360安全卫士v8.2正式版中的“文件粉碎机”功能尚可,但如何将它提取出来作为一个绿色软件呢?网上搜了一下还是有很多人有同样的疑问,在此给出我的方法。
链接:360文件粉碎机便携版(http://download.csdn.net/detail/ty_love/3740382)
相关文件列表:
360FileSmasher\AntiRK.dll
360FileSmasher\MiniUI.dll
360FileSmasher\Utils\FileSmasher.exe //主程序
360FileSmasher\Utils\filelog.log
360FileSmasher\config\config.xml
360FileSmasher\config\FileSmash.xml
360FileSmasher\Config\defaultskin\Skin.jpg
360FileSmasher\Config\defaultskin\MiniUI.xml
360FileSmasher\Config\defaultskin\defaultskin.ui
由于主程序FileSmasher.exe在Utils目录下使用不便,必须修改FileSmasher.exe方可去除。
经过调试发现修改点有如下几处:
0040A725 . 8B1D C8804200 MOV EBX,DWORD PTR DS:[<&KERNEL32.GetModuleFileNameW>
0040A72B . 8B3D C8854200 MOV EDI,DWORD PTR DS:[<&SHLWAPI.PathRemoveFileSpecW>
0040A731 . B8 01000000 MOV EAX,1
0040A736 . A3 B8034300 MOV DWORD PTR DS:[4303B8],EAX
0040A73B . A3 CC034300 MOV DWORD PTR DS:[4303CC],EAX
0040A740 . A1 C4034300 MOV EAX,DWORD PTR DS:[4303C4]
0040A745 . 3BC6 CMP EAX,ESI
0040A747 . 74 0C JE SHORT FileSmas.0040A755
0040A749 . 3935 C8034300 CMP DWORD PTR DS:[4303C8],ESI
0040A74F . 0F85 CB000000 JNZ FileSmas.0040A820
0040A755 > 8D4C24 34 LEA ECX,DWORD PTR SS:[ESP+34]
0040A759 . 68 00040000 PUSH 400
0040A75E . 51 PUSH ECX
0040A75F . 56 PUSH ESI
0040A760 . FFD3 CALL EBX
0040A762 . 8D5424 34 LEA EDX,DWORD PTR SS:[ESP+34]
0040A766 . 52 PUSH EDX
0040A767 . FFD7 CALL EDI
0040A769 . A1 CC034300 MOV EAX,DWORD PTR DS:[4303CC]
0040A76E . 33C0 Test EAX,EAX //第一处 test eax,eax 改为XOR EAX,EAX GetMiniUI
0040A770 . /7E 11 JLE SHORT FileSmas.0040A783
0040A772 |8D4424 34 LEA EAX,DWORD PTR SS:[ESP+34]
0040A776 . |50 PUSH EAX
0040A777 . |FFD7 CALL EDI
0040A779 . |A1 CC034300 MOV EAX,DWORD PTR DS:[4303CC]
0041BF56 . 68 00040000 PUSH 400
0041BF5B . 50 PUSH EAX
0041BF5C . 6A 00 PUSH 0
0041BF5E . FF15 C8804200 CALL DWORD PTR DS:[<&KERNEL32.GetModuleFileNameW>]
0041BF64 . 8B3D C8854200 MOV EDI,DWORD PTR DS:[<&SHLWAPI.PathRemoveFileSpecW>]
0041BF6A . 8D4C24 0C LEA ECX,DWORD PTR SS:[ESP+C]
0041BF6E . 51 PUSH ECX
0041BF6F . FFD7 CALL EDI
0041BF71 . A1 CC034300 MOV EAX,DWORD PTR DS:[4303CC]
0041BF76 . 33F6 XOR ESI,ESI
0041BF78 . 85C0 TEST EAX,EAX //第二处改为 xor eax,eax GetMiniUI2
0041BF7A . 7E 11 JLE SHORT FileSmas.0041BF8D
0041BF7C > 8D5424 0C LEA EDX,DWORD PTR SS:[ESP+C]
0041BF80 . 52 PUSH EDX
0041BF81 . FFD7 CALL EDI
0041BF83 . A1 CC034300 MOV EAX,DWORD PTR DS:[4303CC]
00416683 . 68 00040000 PUSH 400
00416688 . 50 PUSH EAX
00416689 . 6A 00 PUSH 0
0041668B . FF15 C8804200 CALL DWORD PTR DS:[<&KERNEL32.GetModuleFileNameW>]
00416691 . 8B1D C8854200 MOV EBX,DWORD PTR DS:[<&SHLWAPI.PathRemoveFileSpecW>
00416697 . 8D4C24 30 LEA ECX,DWORD PTR SS:[ESP+30]
0041669B . 51 PUSH ECX
0041669C . FFD3 CALL EBX
0041669E . A1 CC034300 MOV EAX,DWORD PTR DS:[4303CC]
004166A3 . 33F6 XOR ESI,ESI
004166A5 . 85C0 TEST EAX,EAX //第三处改为 xor eax,eax GetMiniUI3
004166A7 . 7E 11 JLE SHORT FileSmas.004166BA
004166A9 > 8D5424 30 LEA EDX,DWORD PTR SS:[ESP+30]
004166AD . 52 PUSH EDX
004166AE . FFD3 CALL EBX
004166B0 . A1 CC034300 MOV EAX,DWORD PTR DS:[4303CC]
00413CCB . A1 CC034300 MOV EAX,DWORD PTR DS:[4303CC]
00413CD0 . 33F6 XOR ESI,ESI
00413CD2 . 3BC5 CMP EAX,EBP
00413CD4 . EB 11 Jle SHORT FileSmas.00413CE7 //第四处改为 Jmp 00413CE7
00413CD6 > 8D5424 3C LEA EDX,DWORD PTR SS:[ESP+3C]
00413CDA . 52 PUSH EDX
00413CDB . FFD7 CALL EDI
00413CDD . A1 CC034300 MOV EAX,DWORD PTR DS:[4303CC]
00413CE2 . 46 INC ESI
00413CE3 . 3BF0 CMP ESI,EAX
00413CE5 .^ 7C EF JL SHORT FileSmas.00413CD6
00413CE7 > 8D4424 3C LEA EAX,DWORD PTR SS:[ESP+3C]
00413CEB . 68 0CE24200 PUSH FileSmas.0042E20C
00413CF0 . 8D4C24 40 LEA ECX,DWORD PTR SS:[ESP+40]
00413CF4 . 50 PUSH EAX
00413CF5 . 51 PUSH ECX
00413CF6 . FF15 CC854200 CALL DWORD PTR DS:[<&SHLWAPI.PathCombine>
//nop掉下面三行代码
0040C447 |. 8D8424 0C0800>LEA EAX,DWORD PTR SS:[ESP+80C]
0040C44E |. 50 PUSH EAX
0040C44F |. FF15 C8854200 CALL DWORD PTR DS:[<&SHLWAPI.PathRemoveFileSpecW>]
变为如下的样子:
0040C431 |. 68 00080000 PUSH 800
0040C436 |. F3:AB REP STOS DWORD PTR ES:[EDI]
0040C438 |. 8D8C24 100800>LEA ECX,DWORD PTR SS:[ESP+810]
0040C43F |. 51 PUSH ECX
0040C440 |. 52 PUSH EDX
0040C441 |. FF15 C8804200 CALL DWORD PTR DS:[<&KERNEL32.GetModuleFileNameW>
0040C447 |. 90 NOP //重新定位Config\defaultskin 必须nop掉源代码
0040C448 |. 90 NOP
0040C449 |. 90 NOP
0040C44A |. 90 NOP
0040C44B |. 90 NOP
0040C44C |. 90 NOP
0040C44D |. 90 NOP
0040C44E |. 90 NOP
0040C44F |. 90 NOP
0040C450 |. 90 NOP
0040C451 |. 90 NOP
0040C452 |. 90 NOP
0040C453 |. 90 NOP
这样FileSmasher.exe就可以从Utils目录复制到上一层目录,剩下多余的Utils目录删除即可。在去除Utils目录后仍存在只能删除文件不能删除文件夹的问题,还需修改以下几处:
从0040FEB2 开始处替换成如下的机器码:
8B 45 F0 50 FF 15 C4 80 42 00 53 FF 15 C0 80 42 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
8B 55 0C 90 90 90
变成这个样子:
0040FEB2 |> \8B45 F0 MOV EAX,DWORD PTR SS:[EBP-10]
0040FEB5 |. 50 PUSH EAX
0040FEB6 |. FF15 C4804200 CALL DWORD PTR DS:[<&KERNEL32.FindClose>>
0040FEBC |. 53 PUSH EBX
0040FEBD |. FF15 C0804200 CALL DWORD PTR DS:[<&KERNEL32.RemoveDire>
0040FEC3 |. 90 NOP
0040FEC4 |. 90 NOP
……………………………………..
把004100CE开始的FindClose也nop掉
004100CE 90 NOP
004100CF 90 NOP
004100D0 90 NOP
004100D1 90 NOP
004100D2 90 NOP
004100D3 90 NOP
004100D4 90 NOP
004100D5 90 NOP
004100D6 90 NOP
004100D7 90 NOP
如果你觉得日志文件filelog.log没多大用处,可以修改如下位置,跳过每次粉碎后更新该文件的代码。
00411DE8 |. 8B4424 10 MOV EAX,DWORD PTR SS:[ESP+10]
00411DEC |. 8B7C24 38 MOV EDI,DWORD PTR SS:[ESP+38]
00411DF0 |. 57 PUSH EDI
00411DF1 |. 50 PUSH EAX
00411DF2 |. 8B10 MOV EDX,DWORD PTR DS:[EAX]
00411DF4 |. FF52 14 CALL DWORD PTR DS:[EDX+14]
00411DF7 |. 3BC6 CMP EAX,ESI
00411DF9 7C 1A JL SHORT FileSmas.00411E15 //改为 JMP SHORT 00411E15 跳过保存删除日志
00411DFB |. 6A 64 PUSH 64 ; /Timeout = 100. ms
00411DFD |. FF15 88804200 CALL DWORD PTR DS:[<&KERNEL32.Sleep>>; \Sleep
00411E03 |. 8B4424 44 MOV EAX,DWORD PTR SS:[ESP+44]
00411E07 |. 8B4C24 34 MOV ECX,DWORD PTR SS:[ESP+34]
00411E0B |. 50 PUSH EAX
00411E0C |. 57 PUSH EDI
00411E0D |. 51 PUSH ECX
00411E0E |. E8 4D000000 CALL FileSmas.00411E60 //写入删除日志到filelog.log
这样filelog.log文件就成了多余的,删除即可。
通过以上修改,功能符合要求,欢迎使用!
天易love
2011-11-1
支付宝扫一扫
微信扫一扫
.png)
.png)
