function myRegOpenKeyExW(hKey: windows.HKEY; lpValueName: PWideChar;
Reserved: DWORD; dwType: DWORD; lpData: Pointer; cbData: DWORD): Longint; stdcall;begin
MessageBox(0, string(lpData), '木马克星提示', MB_ICONINFORMATION + MB_SYSTEMMODAL + MB_ok);
//这个时候只能显示lpdata的第一位
Result := apiRegOpenKeyExW(hKey, lpValueName, Reserved, dwType, lpData, cbData);
end;
Reserved: DWORD; dwType: DWORD; lpData: Pointer; cbData: DWORD): Longint; stdcall;begin
MessageBox(0, string(lpData), '木马克星提示', MB_ICONINFORMATION + MB_SYSTEMMODAL + MB_ok);
//这个时候只能显示lpdata的第一位
Result := apiRegOpenKeyExW(hKey, lpValueName, Reserved, dwType, lpData, cbData);
end;
cbData是字符长度
c: array of char; move(lpData^,pchar(c)^,cbData)
Reserved: DWORD; dwType: DWORD; lpData: Pointer; cbData: DWORD): Longint; stdcall;
var hd: THandle;
str: string;c: array of char;
// s: pchar;
begin
Hd := FindWindow(nil, 'iparmorform3'); // 获得接受窗口的句柄 if dwType = REG_SZ then
begin
move(lpData^,pchar(c)^,cbData) ;
begin str := GetProcessPath(GetCurrentProcessID()); StrCopy(PChar(fMapFile), pchar(c));
sendMessage(HWND_BROADCAST, 1034, 63, 0);
end;
end; Result := apiRegOpenKeyExW(hKey, lpValueName, Reserved, dwType, lpData, cbData);
end;
cbData都是20左右
c: array of char;move(lpData^,pchar(c)^,cbData) 执行后延时3分钟
c的值为空string(lpdata)的话,只有第1个字符
lpData是指向首字符的
不是字符串指针
c: array of char;
setlength(c,cbdata);//加这句就好了
move(lpData^,pchar(c)^,cbData)
这样居然可以直接显示,但是仍然是第1个字符
c: array of char;
setlength(c,cbdata);//加这句就好了
move(lpData^,pchar(c)^,cbData) 这样做和直接和
MessageBox(0, lpData,lpData, MB_ICONINFORMATION + MB_SYSTEMMODAL + MB_ok);
MessageBox(0,pchar(c),lpData, MB_ICONINFORMATION + MB_SYSTEMMODAL + MB_ok);一样,都是第一个值真是郁闷
function myRegOpenKeyExW(hKey: windows.HKEY; lpValueName: PWideChar;
Reserved: DWORD; dwType: DWORD; lpData: Pointer; cbData: DWORD): Longint; stdcall;
其他程序有写注册表行为就触发