流氓軟體劫持了IE首頁 于是用VB弄個了修改IE首頁的東東 但是發現修改不了 于是打開注冊表發現權限被去除 奈何手動權限剛改好 又被流氓軟體把權限修改了 度娘找了半天也沒有結果 所以想請教各位大神 VB關于注冊表權限修改的API到底是不是SetEntriesInAcl
如果是請各位給個實體 因為我在度娘上實在查不到(再次感謝)如果不是這個函式又是什么函式 再次萬分感謝各位
uj5u.com熱心網友回復:
對付流氓軟體,還是先安裝360這個更大的流氓軟體,將其它流氓全部干掉,再卸載360,整個世界就清凈的沒流氓軟體了!
uj5u.com熱心網友回復:
怎么“卸載360”?干掉流氓軟體沒有那么復雜,這里介紹一個通用的辦法(包括“卸載360”)只需要找一張普通的dos啟動盤,大多集成了mhdd這個工具,運行它,執行erase命令,再敲2次回車,按下y就搞定了。
uj5u.com熱心網友回復:
非常感謝各位的回答 不過 我的意思是用VB來做這件事 而不是 殺毒軟體。。uj5u.com熱心網友回復:
那你得先找到你那流氓軟體才行啊,然后告訴VB, xxx.exe是流氓,干掉它! 就這步驟。uj5u.com熱心網友回復:
VERSION 5.00
Begin VB.Form frmMain
BorderStyle = 0 'None
ClientHeight = 885
ClientLeft = 0
ClientTop = 0
ClientWidth = 4680
LinkTopic = "Form1"
ScaleHeight = 885
ScaleWidth = 4680
ShowInTaskbar = 0 'False
StartUpPosition = 3 '視窗預設
End
Attribute VB_Name = "frmMain"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Option Explicit
'Private Const FOLDER_PATH = "MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI_HAL"
Private Const SYNCHRONIZE As Long = &H100000
Private Const STANDARD_RIGHTS_READ = &H20000
Private Const STANDARD_RIGHTS_WRITE = &H20000
Private Const STANDARD_RIGHTS_EXECUTE = &H20000
Private Const STANDARD_RIGHTS_REQUIRED = &HF0000
Private Const STANDARD_RIGHTS_ALL = &H1F0000
Private Const KEY_QUERY_VALUE = &H1
Private Const KEY_SET_VALUE = &H2
Private Const KEY_CREATE_SUB_KEY = &H4
Private Const KEY_ENUMERATE_SUB_KEYS = &H8
Private Const KEY_NOTIFY = &H10
Private Const KEY_CREATE_LINK = &H20
Private Const KEY_READ = ((STANDARD_RIGHTS_READ Or KEY_QUERY_VALUE Or KEY_ENUMERATE_SUB_KEYS Or KEY_NOTIFY) And (Not SYNCHRONIZE))
Private Const KEY_WRITE = ((STANDARD_RIGHTS_WRITE Or KEY_SET_VALUE Or KEY_CREATE_SUB_KEY) And (Not SYNCHRONIZE))
Private Const KEY_EXECUTE = (KEY_READ)
Private Const KEY_ALL_ACCESS = ((STANDARD_RIGHTS_ALL Or KEY_QUERY_VALUE Or KEY_SET_VALUE Or KEY_CREATE_SUB_KEY Or KEY_ENUMERATE_SUB_KEYS Or KEY_NOTIFY Or KEY_CREATE_LINK) And (Not SYNCHRONIZE))
'Private Const STANDARD_RIGHTS_ALL As Long = &H1F0000
Private Const ERROR_SUCCESS = 0&
'Private Const READ_CONTROL = &H20000
'Private Const KEY_QUERY_VALUE = &H1
'Private Const KEY_SET_VALUE = &H2
'Private Const KEY_CREATE_SUB_KEY = &H4
'Private Const KEY_ENUMERATE_SUB_KEYS = &H8
'Private Const KEY_NOTIFY = &H10
'Private Const KEY_CREATE_LINK = &H20
'Private Const KEY_ALL_ACCESS = ((STANDARD_RIGHTS_ALL + KEY_QUERY_VALUE + KEY_SET_VALUE + KEY_CREATE_SUB_KEY + KEY_ENUMERATE_SUB_KEYS + KEY_NOTIFY + KEY_CREATE_LINK + READ_CONTROL) And (Not SYNCHRONIZE))
Private Const DACL_SECURITY_INFORMATION = 4&
Private Const SET_ACCESS = 2&
Private Const SUB_CONTAINERS_AND_OBJECTS_INHERIT = &H3
Private Enum SE_OBJECT_TYPE
SE_UNKNOWN_OBJECT_TYPE = 0&
SE_FILE_OBJECT = 1&
SE_SERVICE = 2&
SE_PRINTER = 3&
SE_REGISTRY_KEY = 4&
SE_LMSHARE = 5&
SE_KERNEL_OBJECT = 6&
SE_WINDOW_OBJECT = 7&
End Enum
'
Private Type TRUSTEE
pMultipleTrustee As Long
MultipleTrusteeOperation As Long
TrusteeForm As Long
TrusteeType As Long
ptstrName As String
End Type
Private Type EXPLICIT_ACCESS
grfAccessPermissions As Long
grfAccessMode As Long
grfInheritance As Long
pTRUSTEE As TRUSTEE
End Type
Private Declare Sub BuildExplicitAccessWithName Lib "advapi32.dll" Alias _
"BuildExplicitAccessWithNameA" _
(ea As Any, _
ByVal TrusteeName As String, _
ByVal AccessPermissions As Long, _
ByVal AccessMode As Integer, _
ByVal Inheritance As Long)
Private Declare Function SetEntriesInAcl Lib "advapi32.dll" Alias _
"SetEntriesInAclA" _
(ByVal CountofExplicitEntries As Long, _
ea As Any, _
ByVal OldAcl As Long, _
NewAcl As Long) As Long
Private Declare Function GetNamedSecurityInfo Lib "advapi32.dll" Alias _
"GetNamedSecurityInfoA" _
(ByVal ObjName As String, _
ByVal SE_OBJECT_TYPE As Long, _
ByVal SecInfo As Long, _
ByVal pSid As Long, _
ByVal pSidGroup As Long, _
pDacl As Long, _
ByVal pSacl As Long, _
pSecurityDescriptor As Long) As Long
Private Declare Function SetNamedSecurityInfo Lib "advapi32.dll" Alias _
"SetNamedSecurityInfoA" _
(ByVal ObjName As String, _
ByVal SE_OBJECT As Long, _
ByVal SecInfo As Long, _
ByVal pSid As Long, _
ByVal pSidGroup As Long, _
ByVal pDacl As Long, _
ByVal pSacl As Long) As Long
Private Declare Function LocalFree Lib "KERNEL32" (ByVal hMem As Long) As Long
Private commandLine As String
Private Sub Form_Load()
' MsgBox SetRegKeySecurity("CURRENT_USER\Software\Microsoft\Protected Storage System Provider\S-1-5-21-2459544509-2615247588-1385470033-500")
' End
' SetRegKeySecurity "MACHINE\SYSTEM\CurrentControlSet\Enum\usb"
' End
Me.Hide
Dim splitArr() As String
commandLine = Command
If commandLine = "" Then Unload Me: End
If InStr(commandLine, "/") Then
splitArr = Split(commandLine, "/")
If UBound(splitArr) >= 1 Then
If LCase(Trim(splitArr(1))) = "r" Then
RestoreRegSecurity Trim(splitArr(2))
Else
If LCase(Trim(splitArr(1))) = "u" Then
SetRegKeySecurity Trim(splitArr(2))
Else
SetRegKeySecurity Trim(splitArr(1))
End If
End If
End If
ElseIf InStr(commandLine, "-") Then
splitArr = Split(commandLine, "-")
If UBound(splitArr) >= 1 Then
If LCase(Trim(splitArr(1))) = "r" Then
RestoreRegSecurity Trim(splitArr(2))
Else
If LCase(Trim(splitArr(1))) = "u" Then
SetRegKeySecurity Trim(splitArr(2))
Else
SetRegKeySecurity Trim(splitArr(1))
End If
End If
End If
End If
Unload Me: End
End Sub
Private Function SetRegKeySecurity(ByVal RegPath As String) As Boolean
Dim result As Long
Dim pSecDesc As Long
Dim ea As EXPLICIT_ACCESS
Dim pNewDACL As Long
Dim pOldDACL As Long
result = GetNamedSecurityInfo(RegPath, SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION, 0&, 0&, pOldDACL, 0&, pSecDesc)
If result = ERROR_SUCCESS Then
Call BuildExplicitAccessWithName(ea, "EVERYONE", KEY_ALL_ACCESS, SET_ACCESS, SUB_CONTAINERS_AND_OBJECTS_INHERIT)
result = SetEntriesInAcl(1, ea, pOldDACL, pNewDACL)
If result = ERROR_SUCCESS Then
result = SetNamedSecurityInfo(RegPath, SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION, 0&, 0&, pNewDACL, 0&)
If result = ERROR_SUCCESS Then
Else
SetRegKeySecurity = False
Exit Function
End If
LocalFree pNewDACL
Else
SetRegKeySecurity = False
Exit Function
End If
LocalFree pSecDesc
SetRegKeySecurity = True
If commandLine <> "" Then
If InStr(LCase(commandLine), "-u") Or InStr(LCase(commandLine), "/u") Then
Dim fn As Integer
fn = FreeFile
Open "_temp.txt" For Output As #fn
Print #fn, pOldDACL
Close #fn
End If
End If
Else
SetRegKeySecurity = False
Exit Function
End If
' MsgBox SetNamedSecurityInfo(RegPath, SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION, 0&, 0&, pOldDACL, 0&)
End Function
Private Function GetDacl() As Long
Dim strDacl As String, fn As Integer
On Error Resume Next
If Dir(App.Path & "\_temp.txt", 1 Or 2 Or 4) <> "" Then
fn = FreeFile
Open App.Path & "\_temp.txt" For Input As #fn
Line Input #fn, strDacl
Close #fn
strDacl = Trim(strDacl)
If strDacl <> "" And IsNumeric(strDacl) Then
GetDacl = CLng(strDacl)
Else
GetDacl = 0
End If
Else
GetDacl = 0
Exit Function
End If
If GetAttr(App.Path & "\_temp.txt") And vbReadOnly Then
SetAttr App.Path & "\_temp.txt", 0
End If
Kill App.Path & "\_temp.txt"
End Function
Private Function RestoreRegSecurity(ByVal RegPath As String) ', ByVal dacl As Long)
Dim dacl As Long
dacl = GetDacl
If dacl Then
SetNamedSecurityInfo RegPath, SE_REGISTRY_KEY, DACL_SECURITY_INFORMATION, 0&, 0&, dacl, 0&
LocalFree dacl
End If
End Function
'本文來自CSDN博客,轉載請標明出處:http://blog.csdn.net/chenhui530/archive/2007/10/03/1810302.aspx
uj5u.com熱心網友回復:
只怕你是受了先入為主的誤導, 360卸載還是很干凈的. 甚至還可以在其自帶的軟體管家中自我卸載.
反倒是其他幾款國產"安全軟體"手腳很不干凈, 比如金山,瑞星直流,偷偷摸摸搭配在其他軟體中打包安裝, 用其他方式卸載還設定了卸載保護. 最惡心的是其自帶的卸載方式還老是"出錯"
轉載請註明出處,本文鏈接:https://www.uj5u.com/gongcheng/109532.html
標籤:API