RegOpenKeyExA (HKEY_LOCAL_MACHINE, "SOFTWARE \ \ Microsoft \ \ Windows \ \ CurrentVersion \ \ Run", 0, KEY_WRITE, & amp; Hkeys);
Char path [MAX_PATH]={0};
GetModuleFileNameA (nullptr, path, MAX_PATH);
Printf (" % s \ n ", path);
RegSetValueExA (hkeys, "CLOSE_COMPUTER", 0, REG_SZ, (byte *) path, strlen (path));
CodePudding user response:
Many Trojan will use the registry keys to achieve the Trojan boot from the start, so after Windows 7, to the registry keys to have a limit, right click run as administrator try, other antivirus software and real-time monitoring software will also monitor the application of the registry entries written; Not an administrator, turn off the anti-virus software to try nextCodePudding user response:
Tried or uselessCodePudding user response:
RegSetValueExAExecuted using GetLastError () to see the return value, and if it is a 64 - bit system, the fourth parameter using KEY_WRITE RegOpenKeyExA | KEY_WOW64_64KEY try,
If it is a 64 - bit system, after the finish process, the following two all see
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
HKEY_LOCAL_MACHINE \ SOFTWARE \ Wow6432Node \ Microsoft \ Windows \ CurrentVersion \ Run
CodePudding user response:
Closed soft, use the administrator account to processors runSuccess or not check the function return value judgment, if it fails, call GetLastError determine reasons for failure
CodePudding user response:
Use CRegKey, avoid 64 redirect problemCodePudding user response:
Use the command line tools reg a try,CodePudding user response:
Lz, the proposal goes to know about the RegDisableReflectionKey RegCreateKeyEx, RegSetValueEx, RegEnableReflectionKey the usage of several functionsCodePudding user response:
RegSetValueExA last parameter to add one, otherwise \ 0 didn't write inCodePudding user response:
Halide cook this never check the return value of writing in my group to be openCodePudding user response: