执行EXE JPG [英] Execute EXE as JPG

问题描述

我在Visual Basic中做了一个简单的程序，然后赋予它的JPG扩展名，并设置为从命令行 cmd.exe / c my_program.jpg ，根据此和此指南。

I've made a simple program in Visual Basic, then gave it JPG extension and set it up to be run from shortcut with command line cmd.exe /c my_program.jpg, according to this and this guides.

到目前为止，一切都很好，但我想

Everything is fine so far, but I'd like to run my program from an image without command prompt opening.

我知道这样的事情是可能的，因为我可以从PDF，RTF或Word文档运行程序，因为大多数PDF文件具有JS API功能，而Microsoft Office文档具有VBA和宏支持。

I know that such thing is possible, because I can run programs from PDF, RTF or Word documents because most of PDF files have JS API features, and Microsoft Office documents have VBA and macro support. Maybe some steganography thingamajig can do the trick?

推荐答案

这很难相信，但实际上是真的。我的调查（使用Rohitab API Monitor）显示，在找到该文件后， cmd.exe 首先调用 CreateProcessW - ，并且只有当失败时（在这种情况下，错误193 == ERROR_BAD_EXE_FORMAT ），尝试 ShellExecuteW 。

This is hard to believe, but it's actually true. My investigation (with Rohitab API Monitor) shows that upon finding the file, cmd.exe first invokes CreateProcessW - and only if that fails (in this case, with error 193 == ERROR_BAD_EXE_FORMAT), tries ShellExecuteW.

这种行为实际上记录在 KB811528 - 命令提示符（Cmd.exe）运行没有可执行文件扩展名的文件。当然，文章提到这可能导致病毒的执行（如果没有什么特别的）。

This behavior is actually documented in KB811528 - Command Prompt (Cmd.exe) Runs Files That Do Not Have Executable File Name Extensions. Sure, the article mentions in passing that this can lead to execution of viruses (as if it's nothing special).

这不适用于Windows资源管理器/ shell32 对话框/大多数其他打开文件的程序 - 因为他们马上调用 ShellExecute 但这通常适用于用 system 或 CreateProcess 执行命令行的程序！ （你在基于InstallShield的安装过程中是否还记得 setup.tmp 这样的过程？）

This doesn't apply to Windows Explorer/shell32 dialogs/most other programs that open files - since they invoke ShellExecute right away. But this does generally apply to programs that execute command lines with system or CreateProcess! (Do you remember processes like setup.tmp during InstallShield-based installations? They are examples.)

不是全部运行任意命令的程序会受到影响。例如。 Total Commander不是：它甚至为命令行调用 ShellExecute 。

Not all programs that run arbitrary commands are affected. E.g. Total Commander is not: it calls ShellExecute even for command lines.

现在，关于你具体的问题。第二个指南实际上展示了一个利用（假设它不只是一个骗局） - 作者特制了图像利用Windows照片库中的一些漏洞（可能已经修补了），以使其执行包含代码。这是不可能的。

Now, regarding you specific question. The 2nd guide actually showcases an exploit (assuming it's not just a scam) - the author specially crafts the image to exploit some vulnerability in Windows Photo Gallery (that probably has been patched by now) to make it execute the contained code. This isn't supposed to be normally possible.

所以，你有两个选择：

1. 通过另一个程序（使用快捷方式或其他方式）启动程序
   ，但是用不创建控制台窗口的对象替换 cmd 。 wscript 。


2. 使用一些应该包含可执行代码的智能图像格式。我不知道任何图像 - 毕竟，图像应该包含图片，而不是代码！
   
   
   
   
   • 当然，有多种复合 / 智能你叫几个）。然而，它们倾向于对何时可以调用其中的代码以及允许什么进行严格的限制。
     我知道这些限制是特别作为回应引入别人做你想做的事情。
   
   

1. Launch your program through another program (with shortcut or otherwise), but replace cmd with something that doesn't create a console window. wscript comes to mind.
2. Use some "intelligent" image format that's supposed to contain executable code. I'm not aware of any image ones - after all, images are supposed to contain pictures, not code!
   • There are, of course, more than a few compound/"intelligent" formats (of which you named a few). Yet, they tend to impose strict limitations on when code inside them can be invoked and what it is allowed to do. I'll have you know that these limitations were introduced specifically as a response to others doing what you're trying to do.

这篇关于执行EXE JPG的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！