本帖最后由 川建国代理人 于 2020-7-21 15:51 编辑
通俗来说就是将一张正常的png或者jpg格式的图片文件中嵌入php编写好的木马代码,但是一般不会是很长的代码,不然原图片就因格式错误而且无法打开,每个图片都有可能是一句话木马的镶嵌母体,打开图片后,其中代码就会就会运行。
举个例子:
- program exe2jpg;
- uses
- Windows,
- SysUtils;
- var len,row,col,fs: DWORD;
- buffer: array[0..255]of char;
- fd: WIN32_FIND_DATA;
- h,hw: THandle;
- begin
- if (ParamStr(1)<>'') and(ParamStr(2)<>'') then begin //如果运行后没有两个参数则退出
- if FileExists(ParamStr(1)) then begin
- FindFirstFile(Pchar(ParamStr(1)),fd);
- fs:=fd.nFileSizeLow;
- col := 4;
- while true do begin
- if (fs mod 12)=0 then begin
- len:=fs;
- end else len:=fs+12-(fs mod 12);
- row := len div col div 3;
- if row>col then begin
- col:=col+4;
- end else Break;
- end;
- FillChar(buffer,256,0);
- {一下为JPG文件头数据}
- Buffer[0]:='B';Buffer[1]:='M';
- PDWORD(@buffer[18])^:=col;
- PDWORD(@buffer[22])^:=row;
- PDWORD(@buffer[34])^:=len;
- PDWORD(@buffer[2])^:=len+54;
- PDWORD(@buffer[10])^:=54;
- PDWORD(@buffer[14])^:=40;
- PWORD(@buffer[26])^:=1;
- PWORD(@buffer[28])^:=24;
- {写入文件}
- hw:=CreateFile(Pchar(ParamStr(2)),GENERIC_WRITE,FILE_SHARE_READ or
- FILE_SHARE_WRITE,nil,CREATE_ALWAYS,0,0);
- h:=CreateFile(Pchar(ParamStr(1)),GENERIC_READ,FILE_SHARE_READ or
- FILE_SHARE_WRITE,nil,OPEN_EXISTING,0,0);
- WriteFile(hw,buffer,54,col,0);
- repeat
- ReadFile(h,buffer,256,col,0);
- WriteFile(hw,buffer,col,col,0);
- untilcol<>256;
- WriteFile(hw,buffer,len-fs,col,0);
- CloseHandle(h);
- CloseHandle(hw);
- end;
- end;
- end.
复制代码
|