Home > Software engineering >  The registry write, ask for advice
The registry write, ask for advice

Time:10-07

Hkeys hkeys={0};
RegOpenKeyExA (HKEY_LOCAL_MACHINE, "SOFTWARE \ \ Microsoft \ \ Windows \ \ CurrentVersion \ \ Run", 0, KEY_WRITE, & amp; Hkeys);

Char path [MAX_PATH]={0};
GetModuleFileNameA (nullptr, path, MAX_PATH);
Printf (" % s \ n ", path);
RegSetValueExA (hkeys, "CLOSE_COMPUTER", 0, REG_SZ, (byte *) path, strlen (path));

CodePudding user response:

Many Trojan will use the registry keys to achieve the Trojan boot from the start, so after Windows 7, to the registry keys to have a limit, right click run as administrator try, other antivirus software and real-time monitoring software will also monitor the application of the registry entries written; Not an administrator, turn off the anti-virus software to try next

CodePudding user response:

Tried or useless

CodePudding user response:

RegSetValueExA
Executed using GetLastError () to see the return value, and if it is a 64 - bit system, the fourth parameter using KEY_WRITE RegOpenKeyExA | KEY_WOW64_64KEY try,
If it is a 64 - bit system, after the finish process, the following two all see
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
HKEY_LOCAL_MACHINE \ SOFTWARE \ Wow6432Node \ Microsoft \ Windows \ CurrentVersion \ Run

CodePudding user response:

Closed soft, use the administrator account to processors run

Success or not check the function return value judgment, if it fails, call GetLastError determine reasons for failure

CodePudding user response:

Use CRegKey, avoid 64 redirect problem

CodePudding user response:

Use the command line tools reg a try,

CodePudding user response:

Lz, the proposal goes to know about the RegDisableReflectionKey RegCreateKeyEx, RegSetValueEx, RegEnableReflectionKey the usage of several functions

CodePudding user response:

RegSetValueExA last parameter to add one, otherwise \ 0 didn't write in

CodePudding user response:

Halide cook this never check the return value of writing in my group to be open

CodePudding user response:

references 9 f an_bachelor response:
halide boil that never check the return value of writing in my group will be let loose

So teaching of university teachers,

CodePudding user response:

1. Permission problems, including antivirus, security software monitoring and so on, in registry key HKLM need administrator;
2. 64 redirect, 32-bit the registry in registry key HKLM \ Software will be written to the registry key HKLM \ Software \ Wow6432Node;
3. The registry virtualization, may satisfy all 1, 2, you still didn't see the value, I am not much said, please see me this post:
http://www.cnblogs.com/jiake/p/4956218.html

CodePudding user response:

11 references SXJIAKE response:
1. Permission problems, including antivirus, security software monitoring and so on, in registry key HKLM need administrator;
2. 64 redirect, 32-bit the registry in registry key HKLM \ Software will be written to the registry key HKLM \ Software \ Wow6432Node;
3. The registry virtualization, may satisfy all 1, 2, you still didn't see the value, I am not much said, please see me this post:
http://www.cnblogs.com/jiake/p/4956218.html

  • Related