该文件中，含有后门木马特征，请谨慎使用

liguhe · 发表于 2014-11-30 00:25

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Windows;
using System.Windows.Controls;
using System.Windows.Data;
using System.Windows.Documents;
using System.Windows.Input;
using System.Windows.Media;
using System.Windows.Media.Imaging;
using System.Windows.Shapes;
using System.IO;
using System.Xml;
using System.Data.SqlClient;
using System.Data;
using Hd.Common.DEncrypt;
using System.Diagnostics;

namespace Hd.Socket.WpfServer
{

public partial class WindowSet : Window
{

      string strFileName = AppDomain.CurrentDomain.BaseDirectory.ToString() + "Database.config";
      string strKeyFileName = AppDomain.CurrentDomain.BaseDirectory.ToString() + "Key.config";
      string strAppFileName = AppDomain.CurrentDomain.BaseDirectory.ToString() + "WpfServer.exe.config";
      public WindowSet()
      {
         InitializeComponent();
         this.ResizeMode = ResizeMode.CanMinimize;
         Init();
      }

      private void Init()
      {
         try
         {
            if (File.Exists(strKeyFileName))
            {
                  string RegisterCode = "";
                  RegisterCode = File.ReadAllText(strKeyFileName);
                  txtRegistration.Text = RegisterCode;
            }
            else
            {
                  MessageBox.Show("配置文件丢失");
            }
            if (File.Exists(strFileName))
            {
                  string[] strarray=Hd.DBUtility.PubConstant.ConnectionString.Split(';');
                  txbServer.Text = strarray[0].Replace("server=", "");
                  txbDataBase.Text = strarray[1].Replace("database=", "");
                  txbUser.Text = strarray[2].Replace("uid=", "");
                  txbPwd.Text = strarray[3].Replace("pwd=", "");
            }
            else
            {
                  MessageBox.Show("配置文件丢失");
            }

            List<Model.ServerCodes> serverlist = new Hd.BLL.ServerCodesExt().GetCanUserServerList(Hd.Socket.Server.SocketServer.m_FlagGUID);
            cbxServer.ItemsSource = serverlist;
            cbxServer.DisplayMemberPath = "ServerName";
            cbxServer.SelectedValuePath = "ServerCode";
            if (serverlist.Count > 0)
            {
                  cbxServer.SelectedIndex = 0;
            }
         }
         catch (Exception ex)
         {
            MessageBox.Show(ex.Message);
         }
      }

      private void btnRegistration_Click(object sender, RoutedEventArgs e)
      {
         try
         {
            File.WriteAllText(strKeyFileName, txtRegistration.Text.Trim());
            MessageBox.Show("修改成功，请重新运行系统！");
         }
         catch (Exception ex)
         {
            MessageBox.Show(ex.Message);
         }
      }

      private void btnTest_Click(object sender, RoutedEventArgs e)
      {
         if (IsCanConnect())
         {
            MessageBox.Show("连接成功！");
         }
         else
         {
            MessageBox.Show("连接失败！");
         }
      }

      private bool IsCanConnect()
      {
         string ConnectionString = string.Format("server={0};database={1};uid={2};pwd={3};Connection Timeout=6;", txbServer.Text.Trim(), txbDataBase.Text.Trim(), txbUser.Text.Trim(), txbPwd.Text.Trim());
         using (SqlConnection mySqlConnection = new SqlConnection(ConnectionString))
         {
            bool IsCanConnectioned = false;

            try
            {

                  mySqlConnection.Open();
                  IsCanConnectioned = true;
            }
            catch
            {
                  IsCanConnectioned = false;
            }
            finally
            {
                  mySqlConnection.Close();
            }
            if (mySqlConnection.State == ConnectionState.Closed || mySqlConnection.State == ConnectionState.Broken)
            {
                  return IsCanConnectioned;
            }
            else
            {
                  return IsCanConnectioned;
            }
         }
      }

      private void btnConnection_Click(object sender, RoutedEventArgs e)
      {
         try
         {
            if (File.Exists(strFileName))
            {
                  string ConnectionString = string.Format("server={0};database={1};uid={2};pwd={3};Connection Timeout=6;", txbServer.Text.Trim(), txbDataBase.Text.Trim(), txbUser.Text.Trim(), txbPwd.Text.Trim());
                  string Encrypt = (cbxEncryption.SelectedItem as ComboBoxItem).Tag.ToString();
                  if (Encrypt.Equals("true"))
                  {
                     ConnectionString = DESEncrypt.Encrypt(ConnectionString);
                  }
                  XmlDocument doc = new XmlDocument();
                  doc.Load(strFileName);

                  XmlNodeList nodes = doc.GetElementsByTagName("add");
                  for (int i = 0; i < nodes.Count; i++)
                  {

                     XmlAttribute att = nodes.Item(i).Attributes["key"];
                     if (att.Value == "IsEncrypt")
                     {
                        XmlAttribute attvalue = nodes.Item(i).Attributes["value"];
                        attvalue.Value = Encrypt;
                     }
                     if (att.Value == "Connection")
                     {
                        XmlAttribute attvalue = nodes.Item(i).Attributes["value"];
                        attvalue.Value = ConnectionString;
                     }
                  }

                  doc.Save(strFileName);
                  MessageBox.Show("修改成功，请重新运行系统！");
            }
            else
            {
                  MessageBox.Show("配置文件丢失");
            }
         }
         catch (Exception ex)
         {
            MessageBox.Show(ex.Message);
         }
      }

      private void btnServer_Click(object sender, RoutedEventArgs e)
      {
         try
         {
            if (File.Exists(strAppFileName))
            {
                  Model.ServerCodes server = cbxServer.SelectedItem as Model.ServerCodes;
                  XmlDocument doc = new XmlDocument();
                  doc.Load(strAppFileName);

                  XmlNodeList nodes = doc.GetElementsByTagName("server");
                  for (int i = 0; i < nodes.Count; i++)
                  {

                     XmlAttribute att = nodes.Item(i).Attributes["serverTypeName"];
                     if (att.Value == "HdScoketServer")
                     {
                        nodes.Item(i).Attributes["name"].Value = server.ServerCode;
                        nodes.Item(i).Attributes["port"].Value = server.Port;
                        break;
                     }
                  }

                  doc.Save(strAppFileName);
                  MessageBox.Show("修改成功，请重新运行系统！");
            }
            else
            {
                  MessageBox.Show("配置文件丢失");
            }
         }
         catch (Exception ex)
         {
            MessageBox.Show(ex.Message);
         }
      }

      private void cbxServer_SelectionChanged(object sender, SelectionChangedEventArgs e)
      {
         Model.ServerCodes server = cbxServer.SelectedItem as Model.ServerCodes;
         txbServerInfo.Inlines.Clear();
         txbServerInfo.Inlines.Add(string.Format("服务器代码：{0}", server.ServerCode));
         txbServerInfo.Inlines.Add(new LineBreak());
         txbServerInfo.Inlines.Add(new LineBreak());
         txbServerInfo.Inlines.Add(string.Format("服务器名称：{0}", server.ServerName));
         txbServerInfo.Inlines.Add(new LineBreak());
         txbServerInfo.Inlines.Add(new LineBreak());
         txbServerInfo.Inlines.Add(string.Format("服务器端口：{0}", server.Port));
      }

      private void buttonGet_Click(object sender, RoutedEventArgs e)
      {
         try
         {
            string filename = AppDomain.CurrentDomain.SetupInformation.ApplicationBase + "SerialNumber.exe";

            if (!File.Exists(filename))
            {
                  MessageBox.Show("当前获取机器码程序无法启动！");
            }

            Process p = new System.Diagnostics.Process();
            p.StartInfo.FileName = filename;
            p.StartInfo.Arguments = "";
            p.StartInfo.UseShellExecute = false;
            p.StartInfo.RedirectStandardInput = true;
            p.StartInfo.RedirectStandardOutput = true;
            p.StartInfo.RedirectStandardError = true;
            p.StartInfo.CreateNoWindow = false;
            p.Start();
         }
         catch(Exception ex)
         {
            MessageBox.Show(ex.ToString());
         }
      }
}
}

请问木马特征在哪里啊

赵小磊 · 发表于 2014-11-30 00:51

提示: 作者被禁止或删除内容自动屏蔽

Sp4ce · 发表于 2014-11-30 01:11

         txbServerInfo.Inlines.Clear();
         txbServerInfo.Inlines.Add(string.Format("服务器代码：{0}", server.ServerCode));
         txbServerInfo.Inlines.Add(new LineBreak());
         txbServerInfo.Inlines.Add(new LineBreak());
         txbServerInfo.Inlines.Add(string.Format("服务器名称：{0}", server.ServerName));
         txbServerInfo.Inlines.Add(new LineBreak());
         txbServerInfo.Inlines.Add(new LineBreak());
         txbServerInfo.Inlines.Add(string.Format("服务器端口：{0}", server.Port));
      }
应该是这段，定义了服务器地址、端口，往上追能找到
nodes.Item(i).Attributes["name"].Value = server.ServerCode;
nodes.Item(i).Attributes["port"].Value = server.Port;
应该是这两段【看代码像C的，@Raker 你不是学C呢么，过来看下】

fenginsc · 发表于 2014-11-30 01:05

楼上纯属废话灌水啊？

danwenwen · 发表于 2014-11-30 01:34

大神你好看不懂

dongwenqi · 发表于 2014-11-30 08:27

有样本吗

willJ · 发表于 2014-12-4 14:44

轩少发表于 2014-11-30 01:11
txbServerInfo.Inlines.Clear();
txbServerInfo.Inlines.Add(string.Format("服 ...

你怎么这么屌

a2376641a · 发表于 2014-12-4 17:28

学习了~~~~

Sp4ce · 发表于 2014-12-4 20:17

willJ 发表于 2014-12-4 14:44
你怎么这么屌

大腾讯工程师{:1_931:}，能别黑小菜了不。。。

Mr.Mlwareson_V · 发表于 2014-12-19 01:17

学习了，分析得很详细

帐号		自动登录	找回密码
密码			注册[Register]

赵小磊赵小磊当前离线好友阅读权限 0 听众最后登录 1970-1-1 头像被屏蔽	赵小磊发表于 2014-11-30 00:51 提示: 作者被禁止或删除内容自动屏蔽
赵小磊赵小磊当前离线好友阅读权限 0 听众最后登录 1970-1-1 头像被屏蔽	【吾爱破解论坛总版规】 - [让你充分了解吾爱破解论坛行为规则]
	回复支持 0 举报

[PC样本分析] 该文件中，含有后门木马特征，请谨慎使用

点评

个人中心