Copy Code code as follows:
<title>loadpicture function </title>
<form name= "frm" >
Select Picture <input type= "file" name= "pic" onchange= "getpicinfor ()" >
</form>
<script language= "VBScript" >
Sub getpicinfor ()
Dim objpic,iwidth,iheight
Dim Pictype,picpath
Picpath=document.frm.pic.value
Set Objpic=loadpicture (Picpath)
iwidth = round (objpic.width/26.4583) ' 26.4583 is a pixel value
iheight = Round (objpic.height/26.4583)
Select Case Objpic.type
Case 0
Pictype = "None"
Case 1
Pictype = "Bitmap"
Case 2
Pictype = "Metafile"
Case 3
Pictype = "Icon"
Case 4
Pictype = "Win32-enhanced Metafile"
End Select
Document.Write "You chose the picture" &picpath
document.write "<li> Length:" &iHeight& "</li>"
document.write "<li> width:" &iwidth& "</li>"
document.write "<li> type:" &pictype& "</li>"
End Sub
</script>
However, this function has a vulnerability that can detect the existence of a file name on the computer. The 2004 loophole, Microsoft has not yet been mended, example:
Copy Code code as follows:
<form onsubmit= "doIt (this); return false" >
<input name= "filename" value= "C:\Boot.ini" size= "" "type=" text "><input type=" Submit ">
</form>
<script language= "VBScript" >
Sub loadit (filename)
LoadPicture (filename)
End Sub
</script>
<script language= "JavaScript" >
function DoIt (form) {
try {
Loadit (Form.filename.value);
catch (e) {
result = E.number;
}
If (Result!=-2146827856) {
Alert (' file exists ');
} else {
Alert (' file does not exist ');
}
}
</script>
This code has a "magic number" (Magic numbers) 26.4583, once a nickname is "garbled" friend asked me how this 26.4583 is to come, I did not know.
Some time ago the reverse analysis of Vbscript.dll, only to discover the mystery:
Copy Code code as follows:
Then you must ask, how did this 2540 and 96 come from?
To figure this out, you first need to know what the LoadPicture function of the VBS returns, which is how the VBS document describes the LoadPicture function:
Returns a Picture object. Available only on 32-bit platforms.
Just to return the image object, but did not say that the image object has any attributes and methods. The document was vague and had to use ollydbg:
The OleLoadPicture function is called inside the LoadPicture function, and the IPictureDisp interface is returned by looking up the document. But then I found a simpler way, that is to check the function of VB declaration (who let them be a family), in the VB Object Browser to find the LoadPicture function:
function LoadPicture ([FileName], [Size], [colordepth], [X], [Y]) as IPictureDisp although the LoadPicture function of the VBS is simpler than VB, the return value should be the same.
OK, I know the IPictureDisp interface is back, and the document says it supports the following attributes:
| Property
Type |
Access |
Description |
| Handle |
Ole_handle (int) |
R |
The Windows GDI handle of the picture |
| Hpal |
Ole_handle (int) |
RW |
The Windows handle of the palette used by the picture. |
| Type |
Short |
R |
The type of picture (Pictype). |
| Width |
Ole_xsize_himetric (long) |
R |
The width of the picture. |
| Height |
Ole_ysize_himetric (long) |
R |
The height of the picture. |
We only care about the width and height, they represent the width and height of the picture, but their units are not pixels (Pixel), but himetric, we have to do is to convert himetric into Pixel.
First convert himetric into inches (Inch), 1 himetric = 0.01 mm,1 Inch = 2.54 cm, so 1 Inch = 2540 himetric.
Then convert from inch to pixel,1 inch equals how much pixel? This is determined by the system's DPI (Dot per Inch) setting, and the default value is 96.
Now you know where 2540 and 96 come from? However, the above code has two problems: first, using the approximate value of 2540/96, there may be errors; second, the DPI default value of 96 is used, and the DPI value can be modified in the Control Panel.
The correct use of the LoadPicture function in the VBS is:
Copy Code code as follows:
Option Explicit
' By Demon
Dim P
Set p = loadpicture ("D:\test.jpg")
WScript.Echo "Width:" & Himetric2pixel (P.width)
WScript.Echo "Height:" & Himetric2pixel (P.height)
Function Himetric2pixel (N)
' 1 Inch = 2540 himetric
Const key = "HKEY_CURRENT_USER\Control panel\desktop\windowmetrics\applieddpi"
Dim WshShell, DPI
Set WshShell = WScript.CreateObject ("Wscript.Shell")
DPI = WshShell.RegRead (key)
Himetric2pixel = Round (n * dpi/2540)
End Function
By testing under Windows 7, the method for obtaining DPI in other systems may vary, please modify it yourself.
The contents of the above revisions come from: http://demon.tw/programming/vbs-loadpicture.html
