当前位置: 编程技术>综合
本页文章导读:
▪ATLIFACE.H /* this ALWAYS GENERATED file contains the definitions for the interfaces */
/* File created by MIDL compiler version 5.01.0164 */
/* at Fri Nov 30 13:38:38 2001
*/
/* Compiler settings for atliface.idl:
Os (OptLev=s), W1, Zp8, env=Win32, ms_ext.........
▪.Net项目去Sixxpack(6x包)壳 今天在反编译第三方程序源代码的时候发现 .Net Reflector工具导出的代码有些奇怪,详情请见下图:
1.这里举例贴出部分代码如下:
namespace Sixxpack
{
using System;
using System.IO;
using System..........
▪sqlite循环批量插入数据 需要在sqlite数据库中插入大量测试数据,打算用事务进行循环插入操作,不过sqlite不支持declare变量定义,所以无法通过定义循环变量值来实现。需要通过一个批处理文件来循环调用插入sql.........
[1]ATLIFACE.H
来源: 互联网 发布时间: 2013-11-10
/* this ALWAYS GENERATED file contains the definitions for the interfaces */
/* File created by MIDL compiler version 5.01.0164 */
/* at Fri Nov 30 13:38:38 2001
*/
/* Compiler settings for atliface.idl:
Os (OptLev=s), W1, Zp8, env=Win32, ms_ext, c_ext
error checks: none
*/
//@@MIDL_FILE_HEADING( )
/* verify that the <rpcndr.h> version is high enough to compile this file*/
#ifndef __REQUIRED_RPCNDR_H_VERSION__
#define __REQUIRED_RPCNDR_H_VERSION__ 440
#endif
#include "rpc.h"
#include "rpcndr.h"
#ifndef __RPCNDR_H_VERSION__
#error this stub requires an updated version of <rpcndr.h>
#endif // __RPCNDR_H_VERSION__
#ifndef COM_NO_WINDOWS_H
#include "windows.h"
#include "ole2.h"
#endif /*COM_NO_WINDOWS_H*/
#ifndef __atliface_h__
#define __atliface_h__
#ifdef __cplusplus
extern "C"{
#endif
/* Forward Declarations */
#ifndef __IRegistrar_FWD_DEFINED__
#define __IRegistrar_FWD_DEFINED__
typedef interface IRegistrar IRegistrar;
#endif /* __IRegistrar_FWD_DEFINED__ */
#ifndef __IDocHostUIHandlerDispatch_FWD_DEFINED__
#define __IDocHostUIHandlerDispatch_FWD_DEFINED__
typedef interface IDocHostUIHandlerDispatch IDocHostUIHandlerDispatch;
#endif /* __IDocHostUIHandlerDispatch_FWD_DEFINED__ */
#ifndef __IAxWinHostWindow_FWD_DEFINED__
#define __IAxWinHostWindow_FWD_DEFINED__
typedef interface IAxWinHostWindow IAxWinHostWindow;
#endif /* __IAxWinHostWindow_FWD_DEFINED__ */
#ifndef __IAxWinAmbientDispatch_FWD_DEFINED__
#define __IAxWinAmbientDispatch_FWD_DEFINED__
typedef interface IAxWinAmbientDispatch IAxWinAmbientDispatch;
#endif /* __IAxWinAmbientDispatch_FWD_DEFINED__ */
#ifndef __IInternalConnection_FWD_DEFINED__
#define __IInternalConnection_FWD_DEFINED__
typedef interface IInternalConnection IInternalConnection;
#endif /* __IInternalConnection_FWD_DEFINED__ */
/* header files for imported files */
#include "oaidl.h"
#include "ocidl.h"
void __RPC_FAR * __RPC_USER MIDL_user_allocate(size_t);
void __RPC_USER MIDL_user_free( void __RPC_FAR * );
/* interface __MIDL_itf_atliface_0000 */
/* [local] */
EXTERN_C const CLSID CLSID_Registrar;
extern RPC_IF_HANDLE __MIDL_itf_atliface_0000_v0_0_c_ifspec;
extern RPC_IF_HANDLE __MIDL_itf_atliface_0000_v0_0_s_ifspec;
#ifndef __IRegistrar_INTERFACE_DEFINED__
#define __IRegistrar_INTERFACE_DEFINED__
/* interface IRegistrar */
/* [unique][helpstring][uuid][object] */
EXTERN_C const IID IID_IRegistrar;
#if defined(__cplusplus) && !defined(CINTERFACE)
MIDL_INTERFACE("44EC053B-400F-11D0-9DCD-00A0C90391D3")
IRegistrar : public IUnknown
{
public:
virtual /* [id] */ HRESULT STDMETHODCALLTYPE AddReplacement(
/* [in] */ LPCOLESTR key,
/* [in] */ LPCOLESTR item) = 0;
virtual /* [id] */ HRESULT STDMETHODCALLTYPE ClearReplacements( void) = 0;
virtual /* [id] */ HRESULT STDMETHODCALLTYPE ResourceRegisterSz(
/* [in] */ LPCOLESTR resFileName,
/* [in] */ LPCOLESTR szID,
/* [in] */ LPCOLESTR szType) = 0;
virtual /* [id] */ HRESULT STDMETHODCALLTYPE ResourceUnregisterSz(
/* [in] */ LPCOLESTR resFileName,
/* [in] */ LPCOLESTR szID,
/* [in] */ LPCOLESTR szType) = 0;
virtual /* [id] */ HRESULT STDMETHODCALLTYPE FileRegister(
/* [in] */ LPCOLESTR fileName) = 0;
virtual /* [id] */ HRESULT STDMETHODCALLTYPE FileUnregister(
/* [in] */ LPCOLESTR fileName) = 0;
virtual /* [id] */ HRESULT STDMETHODCALLTYPE StringRegister(
/* [in] */ LPCOLESTR data) = 0;
virtual /* [id] */ HRESULT STDMETHODCALLTYPE StringUnregister(
/* [in] */ LPCOLESTR data) = 0;
virtual /* [id] */ HRESULT STDMETHODCALLTYPE ResourceRegister(
/* [in] */ LPCOLESTR resFileName,
/* [in] */ UINT nID,
/* [in] */ LPCOLESTR szType) = 0;
virtual /* [id] */ HRESULT STDMETHODCALLTYPE ResourceUnregister(
/* [in] */ LPCOLESTR resFileName,
/* [in] */ UINT nID,
/* [in] */ LPCOLESTR szType) = 0;
};
#else /* C style interface */
typedef struct IRegistrarVtbl
{
BEGIN_INTERFACE
HRESULT ( STDMETHODCALLTYPE __RPC_FAR *QueryInterface )(
IRegistrar __RPC_FAR * This,
/* [in] */ REFIID riid,
/* [iid_is][out] */ void __RPC_FAR *__RPC_FAR *ppvObject);
ULONG ( STDMETHODCALLTYPE __RPC_FAR *AddRef )(
IRegistrar __RPC_FAR * This);
ULONG ( STDMETHODCALLTYPE __RPC_FAR *Release )(
IRegistrar __RPC_FAR * This);
/* [id] */ HRESULT ( STDMETHODCALLTYPE __RPC_FAR *AddReplacement )(
IRegistrar __RPC_FAR * This,
/* [in] */ LPCOLESTR key,
/* [in] */ LPCOLESTR item);
/* [id] */ HRESULT ( STDMETHODCALLTYPE __RPC_FAR *ClearReplacements )(
IRegistrar __RPC_FAR * This);
/* [id] */ HRESULT ( STDMETHODCALLTYPE __RPC_FAR *ResourceRegisterSz )(
IRegistrar __RPC_FAR * This,
/* [in] */ LPCOLESTR resFileName,
/* [in] */ LPCOLESTR szID,
/* [in] */ LPCOLESTR szType);
/* [id] */ HRESULT ( STDMETHODCALLTYPE __RPC_FAR *ResourceUnregisterSz )(
IRegistrar __RPC_FAR * This,
/* [in] */ LPCOLESTR resFileName,
/* [in] */ LPCOLESTR szID,
/* [in] */ LPCOLESTR szType);
/* [id] */ HRESULT ( STDMETHODCALLTYPE __RPC_FAR *FileRegister )(
IRegistrar __RPC_FAR * This,
/* [in] */ LPCOLESTR fileName);
/* [id] */ HRESULT ( STDMETHODCALLTYPE __RPC_FAR *FileUnregister )(
IRegistrar __RPC_FAR * This,
/* [in] */ LPCOLESTR fileName);
/* [id] */ HRESULT ( STDMETHODCALLTYPE __RPC_FAR *StringRegister )(
IRegistrar __RPC_FAR * This,
/* [in] */ LPCOLESTR data);
/* [id] */ HRESULT ( STDMETHODCALLTYPE __RPC_FAR *StringUnregister )(
IRegistrar __RPC_FAR * This,
/* [in] */ LPCOLESTR data);
/* [id] */ HRESULT ( STDMETHODCALLTYPE __RPC_FAR *ResourceRegister )(
IRegistrar __RPC_FAR * This,
/* [in] */ LPCOLESTR resFileName,
/* [in] */ UINT nID,
/* [in] */ LPCOLESTR szType);
/* [id] */ HRESULT ( STDMETHODCALLTYPE __RPC_FAR *ResourceUnregister )(
IRegistrar __RPC_FAR * This,
/* [in] */ LPCOLESTR resFileName,
/* [in] */ UINT nID,
/* [in] */ LPCOLESTR szType);
END_INTERFACE
} IRegistrarVtbl;
interface IRegistrar
{
CONST_VTBL struct IRegistrarVtbl __RPC_FAR *lpVtbl;
};
#ifdef COBJMACROS
#define IRegistrar_QueryInterface(This,riid,ppvObject) \
(This)->lpVtbl -> QueryInterface(This,riid,ppvObject)
#define IRegistrar_AddRef(This) \
(This)->lpVtbl -> AddRef(This)
#define IRegistrar_Release(This) \
(This)->lpVtbl -> Release(This)
#define IRegistrar_AddReplacement(This,key,item) \
(This)->lpVtbl -> AddReplacement(This,key,item)
#define IRegistrar_ClearReplacements(This) \
(This)->lpVtbl -> ClearReplacements(This)
#define IRegistrar_ResourceRegisterSz(This,resFileName,szID,szType) \
(This)->lpVtbl -> ResourceRegisterSz(This,resFileName,szID,szType)
#define IRegistrar_ResourceUnregisterSz(This,resFileName,szID,szType) \
(This)->lpVtbl -> ResourceUnregisterSz(This,resFileName,szID,szType)
#define IRegistrar_FileRegister(This,fileName) \
(This)->lpVtbl -> FileRegister(This,fileName)
#define IRegistrar_FileUnregister(This,fileName) \
(This)->lpVtbl -> FileUnregister(This,fileName)
#define IRegistrar_StringRegister(This,data) \
(This)->lpVtbl -> StringRegister(This,data)
#define IRegistrar_StringUnregister(This,data) \
(This)->lpVtbl -> StringUnregister(This,data)
#define IRegistrar_ResourceRegister(This,resFileName,nID,szType) \
(This)->lpVtbl -> ResourceRegister(This,resFileName,nID,szType)
#define IRegistrar_ResourceUnregister(This,resFileName,nID,szType) \
(This)->lpVtbl -> ResourceUnregister(This,resFileName,nID,szType)
#endif /* COBJMACROS */
#endif /* C style interface */
/* [id] */ HRESULT STDMETHODCALLTYPE IRegistrar_AddReplacement_Proxy(
IRegistrar __RPC_FAR * This,
/* [in] */ LPCOLESTR key,
/* [in] */ LPCOLESTR item);
void __RPC_STUB IRegistrar_AddReplacement_Stub(
IRpcStubBuffer *This,
IRpcChannelBuffer *_pRpcChannelBuffer,
PRPC_MESSAGE _pRpcMessage,
DWORD *_pdwStubPhase);
/* [id] */ HRESULT STDMETHODCALLTYPE IRegistrar_ClearReplacements_Proxy(
IRegistrar __RPC_FAR * This);
void __RPC_STUB IRegistrar_ClearReplacements_Stub(
IRpcStubBuffer *This,
IRpcChannelBuffer *_pRpcChannelBuffer,
PRPC_MESSAGE _pRpcMessage,
DWORD *_pdwStubPhase);
/* [id] */ HRESULT STDMETHODCALLTYPE IRegistrar_ResourceRegisterSz_Proxy(
IRegistrar __RPC_FAR * This,
/* [in] */ LPCOLESTR resFileName,
/* [in] */ LPCOLESTR szID,
/* [in] */ LPCOLESTR szType);
void __RPC_STUB IRegistrar_ResourceRegisterSz_Stub(
IRpcStubBuffer *This,
IRpcChannelBuffer *_pRpcChannelBuffer,
PRPC_MESSAGE _pRpcMessage,
DWORD *_pdwStubPhase);
/* [id] */ HRESULT STDMETHODCALLTYPE IRegistrar_ResourceUnregisterSz_Proxy(
IRegistrar __RPC_FAR * This,
/* [in] */ LPCOLESTR resFileName,
/* [in] */ LPCOLESTR szID,
/* [in] */ LPCOLESTR szType);
void __RPC_STUB IRegistrar_ResourceUnregisterSz_Stub(
IRpcStubBuffer *This,
IRpcChannelBuffer *_pRpcChannelBuffer,
PRPC_ME
[2].Net项目去Sixxpack(6x包)壳
来源: 互联网 发布时间: 2013-11-10
今天在反编译第三方程序源代码的时候发现 .Net Reflector工具导出的代码有些奇怪,详情请见下图:
1.这里举例贴出部分代码如下:
namespace Sixxpack
{
using System;
using System.IO;
using System.Reflection;
using System.Windows.Forms;
internal class stub
{
internal static int orig = 0x20000;
[STAThread]
private static void Main(string[] args)
{
try
{
AppDomain.CurrentDomain.AssemblyResolve += new ResolveEventHandler(stub.myResolveEventHandler);
}
catch (Exception)
{
}
object[] parameters = new object[] { args };
MemoryStream inStream = new MemoryStream();
Stream stream2 = new FileStream(Application.ExecutablePath.Substring(Application.ExecutablePath.LastIndexOf('\\') + 1), FileMode.Open, FileAccess.Read) {
Position = orig
};
byte[] buffer = new byte[stream2.Length - orig];
stream2.Read(buffer, 0, Convert.ToInt32(buffer.Length));
inStream.Write(buffer, 0, buffer.Length);
inStream.Seek(0L, SeekOrigin.Begin);
Compressor compressor = new Compressor();
Assembly assembly = Assembly.Load(compressor.Decompress(inStream));
try
{
assembly.EntryPoint.Invoke(null, parameters);
}
catch
{
assembly.EntryPoint.Invoke(null, null);
}
}
private static Assembly myResolveEventHandler(object sender, ResolveEventArgs args)
{
string path = args.Name.ToString().Trim().Split(new char[] { ',' })[0].ToString().Trim();
if (path.IndexOf(".") >= 0)
{
path = path.Replace(".", "_") + ".dll";
}
else
{
path = "_" + path + ".dll";
}
MemoryStream inStream = new MemoryStream();
Stream stream2 = new FileStream(path, FileMode.Open, FileAccess.Read);
byte[] buffer = new byte[stream2.Length];
stream2.Read(buffer, 0, Convert.ToInt32(buffer.Length));
inStream.Write(buffer, 0, buffer.Length);
inStream.Seek(0L, SeekOrigin.Begin);
Compressor compressor = new Compressor();
return Assembly.Load(compressor.Decompress(inStream));
}
}
}发现上面的代码根本和要反编译的代码不是同一回事情。
2.通过网络上资料了解下原来是被加壳了;如题。
加壳工具:Sixxpack
去壳代码如下:
public class Shelled
{
#region 字段
string exeFullName = string.Empty;
string extensionName = ".exe";
string directory = string.Empty;
Type sixxpack_stub;
Type sixxpack_Compressor;
int _orig = 0x00000000;
System.Reflection.MethodInfo _Decompress;
#endregion
protected Shelled() { }
public Shelled(string exeFullName)
{
this.exeFullName = exeFullName;
this.extensionName = System.IO.Path.GetExtension(exeFullName);
this.directory = new System.IO.FileInfo(exeFullName).DirectoryName;
}
public void BeginShelled()
{
System.Reflection.Assembly assembly = GetAssembly();
if (assembly != null)
{
if (assembly.GetName().Name == "actmp")
{
object stub = assembly.CreateInstance("Sixxpack.stub");
if (stub != null)
{
sixxpack_stub = stub.GetType();
_orig = GetFieldIValue<int>("orig");
}
object compressor = assembly.CreateInstance("Sixxpack.Compressor");
if (compressor != null)
{
sixxpack_Compressor = compressor.GetType();
_Decompress = GetMethodInfo("Decompress");
if (_Decompress != null)
{
System.IO.MemoryStream mStream = new System.IO.MemoryStream();
System.IO.FileStream fs = assembly.GetFiles()[0];
if (fs != null)
{
fs.Position = _orig;
byte[] buffer = new byte[fs.Length - _orig];
fs.Read(buffer, 0, buffer.Length);
mStream.Write(buffer, 0, buffer.Length);
mStream.Seek(0L, System.IO.SeekOrigin.Begin);
}
byte[] result = (byte[])_Decompress.Invoke(compressor, new object[] { mStream });
if (result != null)
{
using (System.IO.FileStream newFileStream = new System.IO.FileStream(this.directory + "\\ShelledNewFile" + this.extensionName, System.IO.FileMode.Create, System.IO.FileAccess.Write, System.IO.FileShare.Write))
{
newFileStream.Write(result, 0, result.Length);
}
}
}
}
}
}
}
private System.Reflection.Assembly GetAssembly()
{
if (exeFullName == string.Empty)
return null;
return System.Reflection.Assembly.LoadFile(exeFullName);
}
private T GetFieldIValue<T>(string propertyName)
{
System.Reflection.FieldInfo fieldInfo = sixxpack_stub.GetField(propertyName, System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.Static);
if (fieldInfo.IsStatic)
{
return (T)fieldInfo.GetValue(sixxpack_stub);
}
return default(T);
}
private System.Reflection.MethodInfo GetMethodInfo(string methodName)
{
return sixxpack_Compressor.GetMethod(methodName);
}
}调用代码如下:
Shelled shelled = new Shelled("fullname");
shelled.BeginShelled();
作者:qiaohuyue 发表于2013-1-9 10:29:05 原文链接
阅读:33 评论:0 查看评论
[3]sqlite循环批量插入数据
来源: 互联网 发布时间: 2013-11-10
需要在sqlite数据库中插入大量测试数据,打算用事务进行循环插入操作,不过sqlite不支持declare变量定义,所以无法通过定义循环变量值来实现。需要通过一个批处理文件来循环调用插入sqlite语句,方式如下
建立一个循环调用的批处理文件sqlite.bat,文件内容
@ECHO OFF For /L %%i in (1,1,10000) do (sqlite3.exe test.db<insertdb.bat) pause
这个文件表示循环10000调用insertdb.bat对test.db数据库进行操作。将sqlite语句写在insertdb.bat文件中。
insert into test (col1,col2,col3,col4,col5,col6,col7,)
values
('col1','col2','col3','col4','col5',6,7);注:insertdb.bat文件中的sql语句必须以分号结尾,否则会导致执行sqlite出错。sqlite.bat,insertdb.bat,test.db文件需要放在同个目录中
作者:imlmy 发表于2013-1-9 10:26:51 原文链接
阅读:36 评论:0 查看评论
最新技术文章: