[新手上路]批处理新手入门导读[视频教程]批处理基础视频教程[视频教程]VBS基础视频教程[批处理精品]批处理版照片整理器
[批处理精品]纯批处理备份&还原驱动[批处理精品]CMD命令50条不能说的秘密[在线下载]第三方命令行工具[在线帮助]VBScript / JScript 在线参考
返回列表 发帖

[转载代码] [PowerShell每日技巧]读写NTFS流(20140127)

When a file is stored on a drive with NTFS file system, you can attach data streams to it to store hidden information.

Here is a sample that hides PowerShell code in an NTFS stream of a script. When you run this code, it creates a new PowerShell script file on your desktop, and opens the file in the ISE editor:
  1. $path = "$home\Desktop\secret.ps1"
  2. $secretCode = {
  3.   Write-Host -ForegroundColor Red 'This is a miracle!';
  4.   [System.Console]::Beep(4000,1000)
  5. }
  6. Set-Content -Path $path -Value '(Invoke-Expression ''[ScriptBlock]::Create((Get-Content ($MyInvocation.MyCommand.Definition) -Stream SecretStream))'').Invoke()'
  7. Set-Content -Path $path -Stream SecretStream -Value $secretCode
  8. ise $path
复制代码
The new file will expose code like this:
  1. (Invoke-Expression '[ScriptBlock]::Create((Get-Content ($MyInvocation.MyCommand.Definition) -Stream SecretStream))').Invoke()
复制代码
When you run the script file, it will output a red text and beeps for a second. So the newly created script actually executes the code embedded into the secret NTFS stream "SecretStream".

To attach hidden information to (any) file stored on an NTFS volume, use Add-Content or Set-Content with the -Stream parameter.

To read hidden information from a stream, use Get-Content and again specify the -Stream parameter with the name of the stream used to store the data.

http://powershell.com/cs/blogs/tips/archive/2014/01/27/reading-and-writing-ntfs-streams.aspx

高深莫测
#&cls&@powershell "Invoke-Expression ([Io.File]::ReadAllText('%~0',[Text.Encoding]::UTF8))" &pause&exit

TOP

返回列表