Windows 可执行文件 [.exe] 如何从浏览器中启动?

发布于 2024-10-06 12:57:02 字数 797 浏览 3 评论 0原文

我不是在谈论浏览器漏洞。我说的是真实公司中使用的真实应用程序,例如 IjjiNexon

基本上,您可以在他们的网站上单击“开始游戏”按钮,该按钮将分别启动位于 c:\ijji\english 或 c\nexon[gamename] 的可执行文件。这些应用程序是真正的桌面应用程序,这意味着它们可以利用文件系统、direct3d 和操作系统[以执行其他应用程序的形式]。这些应用程序还可以通过命令行启动[而不是访问游戏主机的网站]。

我认为如果应用程序创建一个 ActiveX 对象来调用新进程的创建,这是可能的。但是,这些网站能够从 Internet Explorer 以外的多个浏览器启动应用程序,其中包括 Chrome,据我所知,Chrome 不实现 ActiveX。

显然,开发这些应用程序的人们使用自己的方式来做到这一点。

通过查看服务列表以及当前运行的应用程序列表,我没有迹象表明它们正在运行类似“gameLaunchingServer.exe”之类的东西,该程序侦听一些模糊端口以获取传入连接[使用 iframe - HTTP 协议进行访问]并通过启动应用程序进行响应...

我被难住了,这有点困在我的脑海里。显然,他们没有使用一些随机的浏览器漏洞,否则 http://www.[insertMaliciousWebsiteHere].com 上的人们就会抓住这个机会安装随机垃圾。无论如何,它看起来很酷,我想知道它是如何工作的。

只是好奇,呵呵。

I'm not talking about browser exploits. I'm talking about real applications used in real companies, like Ijji and Nexon.

Basically, from their websites you can click a "Start Game" button, which will launch an executable located at c:\ijji\english or c\nexon[gamename] respectively. These applications are real desktop applications, meaning that they can take advantage of the filesystem, direct3d, and OS [in the form of executing other applications]. The applications can also be launched through command line [as opposed to going to the game host's website].

I figured this would be possible if the application created an ActiveX object to call for the creation of a new process. However, the websites are able to launch applications from multiple browsers other than Internet Explorer, including chrome, which, to my knowledge, does not implement ActiveX.

Obviously the people developing these applications use their own means to do this.

From looking at the services list as well as currently running applications list, I have no indication that they're running something like "gameLaunchingServer.exe" which listens to some obscure port for an incoming connection [to be accessed using iframe - HTTP Protocol] and responds by launching an application...

I'm stumped, and this is sort of stuck in my mind. Obviously, they're not using some random browser exploit, otherwise people at http://www.[insertMaliciousWebsiteHere].com would have jumped on the opportunity already to install random crap. Regardless, it seems pretty cool, and I wanted to know how it worked.

Just curious, hehe.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

狂之美人 2024-10-13 12:57:02

我相信他们正在做的是在安装时设置自己的协议处理程序 - 当浏览器被要求访问具有不知道如何处理的协议的地址(例如,steam:// 地址)时,它会查看所有已安装的协议处理程序以查找匹配项。

因此,您可以将应用程序注册为 myApplication:// 协议处理程序,然后您的网页可以链接到 myApplication:// 地址并启动您的应用程序。

I believe what they're doing is setting up their own protocol handler on install - when a browser is asked to access an address with a protocol that it doesn't know how to handle (for instance, a steam:// address), it looks at all the installed protocol handlers to find a match.

So you can register your application as a myApplication:// protocol handler, and then your web page can link to a myApplication:// address and launch your application.

浅唱ヾ落雨殇 2024-10-13 12:57:02

我没有找到你所说的按钮,但我认为它只有在你安装应用程序一次后才起作用,不是吗?

在这种情况下,应用程序可能创建了自己的协议,就像 Skype、MSN 和一堆客户端一样。

I didn't quite find the button you are talking about, but I'm thinking it works only after you installed the application once, isn't it?

In that case, the application probably created its own protocol, just as skype, msn and a bunch of clients.

把昨日还给我 2024-10-13 12:57:02

拥有一个协议是最简单的方法(而且确实很容易实现 - 一个简单的注册表项)。

另一种使用方式是扩展或插件。

Having a protocol is the easiest way (and very easy indeed to implement - a simple registry key).

Another way which is used is an extension or plugin.

晨曦÷微暖 2024-10-13 12:57:02

我以为它们是通过插件或小程序运行的。

例如,MS SilverLight

alt text

I thought they were run through plug-ins or like applets.

For example, MS SilverLight

alt text

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文