名智的NETX.EXE剖析.不是高手不要进!!!
说到名智的NETX.EXE的用途可大了.如果没有了他.名智在好.也是堆破数据.(
名智的人不要打我了.呵呵.我是开玩笑的.)
让我们先看一下名智公司自豪的重建和目录注销功能吧!在我的UltraEdit-32中.他的做法,都
暴露无遗.
COPY /Y 这个命令实在是高.
大家在研究一下名智的启动过程
在跑到代码中.一目了然.
char var3_afb [ 14 ] = “\\OK\%s\0WZ\0I:”;
char var3_b09 [ 6 ] = “Mz&oK”;
char var3_b0f [ 6 ] = “I:\WZ”;
char var3_b15 [ 21 ] = “G:\WZ.STZ\SYSTEM.DAT”;
char var3_b2a [ 19 ] = “G:\WZ.STZ\USER.DAT”;
char var3_b3d [ 18 ] = “F:\WZ\COMMAND.COM”;
char var3_b4f [ 32 ] = “/C COPY /Y G:\WZ.STZ I:\WZ >NUL”;
char var3_b6f [ 13 ] = “I:\WZ\CONFIG”;
char var3_b7c [ 42 ] = “/C COPY /Y H:\WZ\CONFIG I:\WZ\CONFIG >NUL”;
char var3_ba6 [ 15 ] = “I:\WZ\SYSTEM32”;
char var3_bb5 [ 23 ] = “I:\WZ\SYSTEM32\DRIVERS”;
char var3_bcc [ 62 ] = “/C COPY /Y H:\WZ\SYSTEM32\DRIVERS I:\WZ\SYSTEM32\D”
“RIVERS >NUL”;
char var3_c0a [ 18 ] = “H:\WZ\REGEDIT.EXE”;
char var3_c1c [ 17 ] = “I:\WZ\WIN.REG\0wt”;
char var3_c2d [ 9 ] = “REGEDIT4”;
char var3_c36 [ 83 ] = “[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Contr”
“ol\ComputerName\ComputerName]\0\n”
“"”;
char var3_c89 [ 23 ] = “ComputerName"="%03d"\n”
“\n”;
char var3_ca0 [ 65 ] = “[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servi”
“ces\VxD\MSTCP]”;
char var3_ce1 [ 19 ] = “HostName"="%03d"\n”
“\n”;
char var3_cf4 [ 75 ] = “[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servi”
“ces\Class\NetTrans\0001]”;
char var3_d3f [ 15 ] = “\n”
“"IPAddress"="”;
char var3_d4e [ 18 ] = “192.168.0.%03d"\n”
“\n”;
char var3_d60 [ 71 ] = “[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur”
“rentVersion\RunOnce]”;
char var3_da7 [ 19 ] = “\n”
“"L1"="Grpconv -s"”;
char var3_dba [ 33 ] = “\n”
“"L2"="G:\\OICQ\\OICQD.EXE NeW"\n”;
char var3_ddb [ 78 ] = “/C H:\WZ\REGEDIT.EXE /L:I:\WZ\SYSTEM.DAT /R:I:\WZ\”
“USER.DAT I:\WZ\WIN.REG >NUL”;
char var3_e29 [ 15 ] = “USE F: %s /YES”;
char var3_e38 [ 14 ] = “F:\WZ\NET.EXE”;
char var3_e46 [ 4 ] = “r+b”;
char var3_e4a [ 12 ] = “RTL8139.INI”;
char var3_e56 [ 13 ] = “PROTOCOL.INI”;
char var3_e63 [ 10 ] = “RTSND.DOS”;
char var3_e6d [ 12 ] = “RTL8029.INI”;
char var3_e79 [ 10 ] = “PCIND.DOS”;
char var3_e83 [ 11 ] = “C:\WINDOWS”;
char var3_e8e [ 7 ] = “C:\DOS”;
char var3_e95 [ 15 ] = “F:\4162770.731”;
char var3_ea4 [ 9 ] = “LOGO.SYS”;
char var3_ead [ 13 ] = “NWRPLTRM.EXE”;
char var3_eba [ 10 ] = “998 F: /Y”;
char var3_ec4 [ 9 ] = “F:\WZ”;
char var3_ecd [ 12 ] = “@SETVER.EXE”;
char var3_ed9 [ 17 ] = “F:\WZ\SETVER.EXE”;
char var3_eea [ 46 ] = “/C SETVER.EXE -sMz&oK4120859 -o -d F:\WZ >NUL”;
char var3_f18 [ 11 ] = “FIXMEM.COM”;
char var3_f23 [ 13 ] = “SNAPSHOT.EXE”;
char var3_f30 [ 11 ] = “/S /B:F /R”;
char var3_f3b [ 32 ] = “/C SETMDIR.EXE /M /R:F:\WZ >NUL”;
char var3_f5b [ 29 ] = “/C NET.EXE START NWLINK >NUL”;
char var3_f78 [ 57 ] = “/C ECHO:|NET.EXE LOGON 0731-4153621 /SAVEPW:NO /YE”
“S >NUL”;
char var3_fb1 [ 18 ] = “F:\WZ\RTL8029.INI”;
char var3_fc3 [ 18 ] = “F:\WZ\RTL8139.INI”;
char var3_fd5 [ 16 ] = “F:\WZ\PCIND.DOS”;
char var3_fe5 [ 16 ] = “F:\WZ\RTSND.DOS”;
char var3_ff5 [ 18 ] = “F:\WZ\PROTMAN.EXE”;
char var3_1007 [ 18 ] = “F:\WZ\PROTMAN.DOS”;
char var3_1019 [ 18 ] = “F:\WZ\NDISHLP.SYS”;
char var3_102b [ 19 ] = “F:\WZ\SNAPSHOT.EXE”;
char var3_103e [ 19 ] = “F:\WZ\PROTOCOL.INI”;
char var3_1051 [ 17 ] = “F:\WZ\FIXMEM.COM”;
char var3_1062 [ 18 ] = “F:\WZ\SETMDIR.EXE”;
char var3_1074 [ 55 ] = "/C NWRPLTRM.EXE -smZ&Ok4153621 -o -d F:\WZ\SYSTEM "
“>NUL”;
char var3_10ab [ 19 ] = “F:\WZ\NWRPLTRM.EXE”;
char var3_10be [ 5 ] = “Game”;
char var3_10c3 [ 22 ] = “USE G: \\OK\MENU /YES”;
char var3_10d9 [ 20 ] = “TIME \\OK /SET /YES”;
char var3_10ed [ 30 ] = “USE H: \\OK\0731-4126075 /YES”;
char var3_110b [ 6 ] = “I:\WG”;
char var3_1111 [ 7 ] = “School”;
char var3_1118 [ 22 ] = “USE G: \\OK\SOFT /YES”;
char var3_112e [ 30 ] = “USE H: \\OK\0731-4162770 /YES”;
char var3_114c [ 6 ] = “I:\JX”;
char var3_1152 [ 20 ] = “USE G: \\OK\IE /YES”;
char var3_1166 [ 30 ] = “USE H: \\OK\0731-4153621 /YES”;
char var3_1184 [ 23 ] = “\n”
“Start Windows 98 …”;
char var3_119b [ 12 ] = “\\OK\WINDIR”;
char var3_11a7 [ 21 ] = “I:\OCTOPUS\SHARE.EXE”;
char var3_11bc [ 27 ] = “oK&Mz5E:\OCTOPUS\SHARE.EXE”;
char var3_11d7 [ 6 ] = “oK&Mz”;
char var3_11dd [ 16 ] = “H:\WZ\TASKS\.”;
char var3_11ed [ 13 ] = “H:\WZ\TASKS\”;
char var3_11fa [ 11 ] = “G:\OCTOPUS”;
char var3_1205 [ 14 ] = “F:\WZ\WIN.COM”;
char var3_1213 [ 7 ] = “PATH=F”;
char var3_121a [ 31 ] = “PATH=F:\WZ;H:\WZ;H:\WZ\COMMAND”;
char var3_1239 [ 17 ] = “F:\WZ\SYSTEM.DAT”;
char var3_124a [ 17 ] = “F:\WZ\WIN386.SWP”;
char var3_125b [ 37 ] = “\n”
“Start Windows 98 …”;
在说说.关于8029的问题.大家看过源程序,都明白了.名智在NETX.EXE中加过8029
了.但为什么又不能用8029了,分析原因.第一:名智的人做事马虎.但又不可能
不会8月不行.又10月不.只到现在又没有一个很好的结果?名智你什么了?我晕
第二:名智RPL跟本上不了8029?我又晕.我要吃些晕头药了.不能上为什么又要加
上启动8029的源程序.不会是加上好看的吧.哈哈.分析结果名智的人太笨.不会加
在说名智加注册表时.也是个高~~~~
启动~~~
char var3_afb [ 14 ] = “\\OK\%s\0WZ\0I:”;
char var3_b09 [ 6 ] = “Mz&oK”;
char var3_b0f [ 6 ] = “I:\WZ”;
char var3_b15 [ 21 ] = “G:\WZ.STZ\SYSTEM.DAT”;
char var3_b2a [ 19 ] = “G:\WZ.STZ\USER.DAT”;
char var3_b3d [ 18 ] = “F:\WZ\COMMAND.COM”;
char var3_b4f [ 32 ] = “/C COPY /Y G:\WZ.STZ I:\WZ >NUL”;
char var3_b6f [ 13 ] = “I:\WZ\CONFIG”;
char var3_b7c [ 42 ] = “/C COPY /Y H:\WZ\CONFIG I:\WZ\CONFIG >NUL”;
char var3_ba6 [ 15 ] = “I:\WZ\SYSTEM32”;
char var3_bb5 [ 23 ] = “I:\WZ\SYSTEM32\DRIVERS”;
char var3_bcc [ 62 ] = “/C COPY /Y H:\WZ\SYSTEM32\DRIVERS I:\WZ\SYSTEM32\D”
“RIVERS >NUL”;
char var3_c0a [ 18 ] = “H:\WZ\REGEDIT.EXE”;
char var3_c1c [ 17 ] = “I:\WZ\WIN.REG\0wt”;
char var3_c2d [ 9 ] = “REGEDIT4”;
char var3_c36 [ 83 ] = “[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Contr”
“ol\ComputerName\ComputerName]\0\n”
“"”;
char var3_c89 [ 23 ] = “ComputerName"="%03d"\n”
“\n”;
char var3_ca0 [ 65 ] = “[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servi”
“ces\VxD\MSTCP]”;
char var3_ce1 [ 19 ] = “HostName"="%03d"\n”
“\n”;
char var3_cf4 [ 75 ] = “[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servi”
“ces\Class\NetTrans\0001]”;
char var3_d3f [ 15 ] = “\n”
“"IPAddress"="”;
char var3_d4e [ 18 ] = “192.168.0.%03d"\n”
“\n”;
char var3_d60 [ 71 ] = “[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur”
“rentVersion\RunOnce]”;
char var3_da7 [ 19 ] = “\n”
“"L1"="Grpconv -s"”;
char var3_dba [ 33 ] = “\n”
“"L2"="G:\\OICQ\\OICQD.EXE NeW"\n”;
char var3_ddb [ 78 ] = “/C H:\WZ\REGEDIT.EXE /L:I:\WZ\SYSTEM.DAT /R:I:\WZ\”
“USER.DAT I:\WZ\WIN.REG >NUL”;
太累了.我先休息会.有空在详细分析名智.