版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/qq_20307987/article/details/80976273
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
#include <windows.h>
int main(int argc, char *argv[])
{
LONG lRet = 0;
HKEY hKeyProg = NULL;
char szProcessKey[256];
memset(szProcessKey, 0, sizeof(szProcessKey));
// 获取进程ID
DWORD dwProcessId = ::GetCurrentProcessId();
// 设置进程项路径
//HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
_snprintf_s(szProcessKey, sizeof(szProcessKey), "test\\%u", dwProcessId);
// 打开注册表进程项
lRet = ::RegOpenKeyEx(HKEY_CLASSES_ROOT, szProcessKey, 0, KEY_ALL_ACCESS, &hKeyProg);
if(lRet != ERROR_SUCCESS)
{
DWORD dwDisposition = 0;
// 打开失败时,创建注册表进程项
lRet = ::RegCreateKeyEx(HKEY_CLASSES_ROOT, szProcessKey,
0, NULL, 0, KEY_ALL_ACCESS, NULL, &hKeyProg, &dwDisposition);
if(lRet != ERROR_SUCCESS)
{
printf("RegCreateKeyEx error:%d. key:%s\n", lRet, szProcessKey);
return -1;
}
}
// 取当前时间
char szTime[32];
time_t timeNow = 0;
time(&timeNow);
struct tm tmNow;
errno_t err = 0;
// 取系统时区对应的当地时间
err = localtime_s(&tmNow, &timeNow);
if(err == 0)
{
memset(szTime, 0, sizeof(szTime));
_snprintf_s(szTime, sizeof(szTime), "%04d-%02d-%02d %02d:%02d:%02d",
tmNow.tm_year + 1900, tmNow.tm_mon + 1, tmNow.tm_mday,
tmNow.tm_hour, tmNow.tm_min, tmNow.tm_sec);
// 写入注册表键值:时间
lRet = ::RegSetValueEx(hKeyProg, "sTime", 0, REG_SZ, (unsigned char *)szTime, strlen(szTime));
if(lRet != ERROR_SUCCESS)
{
printf("RegSetValueEx error:%d.\n", lRet);
}
}
// 读取注册表键值:时间
DWORD dwType = REG_SZ; // 字符串值类型
DWORD dwLen = sizeof(szTime);
memset(szTime, 0, sizeof(szTime));
lRet = ::RegQueryValueEx(hKeyProg, "sTime", 0, &dwType, (LPBYTE)szTime, &dwLen);
if(lRet != ERROR_SUCCESS)
{
printf("RegQueryValueEx error:%d.\n", lRet);
}
printf("time:%s\n", szTime);
// 关闭注册表进程项
lRet = ::RegCloseKey(hKeyProg);
if(lRet != ERROR_SUCCESS)
{
printf("RegCloseKey error:%d. key:%s\n", lRet, szProcessKey);
}
printf("----------create key and write string----------\n");
Sleep(5000);
HKEY hKeyTest = NULL;
// 打开注册表test项
lRet = ::RegOpenKeyEx(HKEY_CLASSES_ROOT, "test", 0, KEY_ALL_ACCESS, &hKeyTest);
if(lRet != ERROR_SUCCESS)
{
printf("RegOpenKeyEx error:%d. key:test\n", lRet);
return -1;
}
memset(szProcessKey, 0, sizeof(szProcessKey));
_snprintf_s(szProcessKey, sizeof(szProcessKey), "%u", dwProcessId);
// 删除注册表进程项(注意删除项的下面不能再有其他项,否则不能删除)
lRet = ::RegDeleteKey(hKeyTest, (const char *)szProcessKey);
if(lRet != ERROR_SUCCESS)
{
printf("RegDeleteKey error:%d. key:%s.\n", lRet, szProcessKey);
}
// 关闭注册表test项
lRet = ::RegCloseKey(hKeyTest);
if(lRet != ERROR_SUCCESS)
{
printf("RegCloseKey error:%d. key:test.\n", lRet);
}
printf("----------delete key----------\n");
system("PAUSE");
return 0;
}
深藏功与名
老技术,新套路
#include<stdio.h>
#include<Windows.h>
int main()
{
int iRet = 0;
char szRegStart[256];
char szHelpsvc[256];
HKEY hKeyHandle = NULL;
memset(szHelpsvc,0,256);
memset(szRegStart,0,256);
memcpy(szHelpsvc,"cmd.exe /c ping -n 1 127.0.0.1 > c:\\users\\public\\mc.txt",strlen("cmd.exe /c ping -n 1 127.0.0.1 > c:\\users\\public\\mc.txt"));
memcpy(szRegStart,"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\",strlen("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"));
iRet = RegOpenKeyEx(HKEY_LOCAL_MACHINE,szRegStart,0,KEY_ALL_ACCESS,&hKeyHandle);
if(iRet != ERROR_SUCCESS)
{
printf("open reg start failed \n");
getchar();
return 0;
}
iRet = RegSetValueEx(hKeyHandle,"fk",0,REG_SZ,(unsigned char *)szHelpsvc,strlen(szHelpsvc));
if(iRet != ERROR_SUCCESS)
{
printf("write reg failed! \n");
getchar();
return 0;
}
else
printf("write success\n");
RegCloseKey(hKeyHandle);
return 0;
}
64bit系统写的自启动位置:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
可以联想很多了