C++ 开启，查看远程3389端口

最新推荐文章于 2022-11-21 11:25:55 发布

FFE4

最新推荐文章于 2022-11-21 11:25:55 发布

阅读量1.2k

点赞数

CC 4.0 BY-SA版权

分类专栏：心情杂货铺

本文链接：https://blog.youkuaiyun.com/cssxn/article/details/80619758

心情杂货铺专栏收录该内容

47 篇文章

订阅专栏

本文介绍了一个小demo，用于监控木马程序修改注册表3389的开关及远程桌面端口。通过使用Windows API函数RegOpenKeyEx和RegQueryValueEx等，实现了对注册表中Terminal Server设置的读取与修改。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

最近写一个小demo测试我写的沙箱规则，目的是监控木马程序修改注册表3389的开关，以及修改远程桌面端口。
很长时间不使用注册表的API了，读取注册表的时候没有问题，后来想添加一个设置注册表的，也就是写注册表，发现添加了KEY_WRITE权限后，RegOpenKeyEx函数一直返回失败，经过调试，原来是没有管理员运行权限。

#include "stdafx.h"
#include <windows.h>
#include <winreg.h>
#include <winnt.h>

VOID OpenRDP(HKEY hKey)
{
    DWORD lpData = 0;
    LONG ret = RegSetValueExA(hKey, "fDenyTSConnections", 0, REG_DWORD, (LPBYTE)&lpData, sizeof(DWORD));
    if (ret == ERROR_SUCCESS)
    {
        printf("Try to open RDP Success\n");
    }
    else
    {
        printf("Try to oepn RDP Failed\n");
    }
}

int _tmain(int argc, _TCHAR* argv[])
{

    HKEY hKey = nullptr;
    TCHAR *lpSubKey = _T("SYSTEM\\CUrrentControlSet\\Control\\Terminal Server");
    LONG ret = RegOpenKeyEx(HKEY_LOCAL_MACHINE, lpSubKey, 0, KEY_READ|KEY_WRITE, &hKey);


    if (ret == ERROR_SUCCESS)
    {
        DWORD szLocation;
        DWORD dwType = REG_SZ;
        DWORD dwSize = sizeof(DWORD);
        ret = RegQueryValueEx(hKey, L"fDenyTSConnections", NULL, &dwType, (LPBYTE)&szLocation, &dwSize);
        wprintf(L"RegQueryValueEx returns %d, dwSize=%d\n", ret, dwSize);
        if (ret == ERROR_SUCCESS)
        {
            if (szLocation == 0)
            {
                printf("Terminal Server is opened!\n");
            }
            else
            {
                printf("Terminal Server is not open!\n");

                OpenRDP(hKey);
            }

            HKEY hKeyWds = NULL;
            ret = RegOpenKeyEx(hKey, L"Wds\\rdpwd\\Tds\\tcp", 0, KEY_READ, &hKeyWds);
            if (ret == ERROR_SUCCESS)
            {
                ret = RegQueryValueEx(hKeyWds, L"PortNumber", NULL, &dwType, (LPBYTE)&szLocation, &dwSize);
                printf("Terminal Server port under Wds is on %u\n", szLocation);
            }
            else
            {
                printf("Terminal Server port under Wds failed!\n");
            }

            // 第二个注册表
            HKEY hKeyWinstation = NULL;
            ret = RegOpenKeyEx(hKey, L"WinStations\\RDP-Tcp", 0, KEY_READ, &hKeyWinstation);
            if (ret == ERROR_SUCCESS)
            {
                ret = RegQueryValueEx(hKeyWinstation, L"PortNumber", NULL, &dwType, (LPBYTE)&szLocation, &dwSize);
                printf("Terminal Server port under Winstations is on %u\n", szLocation);
            }
            else
            {
                printf("Terminal Server under WinStaions read port failed!\n");
            }

        }

    }
    system("pause");

    return 0;
}