RegOpenKeyEx成功,RegDeleteValue总是返回2解决方案

最新推荐文章于 2024-06-04 11:15:51 发布
原创 最新推荐文章于 2024-06-04 11:15:51 发布 · 2.5k 阅读 · 0 ·
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
文章标签:

#注册表

本文解析了注册表操作中遇到的权限问题,特别是删除键值时返回错误代码2的原因。指出了解决方案在于使用RegOpenKeyEx时加入KEY_WOW64_64KEY参数以获取更高权限。

注册表打开成功,也能回去注册表键值,当删除的时候返回2.原因是删除需要更高或者更明确的权限,所以,在用RegOpenKeyEx打开时,权限参数处加入KEY_WOW64_64KEY

C#深度解析:调用Win32 API操作注册表的实战指南
墨夶的博客
06-10 912
注册表是Windows操作系统中用于存储系统配置和用户设置的核心数据库,采用树状结构组织。其五大数据主键包括HKEY_CLASSES_ROOT(文件扩展名关联)、HKEY_CURRENT_USER(当前用户设置)、HKEY_LOCAL_MACHINE(全局系统配置)、HKEY_USERS(所有用户配置)和HKEY_CURRENT_CONFIG(当前硬件配置)。注册表由键(Key)和值(Value)组成,键用于组织数据,值存储具体信息。通过Win32 API函数如RegOpenKeyEx、RegQueryVa
RegOpenKeyEx函数读取注册表返回2
aoxuestudy的专栏
10-15 1248
RegOpenKeyEx函数读取注册表返回2
RegOpenKeyEx 返回2
playStudy的专栏
12-05 1万+
RegOpenKeyEx 返回2  x64 系统: 32bit 应用程序调用RegOpenKeyEx (HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft", 0, KEY_WOW64_64KEY | KEY_READ, &hKey ); 注意 KEY_WOW64_64KEY 权限值必须使用否则将查找不到指定的路径。
RegOpenKeyEx返回 2及原因
weixin_34217773的博客
03-19 2327
  同样是今天,在使用这个函数RegOpenKeyEx的时候,老是执行不成功,函数本身返回2,GetLastError返回0。在优快云上查阅资料说是返回2的原因是注册表中对应路径不存在,可是我电脑中注册表那个键值明明存在的。就这样慢慢调试,换个键值查询,用VC6、VS2010(本来是用vs2008),可是在vc6下不管查询什麽简直都能成功,折腾了半天时间,最后还是不行。   最后在分析代码的时...
关于RegOpenKey()函数调用注册表返回值为2的问题及其解决办法
Lynko
03-18 1087
由于要访问注册表的安装目录的路径的数值调用RegOpenKey()函数返回值为2 百度了好久都没找到合适的解决办法 最终发现是权限不够只要把该项目弄成管理员权限即可解决此问题
WCHAR TCHAR CHAR 区别 RegOpenKeyEx 返回 2
果光的博客
05-02 1418
问题 & 解决方案 VS2022 RegOpenKeyEx 返回 2(ERROR_FILE_NOT_FOUND) 最近,把一个 Devcpp 项目复制到 VS 中,发现竟然不能正常运行了。 经过检查 RegOpenKeyEx(HKEY_CURRENT_USER, lpszSubKey, 0, KEY_ALL_ACCESS, &hKey); 返回2。 查看 winerror.h 中的定义:系统找不到指定的文件??? // // MessageId: ERROR_FILE_NOT_FOUND
RegQueryValueEx, 返回2, windows
在线笔记
10-08 2963
#include windows.h> #include malloc.h> #include stdio.h> #define TOTALBYTES 8192 #define BYTEINCREMENT 4096 v
VS2017 使用RegOpenKeyEx()函数return 5 解决方案
x_xx_xxx_xxxx的博客
08-30 3311
1.首先,先检查一下,自己的 VS2017 是否是使用管理员权限登陆!!! 如果不是,使用管理员权限登陆:(win10 为例:) 右击VS2017 ——> 更多 ——> 以管理员身份运行; 2:如果是以管理员身份运行,请去尝试修改注册表权限;  具体方法:(这是我复制的)   1、在运行对话框中输入:regedit,点击确定或按回车键(Enter),打开注册表
windows函数之注册表函数
06-04 1343
比较详细的windows操作系统中的注册表操作函数集合。
// 轻量化杀毒软件 - 终极整合版 v9.0 #define _CRT_SECURE_NO_WARNINGS #include <windows.h> #include <iostream> #include <fstream> #include <string> #include <vector> #include <set> #include <map> #include <thread> #include <mutex> #include <sstream> #include <algorithm> #include <tlhelp32.h> using namespace std; // ========== 动态加载 Psapi.dll ========== typedef BOOL (WINAPI *LPFN_GETMODULEFILENAMEEXA)( HANDLE hProcess, HMODULE hModule, LPSTR lpFilename, DWORD nSize ); HMODULE hPsapi = nullptr; LPFN_GETMODULEFILENAMEEXA pGetModuleFileNameExA = nullptr; BOOL SafeGetModuleFileNameExA(HANDLE hProcess, HMODULE hModule, LPSTR lpFilename, DWORD nSize) { if (pGetModuleFileNameExA) return pGetModuleFileNameExA(hProcess, hModule, lpFilename, nSize); strcpy(lpFilename, "<unknown>"); return FALSE; } bool LoadPsapiFunction() { hPsapi = LoadLibraryA("Psapi.dll"); if (!hPsapi) return false; pGetModuleFileNameExA = (LPFN_GETMODULEFILENAMEEXA)GetProcAddress(hPsapi, "GetModuleFileNameExA"); return pGetModuleFileNameExA != nullptr; } // ========== 全局常量 ========== const string LOG_FILE = "antivirus.log"; const string WHITELIST_FILE = "whitelist.txt"; const string QUARANTINE_DIR = "quarantine"; const string QUARANTINE_LOG = "quarantine_log.txt"; map<string, string> g_whitelist; // 文件/目录白名单 set<string> g_trustedProcesses; // 可信进程名(防误报) volatile bool g_monitoring = false; int fileCount = 0, suspiciousCount = 0; mutex printMutex; // ========== 函数前置声明 ========== void log(const string& msg); string toLower(string s); string normalizePath(const string& path); void loadWhitelist(); void saveWhitelist(); bool isWhitelisted(const string& filePath); bool isTrustedProcess(const string& exeName); bool SuspendProcess(DWORD pid); bool ResumeProcess(DWORD pid); enum Action { TERMINATE, IGNORE, ADD_TO_WHITELIST }; Action ShowDecisionDialog(const string& processName, const string& reason); DWORD WINAPI BehaviorMonitorThread(LPVOID param); void addFalsePositive(); void manageQuarantine(); bool restoreFileFromQuarantine(const string& quarantinedFile); void deleteFileFromQuarantine(const string& quarantinedFile); void clearQuarantine(); vector<string> listQuarantinedFiles(); void quarantineFile(const string& filePath); bool isFileSuspicious(const string& filePath, string& matchedRule); void handleSuspiciousFile(const string& filePath); void scanPath(const string& root); void scanCurrentDir(); void scanCustomDir(); void scanAllDrives(); void startRealTimeMonitor(); void stopRealTimeMonitor(); void showMainMenu(); // ========== 工具函数 ========== void log(const string& msg) { ofstream out(LOG_FILE.c_str(), ios::app); if (!out.is_open()) return; time_t t = time(0); char* ts = ctime(&t); if (ts) ts[strlen(ts)-1] = 0; out << "[" << ts << "] " << msg << endl; out.close(); } string toLower(string s) { transform(s.begin(), s.end(), s.begin(), ::tolower); return s; } string normalizePath(const string& path) { if (path.empty()) return ""; string norm = path; replace(norm.begin(), norm.end(), '/', '\\'); transform(norm.begin(), norm.end(), norm.begin(), ::tolower); DWORD attr = GetFileAttributesA(norm.c_str()); if (attr != 0xFFFFFFFF && (attr & FILE_ATTRIBUTE_DIRECTORY)) { if (!norm.empty() && norm.back() != '\\') norm += '\\'; } return norm; } // ========== 白名单操作 ========== void loadWhitelist() { ifstream in(WHITELIST_FILE.c_str()); if (!in.is_open()) { ofstream create(WHITELIST_FILE.c_str()); create.close(); cout << "✅ 白名单文件不存在,已创建。\n"; return; } string line; while (getline(in, line)) { size_t pos = line.find('|'); if (pos != string::npos) { string path = normalizePath(line.substr(0, pos)); string type = line.substr(pos + 1); if (type == "FILE" || type == "DIR") g_whitelist[path] = type; } else { g_trustedProcesses.insert(toLower(line)); // 信任的进程名 } } in.close(); cout << "✅ 已加载 " << g_whitelist.size() << " 个路径白名单," << g_trustedProcesses.size() << " 个可信进程。\n"; log("Loaded whitelist."); } void saveWhitelist() { ofstream out(WHITELIST_FILE.c_str()); if (!out.is_open()) return; for (const auto& item : g_whitelist) out << item.first << "|" << item.second << endl; for (const string& proc : g_trustedProcesses) out << proc << endl; out.close(); log("Whitelist saved."); } bool isWhitelisted(const string& filePath) { string np = normalizePath(filePath); if (g_whitelist.find(np) != g_whitelist.end()) return true; for (const auto& item : g_whitelist) if (item.second == "DIR" && np.find(item.first) == 0) return true; return false; } bool isTrustedProcess(const string& exeName) { return g_trustedProcesses.find(toLower(exeName)) != g_trustedProcesses.end(); } // ========== 挂起/恢复进程(使用 NtSuspendProcess)========== using NtSuspendProcess = NTSTATUS(NTAPI*)(HANDLE ProcessHandle); using NtResumeProcess = NTSTATUS(NTAPI*)(HANDLE ProcessHandle); bool SuspendProcess(DWORD pid) { HANDLE hProc = OpenProcess(PROCESS_SUSPEND_RESUME, FALSE, pid); if (!hProc) return false; NtSuspendProcess pNtSuspendProcess = (NtSuspendProcess)GetProcAddress(GetModuleHandleA("ntdll.dll"), "NtSuspendProcess"); if (pNtSuspendProcess) { pNtSuspendProcess(hProc); CloseHandle(hProc); return true; } CloseHandle(hProc); return false; } bool ResumeProcess(DWORD pid) { HANDLE hProc = OpenProcess(PROCESS_SUSPEND_RESUME, FALSE, pid); if (!hProc) return false; NtResumeProcess pNtResumeProcess = (NtResumeProcess)GetProcAddress(GetModuleHandleA("ntdll.dll"), "NtResumeProcess"); if (pNtResumeProcess) { pNtResumeProcess(hProc); CloseHandle(hProc); return true; } CloseHandle(hProc); return false; } // ========== 用户决策弹窗 ========== Action ShowDecisionDialog(const string& processName, const string& reason) { stringstream msg; msg << "发现可疑行为!\n\n" << "进程: " << processName << "\n" << "原因: " << reason << "\n\n" << "请选择处理方式:\n" << "是 —— 终止该进程\n" << "否 —— 忽略本次\n" << "取消 —— 加入白名单并忽略"; int result = MessageBoxA(nullptr, msg.str().c_str(), "【安全警告】", MB_YESNOCANCEL | MB_ICONWARNING); switch (result) { case IDYES: return TERMINATE; case IDNO: return IGNORE; default: return ADD_TO_WHITELIST; } } // ========== 行为监控线程 ========== DWORD WINAPI BehaviorMonitorThread(LPVOID param) { cout << "🔍 启动行为监控引擎...\n"; log("Behavior monitor started"); set<DWORD> prevPids; set<string> prevAutoRun; while (g_monitoring) { Sleep(2000); // --- 1. 监控新进程 --- HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); if (hSnap == INVALID_HANDLE_VALUE) continue; PROCESSENTRY32 pe = {sizeof(pe)}; set<DWORD> currPids; if (Process32First(hSnap, &pe)) { do { currPids.insert(pe.th32ProcessID); if (prevPids.find(pe.th32ProcessID) == prevPids.end()) { string exeName = toLower(pe.szExeFile); if (isTrustedProcess(exeName)) continue; HANDLE hProc = OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, FALSE, pe.th32ProcessID); if (!hProc) continue; char path[MAX_PATH] = {0}; if (SafeGetModuleFileNameExA(hProc, nullptr, path, MAX_PATH)) { string lowerPath = toLower(path); if (lowerPath.find("\\temp\\") != string::npos || lowerPath.find("downloads") != string::npos || lowerPath.find("appdata\\local\\temp") != string::npos) { SuspendProcess(pe.th32ProcessID); MessageBoxA(nullptr, ("⏸️ 已暂停可疑进程:\n" + string(pe.szExeFile)).c_str(), "进程已暂停", MB_OK | MB_ICONINFORMATION); Action act = ShowDecisionDialog(pe.szExeFile, "从临时目录启动"); if (act == TERMINATE) { TerminateProcess(hProc, 0); log("Terminated suspicious process: " + string(pe.szExeFile)); } else if (act == ADD_TO_WHITELIST) { g_trustedProcesses.insert(exeName); saveWhitelist(); ResumeProcess(pe.th32ProcessID); MessageBoxA(nullptr, ("✅ 已将 " + string(pe.szExeFile) + " 加入白名单").c_str(), "已信任", MB_OK); log("Added to whitelist: " + string(pe.szExeFile)); } else { ResumeProcess(pe.th32ProcessID); } } } CloseHandle(hProc); } } while (Process32Next(hSnap, &pe)); } CloseHandle(hSnap); prevPids = currPids; // --- 2. 监控自启动项 --- HKEY hKey; if (RegOpenKeyEx(HKEY_CURRENT_USER, "Software\\Microsoft\\Windows\\CurrentVersion\\Run", 0, KEY_READ, &hKey) == ERROR_SUCCESS) { set<string> currAutoRun; char name[256], path[1024]; DWORD i = 0, nameLen, pathLen, type; while (true) { nameLen = sizeof(name); pathLen = sizeof(path); LONG ret = RegEnumValue(hKey, i++, name, &nameLen, nullptr, &type, (BYTE*)path, &pathLen); if (ret != ERROR_SUCCESS) break; currAutoRun.insert(string(name)); if (prevAutoRun.find(name) == prevAutoRun.end()) { string p = toLower(path); if (p.find(".exe") != string::npos && p.find("chrome") == string::npos && p.find("steam") == string::npos) { Action act = ShowDecisionDialog("autorun:" + string(name), "新增可疑自启动项"); if (act == TERMINATE) { RegDeleteValue(hKey, name); MessageBoxA(nullptr, "已删除注册表自启动项", "✅ 删除成功", MB_OK); log("Deleted autorun: " + string(name)); } else if (act == ADD_TO_WHITELIST) { g_trustedProcesses.insert("autorun:" + toLower(name)); saveWhitelist(); } } } } RegCloseKey(hKey); prevAutoRun = currAutoRun; } // --- 3. 检测远程线程注入 --- HANDLE hThreadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0); if (hThreadSnap != INVALID_HANDLE_VALUE) { THREADENTRY32 te = {sizeof(te)}; if (Thread32First(hThreadSnap, &te)) { do { HANDLE hThread = OpenThread(THREAD_GET_CONTEXT, FALSE, te.th32ThreadID); if (hThread) { DWORD ownerPid = te.th32OwnerProcessID; char ownerName[MAX_PATH] = {0}; HANDLE hProc = OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, FALSE, ownerPid); if (hProc && SafeGetModuleFileNameExA(hProc, nullptr, ownerName, MAX_PATH)) { string owner = toLower(ownerName); if (owner.find("explorer.exe") != string::npos || owner.find("winlogon.exe") != string::npos || owner.find("lsass.exe") != string::npos) { SuspendProcess(ownerPid); MessageBoxA(nullptr, ("⏸️ 检测到向关键进程注入代码: " + string(ownerName)).c_str(), "⚠️ DLL 注入警告", MB_OK | MB_ICONERROR); Action act = ShowDecisionDialog(ownerName, "DLL 注入"); if (act == TERMINATE) { TerminateProcess(hProc, 0); log("💥 Terminated injected process: " + string(ownerName)); } else if (act == ADD_TO_WHITELIST) { g_trustedProcesses.insert(owner); saveWhitelist(); ResumeProcess(ownerPid); } else { ResumeProcess(ownerPid); } } } if (hProc) CloseHandle(hProc); CloseHandle(hThread); } } while (Thread32Next(hThreadSnap, &te)); } CloseHandle(hThreadSnap); } } return 0; } // ========== 隔离区管理 ========== vector<string> listQuarantinedFiles() { vector<string> files; WIN32_FIND_DATAA data; string pattern = QUARANTINE_DIR + "\\*"; HANDLE hFind = FindFirstFileA(pattern.c_str(), &data); if (hFind == INVALID_HANDLE_VALUE) return files; do { if (!(data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY)) files.push_back(string(data.cFileName)); } while (FindNextFileA(hFind, &data)); FindClose(hFind); return files; } bool restoreFileFromQuarantine(const string& quarantinedFile) { string basename = quarantinedFile.substr(quarantinedFile.find_last_of("\\/") + 1); ifstream logIn(QUARANTINE_LOG.c_str()); if (!logIn.is_open()) { cout << "❌ 隔离日志无法打开。\n"; return false; } string line, originalPath; vector<string> remainingLogs; bool found = false; while (getline(logIn, line)) { size_t pos = line.find('='); if (pos != string::npos && line.substr(0, pos) == basename) { originalPath = line.substr(pos + 1); found = true; } else { remainingLogs.push_back(line); } } logIn.close(); if (!found) { cout << "❌ 无法找到该文件的原始路径记录。\n"; return false; } string parentDir = originalPath.substr(0, originalPath.find_last_of("\\/")); DWORD attr = GetFileAttributesA(parentDir.c_str()); if (attr == 0xFFFFFFFF || !(attr & FILE_ATTRIBUTE_DIRECTORY)) { cout << "❌ 原目录不存在:" << parentDir << "\n"; cout << "1. 选择新目录恢复\n2. 取消\n>"; char c; cin >> c; cin.ignore(); if (c != '1') return false; cout << "请输入目标目录: "; string targetDir; getline(cin, targetDir); attr = GetFileAttributesA(targetDir.c_str()); if (attr == 0xFFFFFFFF || !(attr & FILE_ATTRIBUTE_DIRECTORY)) { cout << "❌ 目标目录无效。\n"; return false; } originalPath = targetDir + "\\" + basename; } if (MoveFileA(quarantinedFile.c_str(), originalPath.c_str())) { ofstream logOut(QUARANTINE_LOG.c_str()); for (const string& l : remainingLogs) logOut << l << endl; logOut.close(); cout << "✅ 文件已恢复至: " << originalPath << endl; log("Restored from quarantine: " + originalPath); return true; } else { cout << "❌ 恢复失败,错误码: " << GetLastError() << endl; return false; } } void deleteFileFromQuarantine(const string& quarantinedFile) { string basename = quarantinedFile.substr(quarantinedFile.find_last_of("\\/") + 1); ifstream in(QUARANTINE_LOG.c_str()); vector<string> lines; string line; while (getline(in, line)) { if (line.find("=") != string::npos && line.substr(0, line.find('=')) != basename) { lines.push_back(line); } } in.close(); ofstream out(QUARANTINE_LOG.c_str()); for (const string& l : lines) out << l << endl; out.close(); if (DeleteFileA(quarantinedFile.c_str())) { cout << "🗑️ 文件已永久删除。\n"; log("Deleted from quarantine: " + basename); } else { cout << "❌ 删除失败,错误码: " << GetLastError() << endl; } } void clearQuarantine() { vector<string> files = listQuarantinedFiles(); for (const string& f : files) DeleteFileA((QUARANTINE_DIR + "\\" + f).c_str()); ofstream(QUARANTINE_LOG.c_str()).close(); cout << "🧹 隔离区和日志已全部清空。\n"; log("Quarantine cleared."); } void manageQuarantine() { while (true) { vector<string> files = listQuarantinedFiles(); if (files.empty()) { cout << "\n📭 隔离区为空。\n"; break; } cout << "\n--- 🔒 隔离区文件列表 ---\n"; for (size_t i = 0; i < files.size(); ++i) cout << i + 1 << ". " << files[i] << endl; cout << "\n操作选项:\n"; cout << "1. 恢复文件\n2. 删除文件\n3. 清空隔离区\n0. 返回\n>"; char c; cin >> c; cin.ignore(); switch (c) { case '1': { cout << "选择编号: "; int n; cin >> n; cin.ignore(); if (n >= 1 && n <= (int)files.size()) restoreFileFromQuarantine(QUARANTINE_DIR + "\\" + files[n-1]); else cout << "❌ 无效编号。\n"; break; } case '2': { cout << "选择编号: "; int n; cin >> n; cin.ignore(); if (n >= 1 && n <= (int)files.size()) deleteFileFromQuarantine(QUARANTINE_DIR + "\\" + files[n-1]); else cout << "❌ 无效编号。\n"; break; } case '3': clearQuarantine(); break; case '0': return; default: cout << "❌ 无效选择。\n"; } } } void quarantineFile(const string& filePath) { if (!CreateDirectoryA(QUARANTINE_DIR.c_str(), nullptr)) { if (GetLastError() != ERROR_ALREADY_EXISTS) { cout << "❌ 无法创建隔离目录。\n"; return; } } string filename = filePath.substr(filePath.find_last_of("\\/") + 1); string dest = QUARANTINE_DIR + "\\" + filename; string temp = dest; int counter = 1; while (GetFileAttributesA(temp.c_str()) != 0xFFFFFFFF) temp = QUARANTINE_DIR + "\\" + to_string(counter++) + "_" + filename; if (MoveFileA(filePath.c_str(), temp.c_str())) { ofstream logOut(QUARANTINE_LOG.c_str(), ios::app); logOut << temp.substr(temp.find_last_of("\\/") + 1) << "=" << filePath << endl; logOut.close(); cout << "🔒 文件已隔离: " << temp << " (原路径: " << filePath << ")" << endl; log("Quarantined: " + filePath); } else { cout << "❌ 隔离失败!错误码: " << GetLastError() << endl; } } bool isFileSuspicious(const string& filePath, string& matchedRule) { ifstream file(filePath, ios::binary); if (!file.is_open()) return false; string line; vector<pair<string, string>> keywords = { {"format ", "检测到磁盘格式化命令"}, {"del ", "检测到批量删除文件命令"}, {"rd /s", "检测到递归删除目录命令"}, {"shutdown", "检测到关机指令"}, {"reg delete", "检测到注册表删除操作"}, {"powershell -c", "检测到远程代码执行"}, {"wscript.shell", "检测到脚本执行环境创建"}, {"%0|%0", "无限递归自调用"}, {"taskkill /f /im", "终止关键系统程序"} }; while (getline(file, line)) { transform(line.begin(), line.end(), line.begin(), ::tolower); for (const auto& kw : keywords) { if (line.find(kw.first) != string::npos) { matchedRule = kw.second; file.close(); return true; } } } file.close(); return false; } void handleSuspiciousFile(const string& filePath) { string matchedRule; if (!isFileSuspicious(filePath, matchedRule)) return; stringstream msg; msg << "发现可疑脚本!\n\n" << "文件路径: " << filePath << "\n" << "威胁类型: " << matchedRule << "\n\n" << "处理方式:\n" << "是 —— 隔离该文件\n" << "否 —— 加入白名单\n" << "取消 —— 忽略本次"; MessageBeep(MB_ICONEXCLAMATION); int result = MessageBoxA(nullptr, msg.str().c_str(), "【安全警告】", MB_YESNOCANCEL | MB_ICONWARNING); switch (result) { case IDYES: quarantineFile(filePath); break; case IDNO: g_whitelist[normalizePath(filePath)] = "FILE"; saveWhitelist(); MessageBoxA(nullptr, ("已信任: " + filePath).c_str(), "✅ 已加入白名单", MB_OK); break; case IDCANCEL: break; } } void scanPath(const string& root) { WIN32_FIND_DATAA data; string pattern = root + "\\*"; HANDLE hFind = FindFirstFileA(pattern.c_str(), &data); if (hFind == INVALID_HANDLE_VALUE) { cout << "❌ 无法访问: " << root << endl; return; } do { string filename = data.cFileName; if (filename == "." || filename == "..") continue; string fullPath = root + "\\" + filename; if (data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) { scanPath(fullPath); } else { set<string> exts = {"bat", "vbs", "js", "ps1", "cmd", "exe"}; string ext = filename.substr(filename.find_last_of('.') + 1); transform(ext.begin(), ext.end(), ext.begin(), ::tolower); if (exts.count(ext)) { fileCount++; if (isWhitelisted(fullPath)) { cout << "✅ 白名单跳过: " << fullPath << endl; continue; } if (isFileSuspicious(fullPath)) { suspiciousCount++; handleSuspiciousFile(fullPath); } } } } while (FindNextFileA(hFind, &data)); FindClose(hFind); } void scanCurrentDir() { char buffer[MAX_PATH]; GetCurrentDirectoryA(MAX_PATH, buffer); string current(buffer); cout << "🔍 正在扫描当前目录: " << current << "\n"; fileCount = 0; suspiciousCount = 0; scanPath(current); cout << "\n📊 扫描完成!共检查 " << fileCount << " 个脚本,发现 " << suspiciousCount << " 个可疑项。\n"; } void scanCustomDir() { string path; cout << "请输入要扫描的路径:\n>"; getline(cin, path); if (path.empty()) return; cout << "🔍 正在扫描: " << path << "\n"; fileCount = 0; suspiciousCount = 0; scanPath(path); cout << "\n📊 扫描完成!共检查 " << fileCount << " 个脚本,发现 " << suspiciousCount << " 个可疑项。\n"; } void scanAllDrives() { DWORD drives = GetLogicalDrives(); cout << "🔍 正在扫描所有磁盘...\n"; for (int i = 0; i < 26; ++i) { if (drives & (1 << i)) { string drive = string() + static_cast<char>('A' + i) + ":\\"; UINT type = GetDriveTypeA(drive.c_str()); if (type == DRIVE_FIXED || type == DRIVE_REMOVABLE) { cout << "\n🔍 开始扫描驱动器 " << drive << "\n"; fileCount = 0; suspiciousCount = 0; scanPath(drive); cout << "📊 " << drive << " 扫描完成:检查 " << fileCount << " 文件,发现 " << suspiciousCount << " 可疑项。\n"; } } } } void startRealTimeMonitor() { cout << "此功能暂未实现(文件级实时监控)。\n"; } void stopRealTimeMonitor() { g_monitoring = false; } void addFalsePositive() { cout << "请输入误报的进程名(如 chrome.exe):\n>"; string proc; getline(cin, proc); if (proc.empty()) return; g_trustedProcesses.insert(toLower(proc)); saveWhitelist(); cout << "✅ 已将 \"" << proc << "\" 添加为可信进程。\n"; log("Added false positive: " + proc); } void showMainMenu() { system("cls"); cout << "\n========== 🛡️ 杀毒工具 v9.0 ==========\n"; cout << "1. 扫描当前目录\n"; cout << "2. 扫描指定目录\n"; cout << "3. 扫描全盘\n"; cout << "4. 主动防御(实时监控)\n"; cout << "5. 管理隔离区\n"; cout << "6. 启用行为监控(动态防护)\n"; cout << "7. 添加误报程序(防误报)\n"; cout << "0. 退出\n>"; } int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) { SetConsoleOutputCP(936); SetConsoleCP(936); AllocConsole(); freopen("CONOUT$", "w", stdout); freopen("CONIN$", "r", stdin); if (!LoadPsapiFunction()) { MessageBoxA(nullptr, "⚠️ 无法加载 Psapi.dll", "警告", MB_OK | MB_ICONWARNING); } cout << "🛡️ 欢迎使用轻量化静态隔离杀毒软件\n"; loadWhitelist(); CreateDirectoryA(QUARANTINE_DIR.c_str(), nullptr); while (true) { showMainMenu(); char choice; cin >> choice; cin.ignore(); switch (choice) { case '1': scanCurrentDir(); break; case '2': scanCustomDir(); break; case '3': scanAllDrives(); break; case '4': cout << "此功能预留。\n"; break; case '5': manageQuarantine(); break; case '6': if (!g_monitoring) { g_monitoring = true; CreateThread(nullptr, 0, BehaviorMonitorThread, nullptr, 0, nullptr); cout << "✅ 行为监控已启用\n"; } else { cout << "⚠️ 行为监控已在运行\n"; } break; case '7': addFalsePositive(); break; case '0': if (g_monitoring) g_monitoring = false; if (hPsapi) FreeLibrary(hPsapi); FreeConsole(); MessageBoxA(nullptr, "👋 杀毒软件已退出", "提示", MB_OK); return 0; default: MessageBoxA(nullptr, "❌ 无效选择", "错误", MB_OK | MB_ICONERROR); } system("pause"); } } 还是不行
最新发布
11-10
## ✅ 终极解决方案(必须严格按步骤操作) ### ✅ 步骤 1:创建一个全新的 `.cpp` 文件,并使用「记事本」保存为 ANSI 编码 不要用 Dev-C++ 直接编辑!先用系统记事本! --- ### ✅ 步骤 2:复制以下 **完全...
RegOpenKeyEx 返回2的原因
dadalan的专栏
10-16 7589
 What build of Vista are you running? Have you tried running the application with a compatiblity shim applied? Have you tried running your application in an elevated user context? And does the p
C++ 64位操作系统调用 RegOpenKey() 读取注册表返回 2, ERROR_FILE_NOT_FOUND
weixin_38166557的博客
08-23 1114
环境:64位操作系统, VS2017 首先在命令行执行 REG ADD HKLM\Software\seastarsun /v serial /t REG_SZ /d 58ae4cb077a4e1 在注册表查看,已存在键值。 但通过C++读取该值,一致返回错误码 2,ERROR_FILE_NOT_FOUND。 同时试验 其他同目录下其他键值,是可以正确返回结果的。 str...
警告: Could not open windows ......at root 0x80000002. Windows RegOpenKey(...) returned error cod
脚印
04-23 5504
警告: Could not open windows registry node Software\JavaSoft\Prefs\...  at root 0x80000002. Windows RegOpenKey(...) returned error cod e 2.     In Windows 7, even if you are administrator, a program
RegQueryValueExW errorcode=2
weixin_36587312的博客
09-13 1369
1.HKEY_LOCAL_MACHINE\\SOFTWARE\\LeadingSoft\\Settings\\USER键下查询value="USERKeyID"的值(valuedata) 2打开HKEY_LOCAL_MACHINE\\SOFTWARE\\LeadingSoft\\Settings\\USER正确 3value值存在 错误:RegQueryValueExW errorcode=
Failed to import pydot 和graphviz error: (2, 'RegOpenKeyEx',错误总结
Alex.W.的机器学习之路
12-17 8726
在按照Theano Tutorial编写查看Theano图结构时遇到了点问题。示例代码:import theano import theano.tensor as T from theano import function import pydot, a = theano.tensor.vector("a") # declare symbolic variable b = a + a **
关于RegDeleteKey无法删除注册表
热门推荐
yiyefangzhou24的专栏
01-13 1万+
<br />最近想想貌似自己的的想法还不少,所以一直在做东西。由于没有经验所以进展比较慢,但每次看到自己的成果时都会无比的激动,这种感觉是美妙的,其实热爱一件事情,你就会感到是你在享受做这件事的过程结果,而不是这件事本身在玩弄你,兴趣是学习的动力。好了不吹了进入正题。<br />最近在做一个程序的时候,需要删除一项注册表项,这个注册表项包含子项。由于没有这个API编写的经验,所以走了不少弯路,呵呵原谅一个菜鸟在这边大放厥词把。<br />我最先想到的函数是RegDeleteKey,并觉得一个注册表的删除能难
如何在VC++中使用注册表
leapar的专栏
07-12 1719
 如何在VC++中使用注册表 --------------------------------------------------------------------------------   如今修改注册表成为继超频之后的又一大热点,许多CFAN通过对注册表的修改使Win98显得更加个性化,诸多报刊杂志也纷纷扯起注册表这面旗帜,令人遗憾的是,在介绍注册表修改的众多的文章中,大都以手
win7 64下RegOpenKeyEx返回的值不正确(转)
dragoo1的专栏
05-22 1万+
环境:win7 64位,vs2010,32位dll应用程序 HKEY hkey; // if exist "HKEY_LOCAL_MACHINE\SOFTWARE\Apple Computer, Inc.\QuickTime",return if(RegOpenKeyEx(HKEY_LOCAL_MACHINE, _T("SOFTWARE\\Apple Computer, Inc.\\Qui
使用RegQueryValueEx读取注册表乱码问题
天道酬勤
06-12 987
使用RegQueryValueEx读取字符串类型的值时,Windows不保证读取到的内容以空字符结尾。 To ensure that any string values (REG_SZ, REG_MULTI_SZ, and REG_EXPAND_SZ) returned are null-terminated, use the RegGetValue function. ...
RegOpenKeyEx
10-25
`RegOpenKeyEx`是Windows系统注册表API函数之一,它用于打开特定的注册表键,以便后续进行读取、写入操作。这个函数允许程序以指定的访问权限打开一个存在的子键,或者如果不存在,则创建一个新的子键。 在Win32 ...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值