今天被病毒攻击,结果注册表被锁定,为了解锁用Vc++.net写了个工具
void CrawDlg::OnBnClickedOpen()
{
HKEY key;
BYTE aValue=1;
BYTE aStr[4];
DWORD aLength=4;
ZeroMemory(aStr,1);
long bRet=RegOpenKeyEx(HKEY_CURRENT_USER,
"software//microsoft//windows//currentversion//policies//system",0,KEY_ALL_ACCESS,&key);
if (bRet!=ERROR_SUCCESS)
{
AfxMessageBox("error");
RegCloseKey(key);
return;
}
bRet=RegQueryValueEx(key,"DisableRegistryTools",NULL,NULL,(LPBYTE)aStr,&aLength);
if (bRet!=ERROR_SUCCESS)
{
AfxMessageBox("error get");
RegCloseKey(key);
return;
}
//RegQueryValueEx(key,"DisableRegistryTools",NULL,NULL,(LPBYTE)aStr,&aLength);
CString str;
str.Format("%d",aStr[0]);
AfxMessageBox(str);
if (aStr[0]==1)
{
if(AfxMessageBox("查到注册表被禁止,是否恢复可编辑?",MB_OKCANCEL)==IDOK)
{
DWORD SetValue=0;
RegSetValueEx(key,"DisableRegistryTools",0,REG_DWORD,(LPBYTE) &SetValue,sizeof (DWORD));
}
}
}
void CrawDlg::OnBnClickedCreate()
{
HKEY hk;
DWORD dwData;
char szBuf[80];
// Add your source name as a subkey under the Application
// key in the EventLog registry key.
if (RegCreateKey(HKEY_LOCAL_MACHINE,
"SYSTEM//SamplApp", &hk))
AfxMessageBox("error");
// Set the name of the message file.
strcpy(szBuf, "%SystemRoot%//System//监视病毒修改注册表.dll");
// Add the name to the EventMessageFile subkey.
if (RegSetValueEx(hk, // subkey handle
"EventMessageFile", // value name
0, // must be zero
REG_EXPAND_SZ, // value type
(LPBYTE) szBuf, // pointer to value data
strlen(szBuf) + 1)) // length of value data
AfxMessageBox("error setvalue");
// Set the supported event types in the TypesSupported subkey.
dwData = EVENTLOG_ERROR_TYPE | EVENTLOG_WARNING_TYPE |
EVENTLOG_INFORMATION_TYPE;
if (RegSetValueEx(hk, // subkey handle
"TypesSupported", // value name
0, // must be zero
REG_DWORD, // value type
(LPBYTE) &dwData, // pointer to value data
sizeof(DWORD))) // length of value data
AfxMessageBox("error");
RegCloseKey(hk);
}