标题: 求助:反编译这个批处理 [打印本页]
作者: baepyygy 时间: 2006-11-23 03:01 标题: 求助:反编译这个批处理
本来想用启事本打开看看里面的代码的。。结果。。。。。。。。无语。。。。
好象是加密了~~~~`~
附件 1:XpStone网吧优化.rar (2006-11-23 03:01, 1.96 K, 下载附件所需积分 1点 ,下载次数: 66)
作者: youxi01 时间: 2006-11-23 03:07
cls
@echo 欢迎来到石头工作室
@echo 本技术支持:昆明网吧技术网 制作:石头工作室 联系QQ:79814913
@echo 昆明网吧技术网 Http://www.xpstone.com
@echo 今天是 %date%
@echo 现在是北京时间 %time%
@echo ╔┉┉┉┉┉┉┉┉┉┉┉┉┉┉┉┉┉┉┉┉┉┉┉┉┉┉╗
@echo ┋ 昆明网吧技术网 ┋
@echo ┋ ┋
@echo ┋ 网吧技术支持 网吧专业维护 ┋
@echo ┋ 网吧活动技术组织 网吧服务器专业制作 ┋
@echo ┋ 我们的口号:稳定压倒一切! ┋
@echo ┋ 云南最大、最强的网吧技术网 ┋
@echo ┋ Http://www.xpstone.com ┋
@echo ┋ 联系电话:0871-8188151 ┋
@echo ┋ 联系QQ :79814913 ┋
@echo ┋ email :su83q@sohu.com ┋
@echo ╚┉┉┉┉┉┉┉┉┉┉┉┉┉┉┉┉┉┉┉┉┉┉┉┉┉┉╝
@echo 下面为大家优化注册表项目
@pause
echo REGEDIT4>>xpstone.reg
echo.>>xpstone.reg
echo [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]>>xpstone.reg
echo "Start Page"="http://xpstone.com">>xpstone.reg
echo [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]>>xpstone.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion]>>xpstone.reg
echo "RegisteredOrganization"="正在使用石头工作室优化">>xpstone.reg
echo "RegisteredOwner"="昆明网吧技术网">>xpstone.reg
echo "ProductId"="Http://www.xpstone.com">>xpstone.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion]>>xpstone.reg
echo [HKEY_CURRENT_USER\Control Panel\Desktop]>>xpstone.reg
echo "HungAppTimeout"="200">>xpstone.reg
echo "WaitToKillAppTimeout"="1000">>xpstone.reg
echo [HKEY_CURRENT_USER\Control Panel\Desktop]>>xpstone.reg
echo [HKEY_CURRENT_USER\Control Panel\Desktop]>>xpstone.reg
echo "MenuShowDelay"="0">>xpstone.reg
echo [HKEY_CURRENT_USER\Control Panel\Desktop]xpstone.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters]>>xpstone.reg
echo "EnablePrefetcher"=dword:00000001echo>>xpstone.reg echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters]>>xpstone.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]>>xpstone.reg
echo "WaitToKillServiceTimeout"="500">>xpstone.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]>>xpstone.reg
echo [HKEY_CURRENT_USER\Control Panel\Desktop]>>xpstone.reg
echo "AutoEndTasks"=dword:00000001>>xpstone.reg
echo [HKEY_CURRENT_USER\Control Panel\Desktop]>>xpstone.reg
echo [HKEY_CURRENT_USER\Control Panel\Desktop]>>xpstone.reg
echo "AutoEndTasks"="1">>xpstone.reg
echo "HungAppTimeout"="100">>xpstone.reg
echo "WaitToKillAppTimeout"="500">>xpstone.reg
echo [HKEY_CURRENT_USER\Control Panel\Desktop]>>xpstone.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]>>xpstone.reg
echo "WaitToKillServiceTimeout"="500">>xpstone.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]>>xpstone.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters]>>xpstone.reg
echo "EnablePrefetcher"=dword:00000005>>xpstone.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters]>>xpstone.reg
echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]>>xpstone.reg
echo "ClearRecentDocsOnEixt"=hex:01,00,00,00>>xpstone.reg
echo [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]>>xpstone.reg
echo [HKEY_CURRENT_USER\Control Panel\Desktop]>>xpstone.reg
echo "MenuShowDelay"="0">>xpstone.reg
echo [HKEY_CURRENT_USER\Control Panel\Desktop]>>xpstone.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem]>>xpstone.reg
echo "ConfigFileAllocSize"=dword:000001f4>>xpstone.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem]>>xpstone.reg
echo [HKEY_USERS\.DEFAULT\Control Panel\Desktop]>>xpstone.reg
echo "AutoEndTasks"="1">>xpstone.reg
echo "HungAppTimeout"="200">>xpstone.reg
echo "WaitToKillAppTimeout"="1000">>xpstone.reg
echo [HKEY_USERS\.DEFAULT\Control Panel\Desktop]>>xpstone.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]>>xpstone.reg
echo "NoLowDiskSpaceChecks"=dword:00000001>>xpstone.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]>>xpstone.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]>>xpstone.reg
echo "DisableSR"=dword:00000001>>xpstone.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]>>xpstone.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions]>>xpstone.reg
echo "NoJITSetup"=dword:00000001>>xpstone.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions]>>xpstone.reg
echo [HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\New]>>xpstone.reg
echo @="{D969A300-E7FF-11d0-A93B-00A0C90F2719}">>xpstone.reg
echo [HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\New]>>xpstone.reg
@regedit /s /c xpstone.reg
@echo 为你优化注册表完毕
@echo 要优化服务吗?如果要
@pause
sc config lanmanserver start= DISABLED
sc config Alerter start= DISABLED
sc config ALG start= DISABLED
sc config AppMgmt start= DEMAND
sc config wuauserv start= DISABLED
sc config BITS start= DISABLED
sc config ClipSrv start= DISABLED
sc config EventSystem start= DISABLED
sc config COMSysApp start= DEMAND
sc config Browser start= DISABLED
sc config CryptSvc start= AUTO
sc config DF5Serv start= AUTO
sc config Dhcp start= DEMAND
sc config TrkWks start= DISABLED
sc config MSDTC start= DEMAND
sc config Dnscache start= DEMAND
sc config ERSvc start= DISABLED
sc config Eventlog start= AUTO
sc config FastUserSwitchingCompatibility start= DEMAND
sc config helpsvc start= DISABLED
sc config HidServ start= DISABLED
sc config ImapiService start= DISABLED
sc config CiSvc start= DISABLED
sc config SharedAccess start= DEMAND
sc config PilicyAgent start= DEMAND
sc config dmserver start= AUTO
sc config dmadmin start= DEMAND
sc config Netlogon start= DEMAND
sc config mnmsrvc start= DISABLED
sc config Netman start= DEMAND
sc config NetDDE start= DISABLED
sc config NetDDEdsdm start= DISABLED
sc config Nla start= DISABLED
sc config NtlmSsp start= DISABLED
sc config Sysmonlog start= DISABLED
sc config PlugPlay start= AUTO
sc config WmdmpmSN start= DISABLED
sc config Spooler start= DISABLED
sc config RSVP start= DEMAND
sc config RasAuto start= DEMAND
sc config RasMan start= DEMAND
sc config RDSessMgr start= DEMAND
sc config RpcSs start= AUTO
sc config RpcLocator start= DISABLED
sc config RemoteRegistry start= DISABLED
sc config NtmsSvc start= DEMAND
sc config RemoteAccess start= DISABLED
sc config seclogon start= DISABLED
sc config SamSs start= DISABLED
sc config ShellHWDetection start= DISABLED
sc config SCardSvr start= DISABLED
sc config SCardDrv start= DEMAND
sc config SSDPSRV start= DISABLED
sc config SENS start= AUTO
sc config srservice start= AUTO
sc config Schedule start= DISABLED
sc config LmHosts start= DISABLED
sc config TapiSrv start= DEMAND
sc config TlntSvr start= DISABLED
sc config TermService start= DISABLED
sc config UPS start= DISABLED
sc config upnphost start= DEMAND
sc config uploadmgr start= DISABLED
sc config VSS start= DISABLED
sc config WebClient start= DISABLED
sc config AudioSrv start= AUTO
sc config stisvc start= DISBALED
sc config MSIServer start= DEMAND
sc config winmgmt start= AUTO
sc config Wmi start= DISBALED
sc config W32Time start= DISBALED
sc config WZCSVC start= DISBALED
sc config WmiApSrv start= DISBALED
sc config lanmanworkstation start= AUTO
@echo 请记住我们,昆明网吧技术网石头工作室!
@echo 昆明网吧技术网 Http://www.xpstone.com
@echo QQ群:28567393(尽快加入)
@pause
作者: youxi01 时间: 2006-11-23 03:07
楼上的就是这么快,哈哈!
作者: redtek 时间: 2006-11-23 03:11
-D
0AF5:0100 FF FE 0D 0A 40 65 63 68-6F 20 63 6C 73 0D 0A 40 ....@echo cls..@
0AF5:0110 65 63 68 6F 20 BB B6 D3-AD C0 B4 B5 BD CA AF CD echo ...........
0AF5:0120 B7 B9 A4 D7 F7 CA D2 0D-0A 40 65 63 68 6F 20 B1 .........@echo .
0AF5:0130 BE BC BC CA F5 D6 A7 B3-D6 A3 BA C0 A5 C3 F7 CD ................
0AF5:0140 F8 B0 C9 BC BC CA F5 CD-F8 20 D6 C6 D7 F7 A3 BA ......... ......
0AF5:0150 CA AF CD B7 B9 A4 D7 F7-CA D2 20 20 C1 AA CF B5 .......... ....
0AF5:0160 51 51 A3 BA 37 39 38 31-34 39 31 33 0D 0A 40 65 QQ..79814913..@e
0AF5:0170 63 68 6F 20 C0 A5 C3 F7-CD F8 B0 C9 BC BC CA F5 cho ............
它开头加上了 FF FE 这两个特殊字符导制看不到内容。 0D 0A 是回车换行符。0AF5:0100 FF FE 0D 0A 40 65 63 68-6F 20 63 6C 73 0D 0A 40 ....@echo cls..@
0AF5:0110 65 63 68 6F 20 BB B6 D3-AD C0 B4 B5 BD CA AF CD echo ...........
0AF5:0120 B7 B9 A4 D7 F7 CA D2 0D-0A 40 65 63 68 6F 20 B1 .........@echo .
0AF5:0130 BE BC BC CA F5 D6 A7 B3-D6 A3 BA C0 A5 C3 F7 CD ................
0AF5:0140 F8 B0 C9 BC BC CA F5 CD-F8 20 D6 C6 D7 F7 A3 BA ......... ......
0AF5:0150 CA AF CD B7 B9 A4 D7 F7-CA D2 20 20 C1 AA CF B5 .......... ....
0AF5:0160 51 51 A3 BA 37 39 38 31-34 39 31 33 0D 0A 40 65 QQ..79814913..@e
0AF5:0170 63 68 6F 20 C0 A5 C3 F7-CD F8 B0 C9 BC BC CA F5 cho ............
关于加密与解密可以参考下面这个贴子:)
[原创][讨论]非编译型批处理加密方案与代码
http://www.cn-dos.net/forum/viewthread.php?tid=22254&fpage=1&highlight=%E5%8A%A0%E5%AF%86
[ Last edited by redtek on 2006-11-22 at 02:13 PM ]
作者: ccwan 时间: 2006-11-23 03:18
用QuickBFC可以直接读取它的代码。
作者: baepyygy 时间: 2006-11-23 03:23
-D
0AF5:0100 FF FE 0D 0A 40 65 63 68-6F 20 63 6C 73 0D 0A 40 ....@echo cls..@
0AF5:0110 65 63 68 6F 20 BB B6 D3-AD C0 B4 B5 BD CA AF CD echo ...........
0AF5:0120 B7 B9 A4 D7 F7 CA D2 0D-0A 40 65 63 68 6F 20 B1 .........@echo .
0AF5:0130 BE BC BC CA F5 D6 A7 B3-D6 A3 BA C0 A5 C3 F7 CD ................
0AF5:0140 F8 B0 C9 BC BC CA F5 CD-F8 20 D6 C6 D7 F7 A3 BA ......... ......
0AF5:0150 CA AF CD B7 B9 A4 D7 F7-CA D2 20 20 C1 AA CF B5 .......... ....
0AF5:0160 51 51 A3 BA 37 39 38 31-34 39 31 33 0D 0A 40 65 QQ..79814913..@e
0AF5:0170 63 68 6F 20 C0 A5 C3 F7-CD F8 B0 C9 BC BC CA F5 cho ............
把FF FE 。改为多少,就可以看到了呢/
[ Last edited by baepyygy on 2006-11-23 at 03:30 AM ]
作者: redtek 时间: 2006-11-23 04:32
不用Debug修改,Debug只不过是看看它是什么结构的和加入了什么内容:)
直接用系统自带的 EDIT.COM 编辑器打开就行了,
那多余的加密“字符”直接删掉,存盘:)
作者: aspirer 时间: 2006-11-23 05:58
好奇之下,正想问bat怎么加密解密了呢,4楼的已经先回答了。真神!
作者: baepyygy 时间: 2006-11-23 06:38
嗯,明白了。。。。我用Uedit32打开它。。改了。。哈哈
作者: caicai 时间: 2007-1-15 01:30
不错,偶要了一个研究一下!
作者: fengjing001 时间: 2007-1-15 04:50
学海无涯。。。佩服佩服。