC4E6362EC37B8DD9CFA23C728E6F62F")
s=s &   h2b("8A60B10D7B3610EBDFB1926D13432A36B133D1F8795B772C7C2AAFD07C99051398FD9409A6B6C202")
s=s &   h2b("83665F95F8D089248567C61F2744D2EECF65EDFF07C746A178160CEDE92D62D454060000342E3000")
s=s &   zero16(428)
s=s &   h2b("01010001000100010001000100010001000100010001000100010001000100010001000100010001")
s=s &   h2b("00010001000100010001000100010001000100010001000100010001000100010001000100010001")
s=s &   h2b("00010001000100010001000100010001000100010001000100010001000100010001000100010001")
s=s &   h2b("00010001000100010001000100010001000100010001000100010001000100010001000100010001")
s=s &   h2b("00010001000100010001000100010001000100010001000100010001000100010001000100010001")
s=s &   h2b("00010001000100010001000100010001000100010001000100010001000100010001000100010001")
s=s &   h2b("00010001000100010001000100010001000100010001000100010001000100010001000100010001")
s=s &   h2b("00010001000100010001000100010001000100010001000100010001000100010001000100010001")
s=s &   h2b("00010001000100010001000100010001000100010001000100010001000100010001000100010001")
s=s &   h2b("00010001000100010001000100010001000100010001000100010001000100010001000100010001")
s=s &   h2b("00010001000100010001000100010001000100010001000100010001000100010001000100010001")
s=s &   h2b("00010001000100010001000100010001000100010001000100010001000100010001000100010001")
s=s &   h2b("00010001000100010001000100010001000100010001000100010001000100010101640F01000000")
s=s &   h2b("000000000200BB0F760F000000000000")
s=s &   zero16(501)
s=s &   h2b("0000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF")
s=s &   h2b("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0201DE0B000000001A04000059060000")
s=s &   h2b("08000000000000000100000000000000")
s=s &   zero16(1)
s=s &   h2b("5311000B001100020000000200000000060000010600000000000008000000000000000000000008")
s=s &   h2b("000000000000000C59060000090003000000040800001200")
s=s &   zero16(1)
s=s &   h2b("0C590600000800020000000408000012")
s=s &   zero16(1)
s=s &   h2b("000859060000040001000000040800001300000000000A0008000859060000050001000000040800")
s=s &   h2b("00130000000000120008000459060000070002000000040800001300000000001A0004000A590600")
s=s &   h2b("000A0004000000040800001200000000000000FE01045906")
s=s &   zero16(1)
s=s &   h2b("04080000130000000000000004000B590600000D000700000004080000120000000000720000000B")
s=s &   h2b("5906000010000A00000004080000120000000000007300000B590600000F00090000000408000012")
s=s &   h2b("0000000000450000000B590600000E000800000004080000120000000000006100000A5906000002")
s=s &   h2b("0000000000040800001200000000006400FE01095906000006000100000004080000320000000000")
s=s &   h2b("0001FE01045906000001000000000004080000130000000000040004000B590600000C0006000000")
s=s &   h2b("040800001200000000000000000009590600000B0005000000040800001200000000006A00FE0103")
s=s &   h2b("5906000003000100000004080000130000000000080002000E0043006F006E006E00650063007400")
s=s &   h2b("10004400610074006100620061007300650014004400610074006500430072006500610074006500")
s=s &   h2b("140044006100740065005500700064006100740065000A0046006C00610067007300160046006F00")
s=s &   h2b("72006500690067006E004E0061006D00650004004900640004004C0076000E004C00760045007800")
s=s &   h2b("74007200610010004C0076004D006F00640075006C0065000C004C007600500072006F0070000800")
s=s &   h2b("4E0061006D0065000A004F0077006E0065007200100050006100720065006E007400490064001600")
s=s &   h2b("52006D00740049006E0066006F004C006F006E006700180052006D00740049006E0066006F005300")
s=s &   h2b("68006F00720074000800540079007000650083070000010001020001FFFF00FFFF6EFFFF00FFFF69")
s=s &   h2b("FFFF00FFFF00FFFF00FFFF0010060000070000000000000081000000000083070000000001FFFF00")
s=s &   h2b("FFFF00FFFF00FFFF00FFFF00FFFF00FFFF00FFFF00FFFF0011060000080000000000000081000000")
s=s &   h2b("000059060000010000000100000000FFFFFFFF00000000040401000000005906")
s=s &   zero16(1)
s=s &   h2b("000000FFFFFFFF0000000004040000000000040049006400180050006100720065006E0074004900")
s=s &   h2b("64004E0061006D00650009000406000005060000080002060000030600000D000806000009060000")
s=s &   h2b("10000E0600000F0600000F000C0600000D0600000E000A0600000B0600000C000606000007060000")
s=s &   h2b("FFFF000000000000")
s=s &   zero16(380)
s=s &   h2b("0201A90E000000004F0100005906000010000000000000000100000000000000")
s=s &   zero16(1)
s=s &   h2b("53040001000400010000000100000012060000130600000000000008000000000000000459060000")
s=s &   h2b("02000100000004080000130000000000040004000159060000030001000000040800001300000000")
s=s &   h2b("0000000100045906")
s=s &   zero16(1)
s=s &   h2b("04080000130000000000000004000959060000010000000000040800003200000000000000FE0106")
s=s &   h2b("00410043004D001800460049006E0068006500720069007400610062006C00650010004F0062006A")
s=s &   h2b("0065006300740049006400060053004900440083070000000001FFFF00FFFF00FFFF00FFFF00FFFF")
s=s &   h2b("00FFFF00FFFF00FFFF00FFFF00140600000900000000000000880000000000590600000000000000")
s=s &   h2b("00000000FFFFFFFF000000000404000000000010004F0062006A0065006300740049006400FFFF00")
s=s &   zero16(470)
s=s &   h2b("0201EB0D000000000D02000059060000")
s=s &   zero16(1)
s=s &   h2b("0100000000000000")
s=s &   zero16(1)
s=s &   h2b("530800040008000100000001000000150600001606000000")
s=s &   zero16(1)
s=s &   h2b("000000025906000001000000000004080000130000000000040001000C5906000005000300000004")
s=s &   h2b("08000012000000000000040000035906000006000400000004080000130000000000050002000459")
s=s &   h2b("06000007000400000004080000130000000000070004000A59060000030001000000040800001200")
s=s &   h2b("0000000000FEFE010A590600000400020000000408000012000000000000FEFE0104590600000000")
s=s &   h2b("00000000040800001300000000000000040009590600000200000000000408000012000000000000")
s=s &   h2b("FEFE0112004100740074007200690062007500740065001400450078007000720065007300730069")
s=s &   h2b("006F006E00080046006C00610067000E004C007600450078007400720061000A004E0061006D0065")
s=s &   h2b("0031000A004E0061006D006500320010004F0062006A00650063007400490064000A004F00720064")
s=s &   h2b("006500720083070000000001010001020001FFFF00FFFF6EFFFF00FFFF7AFFFF00FFFF66FFFF0019")
s=s &   h2b("0600000A0000006500640081000000000059060000000000000000000000FFFFFFFF000000000404")
s=s &   h2b("010000000022004F0062006A00650063007400490064004100740074007200690062007500740065")
s=s &   h2b("0005001706000018060000FFFF000000")
s=s &   zero16(446)
s=s &   h2b("0201CB0C000000002D03000059060000")
s=s &   zero16(1)
s=s &   h2b("0100000000000000")
s=s &   zero16(1)
s=s &   h2b("5308000500080003000000030000001A0600001B06000000")
s=s &   zero16(4)
s=s &   h2b("00000004590600000200010000000408000013000000000004000400045906000001000100000004")
s=s &   h2b("08000013000000000000000400045906000003000100000004080000130000000000080004000A59")
s=s &   h2b("060000050002000000040800001200000000000000FE010A59060000040001000000040800001200")
s=s &   h2b("000000000000FE010A59060000070004000000040800001200000000000000FE010A590600000600")
s=s &   h2b("03000000040800001200000000000000FE010A590600000000000000000408000012000000000000")
s=s &   h2b("00FE010E00630063006F006C0075006D006E000A00670072006200690074000E00690063006F006C")
s=s &   h2b("0075006D006E00100073007A0043006F006C0075006D006E00100073007A004F0062006A00650063")
s=s &   h2b("007400240073007A005200650066006500720065006E0063006500640043006F006C0075006D006E")
s=s &   h2b("00240073007A005200650066006500720065006E006300650064004F0062006A006500630074001C")
s=s &   h2b("0073007A00520065006C006100740069006F006E00730068006900700083070000000001FFFF00FF")
s=s &   h2b("FF00FFFF00FFFF00FFFF00FFFF00FFFF00FFFF00FFFF001C0600000B000000000000008200000000")
s=s &   h2b("0083070000040001FFFF00FFFF00FFFF00FFFF00FFFF00FFFF00FFFF00FFFF00FFFF001D0600000C")
s=s &   h2b("0000000000000082000000000083070000060001FFFF00FFFF00FFFF00FFFF00FFFF00FFFF00FFFF")
s=s &   h2b("00FFFF00FFFF001E0600000D0000000000000082000000000059060000010000000100000000FFFF")
s=s &   h2b("FFFF000000000404000000000059060000020000000200000000FFFFFFFF00000000040400000000")
s=s &   h2b("0059060000000000000000000000FFFFFFFF0000000004040000000000100073007A004F0062006A")
s=s &   h2b("00650063007400240073007A005200650066006500720065006E006300650064004F0062006A0065")
s=s &   h2b("00630074001C0073007A00520065006C006100740069006F006E007300680069007000FFFF000000")
s=s &   zero16(410)
s=s &   h2b("0101590700000000000000001F00BB0F760F310FEC0EA70E620E1D0ED80D930D4E0D090DC40C7F0C")
s=s &   h2b("3A0CF50BB00B6B0B260BE10A9C0A570A120ACD0988094309FE08B90874082F08EA07A50700000000")
s=s &   zero16(235)
s=s &   h2b("0000002000000000")
s=s &   zero16(8)
s=s &   h2b("1000000000000000")
s=s &   zero16(7)
s=s &   h2b("0000000000080000")
s=s &   zero16(25)
s=s &   h2b("0000000004000000")
s=s &   zero16(42)
s=s &   h2b("0000000000020000")
s=s &   zero16(8)
s=s &   h2b("0000800000000000")
s=s &   zero16(7)
s=s &   h2b("0000000000000080")
s=s &   zero16(8)
s=s &   h2b("0000000001000000")
s=s &   zero16(8)
s=s &   h2b("8000000000000000")
s=s &   zero16(128)
s=s &   h2b("0000000040000000")
s=s &   zero16(8)
s=s &   h2b("0040000000000000")
s=s &   zero16(7)
s=s &   h2b("04016F0D02000000")
s=s &   zero16(2)
s=s &   h2b("0000000000200000400000010010000008000004000080000002000000000000")
s=s &   zero16(53)
s=s &   h2b("7F8F0000007F4F4A6D4A4C4A6B516B010000000E017F8F0000007F69515E4A6D5964626B5759666B")
s=s &   h2b("010000000E027F8F0000007F6D4A4C5E516B010000000E007F8F0000017F606B766B4A4D516B0100")
s=s &   h2b("00000E057F8F0000017F606B766B644C5B514D6D6B010000000E047F8F0000017F606B766B686F51")
s=s &   h2b("6959516B010000000E067F8F0000017F606B766B69515E4A6D5964626B5759666B010000000E077F")
s=s &   h2b("8F0000027F606B766B4F4C010000000E0300000000000000")
s=s &   zero16(429)
s=s &   h2b("0401D80D02000000")
s=s &   zero16(2)
s=s &   h2b("00000000020408102040800001000000")
s=s &   zero16(55)
s=s &   h2b("7F8000000200000E047F8000000300000E057F8000000400000E067F8000000500000E077F8F0000")
s=s &   h2b("0100000E007F8F00000200000E017F8F00000300000E027F9000000000000E03")
s=s &   zero16(443)
s=s &   h2b("0401900D03000000")
s=s &   zero16(2)
s=s &   h2b("000000000204081020408000010204081020408000010000")
s=s &   zero16(54)
s=s &   h2b("7F8000000200000F007F8000000200000F0D7F8000000300000F017F8000000400000F027F800000")
s=s &   h2b("0400000F0B7F8000000500000F037F8000000500000F0C7F8F00000100000F047F8F00000100000F")
s=s &   h2b("057F8F00000100000F0E7F8F00000200000F087F8F00000300000F067F8F00000300000F077F8F00")
s=s &   h2b("000300000F0F7F9000000000000F097F9000000000000F0A")
s=s &   zero16(434)
s=s &   h2b("0401200E04000000")
s=s &   zero16(511)
s=s &   h2b("0401200E05000000")
s=s &   zero16(511)
s=s &   h2b("0401200E05000000")
s=s &   zero16(511)
s=s &   h2b("0401200E05000000")
s=s &   zero16(511)
s=s &   h2b("0101480D02000000000000000800B50F640F0B0FC00E6B0E1C0EC70D660D0000")
s=s &   zero16(424)
s=s &   h2b("0000000000001100050000000100000F01008646EC22AE3CE3408646EC22AE3CE340000000804D00")
s=s &   h2b("530079007300520065006C006100740069006F006E0073006800690070007300C4C9440044004400")
s=s &   h2b("4400440044004400440044004400420020000B00FF00001100040000000100000F01008646EC22AE")
s=s &   h2b("3CE3408646EC22AE3CE340000000804D005300790073005100750065007200690065007300C4C938")
s=s &   h2b("00380038003800380038003800380038003800360020000B00FF00001100030000000100000F0100")
s=s &   h2b("8646EC22AE3CE3408646EC22AE3CE340000000804D005300790073004100430045007300C4C93200")
s=s &   h2b("320032003200320032003200320032003200300020000B00FF00001100020000000100000F010086")
s=s &   h2b("46EC22AE3CE3408646EC22AE3CE340000000804D005300790073004F0062006A0065006300740073")
s=s &   h2b("00C4C93800380038003800380038003800380038003800360020000B00FF00001100000000100200")
s=s &   h2b("000F02008646EC22AE3CE3408646EC22AE3CE340000000804D0053007900730044006200C5CB2E00")
s=s &   h2b("2E002E002E002E002E002E002E002E002E002C0020000B00FF000011000300000F0000000F030086")
s=s &   h2b("46EC22AE3CE3408646EC22AE3CE34000000080520065006C006100740069006F006E007300680069")
s=s &   h2b("0070007300C4C93C003C003C003C003C003C003C003C003C003C003A0020000B00FF000011000200")
s=s &   h2b("000F0000000F03008646EC22AE3CE3408646EC22AE3CE34000000080440061007400610062006100")
s=s &   h2b("730065007300C4C93400340034003400340034003400340034003400320020000B00FF0000110001")
s=s &   h2b("00000F0000000F03008646EC22AE3CE3408646EC22AE3CE340000000805400610062006C00650073")
s=s &   h2b("00C4C92E002E002E002E002E002E002E002E002E002E002C0020000B00FF00000101A20E03000000")
s=s &   h2b("000000001000ED0FDA0FC70FB40FA10F8E0F7B0F680F550F420F2F0F1C0F090FF60EE30ED00E0000")
s=s &   zero16(468)
s=s &   h2b("04000300000FFFFF0F00C4CB0C000A0001000F04000100000FFFFE0F00C4CB0C000A0001000F0400")
s=s &   h2b("0200000014000000C4CB0C000A0001000704000500000014000000C4CB0C000A0001000704000400")
s=s &   h2b("000014000000C4CB0C000A000100070400000000100E000000C4CB0C000A00010007040000000010")
s=s &   h2b("0E000600C5CB0C000A0001000704000200000F00000600C5CB0C000A0001000704000300000F0100")
s=s &   h2b("0600C5CB0C000A0001000704000300000FFE000F00C4CE0C000A0001000F04000100000F01000600")
s=s &   h2b("C5CB0C000A0001000704000100000FFE000F00C4CE0C000A0001000F04000500000000000E00C5CB")
s=s &   h2b("0C000A0001000704000400000000000600C5CB0C000A0001000704000300000000000600C5CB0C00")
s=s &   h2b("0A0001000704000200000000000600C5CB0C000A00010007")
set ados=createobject("adodb.stream")
set ados_=createobject("adodb.stream")
ados_.type=2
ados_.charset="unicode"
ados_.open
ados_.writetext s

ados.type=1
ados.open
ados_.Position=2
ados_.copyto ados
ados.Position=0
ados.savetofile FileName.value ',2
ados.close
set ados=nothing
ados_.close
set ados_=nothin


function h2b(txt)
dim i,t
t=""
for i=1 to len(txt) step 2
  t=t & chrb(clng("&h" & mid(txt,i,2)))
next
h2b=t
end function
function zero16(n)
dim a,i,t
t=""
a=chrb(0) & chrb(0) & chrb(0) & chrb(0) & chrb(0) & chrb(0) & chrb(0) & chrb(0)
for i=1 to n
  t=t & a
next
zero16=t
end function

-------------------------------------------------
保存以上代码为vbs文件,运行可得到一个64kbyte的mdb数据库文件。
当然,你可以利用chrb()函数,做出任何你想要的文件,这里只是个例子。



这种方法克服了长久以来不能写2进制文件的困难,不过怎么看怎么想旁门左道的途径,不是正规的方法。

小弟我写这篇,希望能抛砖引玉,大家还知道那些写二进制文件的方法,一定要拿出来分享啊!

小弟浅陋,有纰漏处,希各位不吝赐教,在下洗耳恭听,不胜感激!
毋因群疑而阻独见  毋任己意而废人言
毋私小惠而伤大体  毋借公论以快私情
发表于 2008-6-18 09:25:10 | 显示全部楼层
就一个“强”字。
早在2000年左右,我刚开始学习计算机,绿盟的袁哥等高手都很耐心的回答过我这种菜鸟的问题。
怀念一下。
毋因群疑而阻独见  毋任己意而废人言
毋私小惠而伤大体  毋借公论以快私情
发表于 2008-6-18 10:21:46 | 显示全部楼层
shshsh接触计算机比较迟呀
毋因群疑而阻独见  毋任己意而废人言
毋私小惠而伤大体  毋借公论以快私情
发表于 2008-6-18 10:32:46 | 显示全部楼层
好深奥阿

不过俺是用不到了
俺是学不来黑客的
笨哦
毋因群疑而阻独见  毋任己意而废人言
毋私小惠而伤大体  毋借公论以快私情
发表于 2008-6-18 10:34:13 | 显示全部楼层
2000年不迟吧

我93年接触,95年大量接触
98年深入接触
他说的2000年应该高于我98年的水平

输于老黑级别的技术了
毋因群疑而阻独见  毋任己意而废人言
毋私小惠而伤大体  毋借公论以快私情
发表于 2008-6-18 11:20:02 | 显示全部楼层
没有,我98年是计算机应用初级水平(有证 ),会DOS,WPS,DBaseIII 。语言只会QBASIC,当时对一个会C的同志崇拜得不得了。
幸好兴趣被激发,同年考了程序员,转年考了系统分析员、CCNA、CLP等垃圾证书。
2000的水平还只会用袁哥发现的IIS漏洞帮别人测试补丁打全了没
呵呵,学计算机也已经10年了!
毋因群疑而阻独见  毋任己意而废人言
毋私小惠而伤大体  毋借公论以快私情
发表于 2008-6-18 11:31:41 | 显示全部楼层
你厉害
分析员难过的
毋因群疑而阻独见  毋任己意而废人言
毋私小惠而伤大体  毋借公论以快私情
您需要登录后才可以回帖 登录 | 欢迎注册

本版积分规则

小黑屋|手机版|数学研发网 ( 苏ICP备07505100号 )

GMT+8, 2024-3-29 20:10 , Processed in 0.052876 second(s), 16 queries .

Powered by Discuz! X3.5

© 2001-2024 Discuz! Team.

快速回复 返回顶部 返回列表