vbs

关注公众号 jb51net

关闭
首页 > 脚本专栏 > vbs > VBS脚本 免杀版

VBS脚本加密/解密VBS脚本(简易免杀版1.1)

作者:

由于杀软的原因使得“加密/解密VBS脚本”版不能正常使用,于是修改了一下加密函数逃避杀软,但同 1.0版一样由宿主解释执行脚本的特性注定了这种加密是可逆并非常脆弱的,WScript.Echo 一下Execute 后的内容即可显示源码了。 算法大家可任意改。。。。。
Dim WshSHell,FSO
On Error Resume Next
Set WshSHell = WScript.CreateObject("WScript.Shell")
Set FSO = CreateObject("Scripting.FileSystemObject")
Set Args = WScript.Arguments
Ver="1.1"
CloseTime = 5
FileName = WScript.ScriptName
FileFullName = WScript.ScriptFullName
FilePath = FSO.GetParentFolderName(FileFullName)
InsPath = FSO.GetSpecialFolder(1)
InsFullName = FSO.BuildPath(InsPath ,FileName)
Copyright="废铁"
QQ="QQ:415736"
Email="Email:415736@163.com"
InsTitle="加密/解密VBS脚本(简易免杀版)"&Ver
InsAnswer="加密/解密VBS脚本(简易免杀版)"&Ver
RegPath1="HKEY_CLASSES_ROOT\vbsfile\shell\EnCode_VBS\"
RegValue1="加密/解密VBS脚本"&Ver
RegForm1="REG_SZ"
RegPath2="HKEY_CLASSES_ROOT\vbsfile\shell\EnCode_VBS\command\"
RegValue2="wscript.exe " & chr(34) & InsFullName & chr(34) & " " & chr(34) & "%L" & chr(34)
RegPath3="HKEY_CLASSES_ROOT\vbsfile\shell\EnCode_VBS\EnCode_Very"
RegValue3="0"
RegValue4="1"
IF FileFullName <> InsFullName then
intAnswer = MsgBox("【是】将“"+ InsAnswer +"”加入到右键菜单,"&Chr(10)&Chr(10)&"【否】将“
"+ InsAnswer +"”从右键菜单删除。 ", vbQuestion + vbYesNoCancel, "安装 - "+ InsTitle +" - "+ 
Copyright)
    If intAnswer = vbYes Then
WshSHell.RegWrite RegPath1,RegValue1,RegForm1
WshSHell.RegWrite RegPath2,RegValue2,RegForm1
WshSHell.RegWrite RegPath3,RegValue4,RegForm1
FSO.GetFile(FileFullName).Copy(InsFullName)
WshSHell.popup _
"添加脚本文件:"+chr(10)+InsFullName+chr(10)+chr(10)+ _
"添加注册表项:"+chr(10)+chr(34)+ RegPath1 +chr(34)+chr(10)+ _
chr(10) & CloseTime & " 秒钟后本窗口将自动关闭!" +chr(10)+chr(10)+ _
chr(10) & "Copyright(C)  " + Copyright +"   " & QQ &"   " + Email _
, CloseTime, "安装成功 - "+ InsTitle +" - "+ Copyright, 0 + 64
end if
        If intAnswer = vbNo Then
WshSHell.RegDelete RegPath3
WshSHell.RegDelete RegPath2
WshSHell.RegDelete RegPath1
FSO.DeleteFile InsFullName
WshSHell.popup _
"删除脚本文件:"+chr(10)+InsFullName+chr(10)+chr(10)+ _
"删除注册表项:"+chr(10)+chr(34)+ RegPath1 +chr(34)+chr(10)+ _
chr(10) & CloseTime & " 秒钟后本窗口将自动关闭!" +chr(10)+chr(10)+ _
chr(10) & "Copyright(C)  " + Copyright +"   " & QQ &"   " + Email _
, CloseTime, "卸载成功 - "+ InsTitle +" - "+ Copyright, 0 + 64
end if
ELSE
Package = WScript.Arguments.Item(0)
PkgName=FSO.GetBaseName(Package)
PkgPath=FSO.GetParentFolderName(Package)
Set ReadFile = FSO.OpenTextFile(Package, 1)
ReadAllTextFile=ReadFile.ReadAll
if left(ReadAllTextFile,10)<>"Rem EnCode" then
EnCodePanDuan="Rem EnCode-Easy By QQ:415736"
CodeString=ReadAllTextFile
For i=1 To Len(CodeString)
TempNum = Asc(Mid(CodeString,i,1))
If TempNum = 13 Then
TempNum = 28
ElseIf TempNum = 10 Then
TempNum = 29
elseif TempNum=34 Then
TempNum = 18
elseif TempNum>96 and TempNum<110 then
TempNum=TempNum+13
elseif TempNum>109 and TempNum<123 then
TempNum=TempNum-13
elseif TempNum>47 and TempNum<53 then
TempNum=TempNum+5
elseif TempNum>52 and TempNum<58 then
TempNum=TempNum-5
End If
ThisText = ThisText & chr(TempNum)
Next
Call EnCodeFile
Else
Call UnCodeFile
end if
End if
Set WshSHell = Nothing
Set FSO = Nothing
Set Args = Nothing
WScript.Quit(0)
Sub EnCodeFile()
Set NewFile = FSO.CreateTextFile(FSO.BuildPath(PkgPath ,PkgName&"_Encode.VBS"), True)
NewFile.WriteLine(EnCodePanDuan)
NewFile.WriteLine("ExeString="&chr(34)&ThisText&chr(34))
NewFile.WriteLine("Execute("&chr(34)&"For i=1 To Len(ExeString)"&chr(34)&"&vbCrLf&"&chr(34)
&"TempNum = Asc(Mid(ExeString,i,1))"&chr(34)&"&vbCrLf&"&chr(34)&"If TempNum = 28 Then"&chr
(34)&"&vbCrLf&"&chr(34)&"TempNum = 13"&chr(34)&"&vbCrLf&"&chr(34)&"ElseIf TempNum = 29 
Then"&chr(34)&"&vbCrLf&"&chr(34)&"TempNum = 10"&chr(34)&"&vbCrLf&"&chr(34)&"elseif 
TempNum=18 Then"&chr(34)&"&vbCrLf&"&chr(34)&"TempNum = 34"&chr(34)&"&vbCrLf&"&chr(34)
&"elseif TempNum>96 and TempNum<110 then"&chr(34)&"&vbCrLf&"&chr(34)
&"TempNum=TempNum+13"&chr(34)&"&vbCrLf&"&chr(34)&"elseif TempNum>109 and TempNum<123 
then"&chr(34)&"&vbCrLf&"&chr(34)&"TempNum=TempNum-13"&chr(34)&"&vbCrLf&"&chr(34)&"elseif 
TempNum>47 and TempNum<53 then"&chr(34)&"&vbCrLf&"&chr(34)&"TempNum=TempNum+5"&chr(34)
&"&vbCrLf&"&chr(34)&"elseif TempNum>52 and TempNum<58 then"&chr(34)&"&vbCrLf&"&chr(34)
&"TempNum=TempNum-5"&chr(34)&"&vbCrLf&"&chr(34)&"End If"&chr(34)&"&vbCrLf&"&chr(34)
&"ThisText = ThisText & chr(TempNum)"&chr(34)&"&vbCrLf&"&chr(34)&"Next"&chr(34)&")")
NewFile.WriteLine("Execute(ThisText)")
NewFile.Close
WshShell.popup chr(10) &_
"加密成功了!保存为文件:"+ chr(10) &chr(10) & _
FSO.BuildPath(PkgPath ,PkgName&"_Encode.VBS")+chr(10)+chr(10)+ _
chr(10) & CloseTime & " 秒钟后本窗口将自动关闭!" +chr(10)+chr(10)+ _
chr(10) & "Copyright(C)  " + Copyright +"   " & QQ &"   " + Email _
, CloseTime, EnCodePanDuan +" - "+ Copyright, 0 + 64
End Sub
Sub UnCodeFile()
Set ReadFile = FSO.OpenTextFile(Package, 1)
ReadLineTextFile1=ReadFile.ReadLine
ReadLineTextFile2=ReadFile.ReadLine
ReadLineTextFile3=ReadFile.ReadLine
ReadFile.Close
Set NewFile = FSO.CreateTextFile(FSO.BuildPath(PkgPath ,PkgName&"_Uncode.VBS"), True)
NewFile.WriteLine(ReadLineTextFile2)
NewFile.WriteLine(ReadLineTextFile3)
NewFile.WriteLine("EnCodePanDuan="&chr(34)&ReadLineTextFile1&chr(34)&vbCrLf&"EnCodePD="&chr
(34)&"Rem EnCode-Very By QQ:415736"&chr(34)&vbCrLf&"For i=1 To Len
(ThisText)"&vbCrLf&"TempNum = Asc(Mid(ThisText,i,1))"&vbCrLf&"TempChar = Chr
(TempNum)"&vbCrLf&"if EnCodePanDuan=EnCodePD then"&vbCrLf&"If TempChar = Chr(58) 
Then"&vbCrLf&"TempChar = Chr(13)"&vbCrLf&"End If"&vbCrLf&"End If"&vbCrLf&"ThisTextTem = 
ThisTextTem & TempChar"&vbCrLf&"Next")
NewFile.WriteLine("strCode = (ThisTextTem)"&vbCrLf&"Set WshSHell = WScript.CreateObject
("&chr(34)&"WScript.Shell"&chr(34)&")"&vbCrLf&"Set FSO = CreateObject("&chr(34)
&"Scripting.filesystemobject"&chr(34)&")"&vbCrLf&"FileName = 
WScript.ScriptName"&vbCrLf&"Set fC = FSO.OpenTextFile(FileName, 2, true)"&vbCrLf&"fC.Write 
strCode"&vbCrLf&"fC.Close"&vbCrLf&"Set WshSHell = Nothing"&vbCrLf&"Set FSO = 
Nothing"&vbCrLf&"WScript.Quit(0)")
NewFile.Close
WScript.Sleep 1500
WshSHell.Run (chr(34)&FSO.BuildPath(PkgPath ,PkgName&"_Uncode.VBS")&chr(34)), vbHide
WshShell.popup chr(10) &_
"解密成功了!保存为文件:"+ chr(10) &chr(10) & _
FSO.BuildPath(PkgPath ,PkgName&"_Uncode.VBS")+chr(10)+chr(10)+ _
chr(10) & CloseTime & " 秒钟后本窗口将自动关闭!" +chr(10)+chr(10)+ _
chr(10) & "Copyright(C)  " + Copyright +"   " & QQ &"   " + Email _
, CloseTime, "解密成功 - "+ InsTitle +" - "+ Copyright, 0 + 64
End Sub

阅读全文