有時我們在管理伺服器時為了安全起見會禁用Windows Scripting Host,這樣能防止某些不法使用者利用WSH產生一個WebShell,對伺服器造成很大的安全隱患。但如果我們又想禁用WSH,又想使用自己的WebShell用於伺服器的管理怎麼辦呢?這裡介紹了一種實現ASP中運行CMD並顯示結果的組件編程。希望對大家能有所協助。
首先我們建立一個ActiveDLL工程,命名為ASPCMD,建立的類命名為CMDShell。在“Project“的“Referenct“中添加一個引用:Microsoft Active Server Pages Object Library。
然後我們的思路是使用Window API ShellExecute調用cmd.exe,將啟動並執行結果儲存到一個臨時文字檔,然後讀出這個檔案的內容顯示出來。
以下是工程ASPCMD的類CMDShell.cls的代碼。
Option Explicit
Dim rp As Response
Dim rq As Request
Dim ap As Application
Dim sr As Server
Dim sn As Session
Private Declare Sub Sleep Lib "kernel32" (ByVal dwMilliseconds As Long)
Private Declare Function ShellExecute Lib "shell32.dll" Alias "ShellExecuteA" (ByVal hWnd As Long, ByVal lpOperation As String, ByVal lpFile As String, ByVal lpParameters As String, ByVal lpDirectory As String, ByVal nShowCmd As Long) As Long
Private Sub ShellEx(ByVal sLocation As String, ByVal sPara As String, Optional MaxedForm As Boolean = False)
On Error GoTo errhandle:
Dim lR As Long
Dim Style As Long
Dim hWnd As Long
If MaxedForm Then
Style = vbMaximizedFocus
Else
Style = vbNormalFocus
End If
lR = ShellExecute(hWnd, "open", sLocation, sPara, "", Style)
If (lR < 0) Or (lR > 32) Then
'success
Else
rp.Write "Error Occered when starting the program " & sLocation
End If
errhandle:
rp.Write "Error:" & Err.Description
End Sub
Public Sub OnStartPage(ByVal mysc As ScriptingContext)
Set rp = mysc.Response
Set rq = mysc.Request
Set sr = mysc.Server
Set ap = mysc.Application
Set sn = mysc.Session
End Sub
Public Sub OnEndPage()
Set rp = Nothing
Set rq = Nothing
Set sr = Nothing
Set ap = Nothing
Set sn = Nothing
End Sub
Private Function FileExists(Filename As String) As Boolean
Dim i As Integer
On Error Resume Next
i = Len(Dir$(Filename))
If Err Or i = 0 Then FileExists = False Else FileExists = True
End Function
Private Function IsOpen(Filename As String) As Boolean
Dim fFile As Integer
Dim msg As String
fFile = FreeFile()
On Error GoTo ErrOpen
Open Filename For Binary Lock Read Write As fFile
Close fFile
Exit Function
ErrOpen:
If Err.Number <> 70 Then
msg = "Error # " & Str(Err.Number) & " was generated by " _
& Err.Source & Chr(13) & Err.Description
Else
IsOpen = True
End If
End Function
Public Sub Exec1(ByVal strCmd As String)
On Error GoTo errhandle:
Dim myTimer As Integer
myTimer = 0
Dim strOut As String
Dim strFname As String
//產生一個臨時檔案
If Len(App.Path) = 3 Then
strFname = App.Path & "lhtmp.txt"
Else
strFname = App.Path & "\lhtmp.txt"
End If
//如果在運行前檔案已存在則刪除之
If FileExists(strFname) Then
Kill strFname
End If
//運行行使用者的CMD命令,並將結果輸出到臨時檔案中
//注意cmd.exe的/c參數是指運行完一個命令後馬上結束工作階段狀態。等同於在windows的run中輸入的CMD命令。
Dim strPara As String
strPara = "/c " & strCmd & ">" & strFname
ShellEx "cmd.exe", strPara
//等待產生輸出檔案
Do While Not FileExists(strFname)
Sleep 1000
DoEvents
myTimer = myTimer + 1
If myTimer = 15 Then
Exit Do
End If
Loop
myTimer = 0
//等待檔案輸出完畢
Do While IsOpen(strFname)
Sleep 1000
DoEvents
myTimer = myTimer + 1
If myTimer = 15 Then
Exit Do
End If
Loop
//顯示輸出檔案的內容
Open strFname For Input As #1
Do While Not EOF(1)
Line Input #1, strOut
rp.Write strOut & vbCrLf
Loop
Close #1
Sleep 1000
//刪除臨時檔案
Kill strFname
Exit Sub
errhandle:
rp.Write "error occured:" & Err.Description
End Sub
產生ASPCMD.dll,使用regsvr32 aspcmd.dll註冊組件。
以下是調用該DLL的一個ASP程式例子:
<%@LANGUAGE="VBSCRIPT"%>
<style type=&quo
