module Regedit
HKEY_CLASSES_ROOT = 0x80000000
HKEY_CURRENT_USER = 0x80000001
HKEY_LOCAL_MACHINE = 0x80000002
HKEY_USERS = 0x80000003
HKEY_PERFORMANCE_DATA = 0x80000004
HKEY_PERFORMANCE_TEXT = 0x80000050
HKEY_PERFORMANCE_NLSTEXT = 0x80000060
HKEY_CURRENT_CONFIG = 0x80000005
HKEY_DYN_DATA = 0x80000006
STANDARD_RIGHTS_READ = 0x00020000
STANDARD_RIGHTS_WRITE = 0x00020000
KEY_QUERY_VALUE = 0x0001
KEY_SET_VALUE = 0x0002
KEY_CREATE_SUB_KEY = 0x0004
KEY_ENUMERATE_SUB_KEYS = 0x0008
KEY_NOTIFY = 0x0010
KEY_CREATE_LINK = 0x0020
KEY_READ = STANDARD_RIGHTS_READ |
KEY_QUERY_VALUE | KEY_ENUMERATE_SUB_KEYS | KEY_NOTIFY
KEY_WRITE = STANDARD_RIGHTS_WRITE |
KEY_SET_VALUE | KEY_CREATE_SUB_KEY
KEY_EXECUTE = KEY_READ
KEY_ALL_ACCESS = KEY_READ | KEY_WRITE | KEY_CREATE_LINK
MAX_KEY_LENGTH = 514
MAX_VALUE_LENGTH = 32768
@@reg = []
# 0:打开 1:查询 2: 建立 3:枚举(v) 4:枚举(k)
# 5:设置 6:删除(v) 7:删除(k) 8:关闭 9:信息
[
%w/RegOpenKeyEx LPLLP L/, #0
%w/RegQueryValueEx LPLPPP L/, #1
%w/RegCreateKeyEx LPLLLLPPP L/, #2
%w/RegEnumValue LLPPPPPP L/, #3
%w/RegEnumKeyEx LLPPLLLP L/, #4
%w/RegSetValueEx LPLLPL L/, #5
%w/RegDeleteValue LP L/, #6
%w/RegDeleteKey LP L/, #7
%w/RegCloseKey L L/, #8
%w/RegQueryInfoKey LPPPPPPPPPPP L/, #9
].each do |fn|
@@reg << Win32API.new("advapi32.dll", *fn)
end
module_function
def REG
return @@reg
end
# 返回句柄
def OpenKey(hkey, name, opt, desired)
result = packdw(0)
check self.REG[0].call(hkey, name, opt, desired, result)
@reg_jb = unpackdw(result)
end
def QueryValue(hkey, name)
type = packdw(0)
size = packdw(0)
data = "\0"*256
check self.REG[1].call(hkey, name, 0, type, 0, size)
check self.REG[1].call(hkey, name, 0, type, data, size)
data.delete!("\0")
@value_inf = [data,unpackdw(type),unpackdw(size)]
end
def CreateKey(hkey, name, opt, desired)
result = packdw(0)
disp = packdw(0)
check self.REG[2].call(hkey, name, 0, 0, opt, desired,
0, result, disp)
[ unpackdw(result), unpackdw(disp) ]
end
def EnumValue(hkey, index)
name = "" * MAX_KEY_LENGTH
size = packdw(MAX_KEY_LENGTH)
check self.REG[3].call(hkey, index, name, size, 0, 0, 0, 0)
name[0, unpackdw(size)]
end
def EnumKey(hkey, index)
name = "" * MAX_KEY_LENGTH
size = packdw(MAX_KEY_LENGTH)
wtime = "" * 8
check self.REG[4].call(hkey, index, name, size, 0, 0, 0, wtime)
[ name[0, unpackdw(size)], unpackqw(wtime) ]
end
def SetValue(hkey, name, type, data, size)
check self.REG[5].call(hkey, name, 0, type, data, size)
end
def DeleteValue(hkey, name)
check self.REG[6].call(hkey, name)
end
def DeleteKey(hkey, name)
check self.REG[7].call(hkey, name)
end
def CloseKey(hkey)
check self.REG[8].call(hkey)
end
def QueryInfoKey(hkey)
subkeys = packdw(0)
maxsubkeylen = packdw(0)
values = packdw(0)
maxvaluenamelen = packdw(0)
maxvaluelen = packdw(0)
secdescs = packdw(0)
wtime = " " * 8
check self.REG[9].call(hkey, 0, 0, 0, subkeys, maxsubkeylen, 0,
values, maxvaluenamelen, maxvaluelen, secdescs, wtime)
[ unpackdw(subkeys), unpackdw(maxsubkeylen), unpackdw(values),
unpackdw(maxvaluenamelen), unpackdw(maxvaluelen),
unpackdw(secdescs), unpackqw(wtime) ]
end
def check(result)
raise "注册表打开失败!" if result != 0
end
def packdw(dw)
[dw].pack("V")
end
def unpackdw(dw)
dw += [0].pack("V")
dw.unpack("V")[0]
end
def packqw(qw)
[ qw & 0xFFFFFFFF, qw >> 32 ].pack("VV")
end
def unpackqw(qw)
qw = qw.unpack("VV")
(qw[1] << 32) | qw[0]
end
def get_jb
return @reg_jb if @reg_jb != nil
end
def get_value(kind)
return if @value_inf == nil
case kind
when "data"
return @value_inf[0]
when "type"
return @value_inf[1]
when "size"
return @value_inf[2]
end
end
end
以下引用yangff于2008-8-14 10:03:01的发言:
厄...
被UAC咔嚓了
以下引用IamI于2008-8-14 10:37:26的发言:
UAC……Vista的保护装置?
只是读取键值也会启动?
[本贴由作者于 2008-8-14 10:37:51 最后编辑]
以下引用Defanive于2008-8-14 13:45:56的发言:
例如禁止regedit,删除.exe、.reg关联,开机自动运行病毒,禁止运行任务管理器,删除杀毒软件的开机自动运行。。。
加上数十条,就麻烦了。。。
解决也很好办。。。
欢迎光临 Project1 (https://rpg.blue/) | Powered by Discuz! X3.1 |