本程序实现了ring3下的注册表监管工作.由VB+VC实现.功能和瑞星的注册表监视非常类似,如下图:
目前只监视了启动项.VC DLL下载地址是:http://p.blog.csdn.net/images/p_blog_csdn_net/chenhui530/RegistryInfo.bmp现在公开核心消息过滤函数代码如果想要完整代码可以到我博客去下载地址是:
http://blog.csdn.net/chenhui530/archive/2008/01/31/2076013.aspx'消息过滤函数
Private Function WindowProc(ByVal hwnd As Long, ByVal uMsg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long
Dim objCd As COPYDATASTRUCT
Dim strTmp As String, strFullRegPath As String, strType As String
Dim strValue As String, strRegType As String, strOutType As String
Dim strProcessPath As String, strCmpData As String, strRegPath As String
Dim strFindAllowData As String, strFindNotAllowData As String
Select Case uMsg
Case WM_NCDESTROY
Unhook hwnd
Case WM_HOTKEY
' Call HotKeyFunctions(wParam)
' Exit Function
Case WM_GETMINMAXINFO
' Dim MinMax As MINMAXINFO
' CopyMemory MinMax, ByVal lParam, Len(MinMax)
' MinMax.ptMinTrackSize.x = 610
' MinMax.ptMinTrackSize.y = 420
' CopyMemory ByVal lParam, MinMax, Len(MinMax)
' WindowProc = 1
' Exit Function
Case WM_COPYDATA
'获取DLL传来的消息
CopyMemory objCd, ByVal lParam, Len(objCd)
strTmp = Space(objCd.cbData)
CopyMemory ByVal strTmp, ByVal objCd.lpData, objCd.cbData
'对消息进行分离
strType = Left(strTmp, InStr(strTmp, ":"))
strFullRegPath = GetFullPath(strTmp)
strProcessPath = GetRegProcessPathEx(strFullRegPath)
strRegPath = GetRegistryPath(strFullRegPath)
strCmpData = strProcessPath & "," & GetRegistryPath(strFullRegPath)
strFindAllowData = IsIniDataExist("AllowPath", strCmpData, strIniFilePath)
strFindNotAllowData = IsIniDataExist("DisAllowPath", strCmpData, strIniFilePath)
If strFindAllowData <> "" Then
WindowProc = 1000
Exit Function
End If
If strFindNotAllowData <> "" Then
WindowProc = 0
Exit Function
End If
If gblnIsShow Then
ReDim Preserve gstrArray(0 To glngCount)
gstrArray(glngCount) = GetRegProcessPath(strFullRegPath) & "," & strProcessPath
glngCount = glngCount + 1
Do While IsArraryInitialize(gstrArray) And gblnIsShow
DoEvents
Sleep 10
Loop
End If
'对分离出来的结果进行显示和处理
If Not gblnIsEnd Then
Select Case strType
Case "设置值:"
strRegType = GetRegistryType(strFullRegPath)
strValue = GetKeyValue(GetRoot(strFullRegPath), GetRegistrySubPath(strFullRegPath), GetRegValueName(strFullRegPath), GetRegTypeLng(strRegType))
If strValue = "^_*_*_^" Then
strOutType = "新增"
Else
strOutType = "修改"
End If
frmRegMonitor.txtRegPath.Text = strRegPath
If strOutType = "新增" Then
frmRegMonitor.txtType = "新增<" & GetRegValueName(strFullRegPath) & ">" & "值类型是<" & GetRegTypeString(strRegType) & ">"
Else
frmRegMonitor.txtType = "修改<" & GetRegValueName(strFullRegPath) & ">值为<" & GetRegValue(strFullRegPath) & ">值类型是<" & GetRegTypeString(strRegType) & ">"
End If
Case "删除值:"
frmRegMonitor.txtRegPath.Text = strRegPath
frmRegMonitor.txtType = "删除值<" & GetRegValueName(strFullRegPath) & ">"
frmRegMonitor.txtProcessPath.Text = GetRegProcessPath(strFullRegPath)
Case "删除项:"
frmRegMonitor.txtRegPath.Text = strRegPath
frmRegMonitor.txtType = "删除项<" & GetRegValueName(strFullRegPath) & ">"
frmRegMonitor.txtProcessPath.Text = GetRegProcessPath(strFullRegPath)
Case "新增项:"
frmRegMonitor.txtRegPath.Text = strRegPath
frmRegMonitor.txtType = "新增项<" & GetRegValueName(strFullRegPath) & ">"
frmRegMonitor.txtProcessPath.Text = GetRegProcessPath(strFullRegPath)
End Select
frmRegMonitor.txtProcessPath.Text = GetRegProcessPath(strFullRegPath)
frmRegMonitor.timerCheck = True
gblnIsShow = True
frmRegMonitor.Show 1
'对用户选择的结果进行处理
If frmRegMonitor.optAgree.Value Then
If frmRegMonitor.chkAllow.Value = 1 Then
If strFindAllowData = "" Then
WriteIniStr "AllowPath", GetMaxIndex("AllowPath", strIniFilePath), strCmpData, strIniFilePath
End If
End If
WindowProc = 1000
Else
If frmRegMonitor.chkAllow.Value = 1 Then
If strFindNotAllowData = "" Then
WriteIniStr "DisAllowPath", GetMaxIndex("DisAllowPath", strIniFilePath), strCmpData, strIniFilePath
End If
End If
WindowProc = 0
End If
Else
WindowProc = 1000
End If
Exit Function
Case WM_TRAYICON
If lParam = WM_RBUTTONDOWN Then
SetForegroundWindow hwnd
ElseIf lParam = WM_RBUTTONUP Then
frmRegMonitor.PopupMenu frmRegMonitor.mnuPopMenu
End If
End Select
WindowProc = CallWindowProc(lpPrevWndProc, hwnd, uMsg, wParam, lParam)
End Function
目前只监视了启动项.VC DLL下载地址是:http://p.blog.csdn.net/images/p_blog_csdn_net/chenhui530/RegistryInfo.bmp现在公开核心消息过滤函数代码如果想要完整代码可以到我博客去下载地址是:
http://blog.csdn.net/chenhui530/archive/2008/01/31/2076013.aspx'消息过滤函数
Private Function WindowProc(ByVal hwnd As Long, ByVal uMsg As Long, ByVal wParam As Long, ByVal lParam As Long) As Long
Dim objCd As COPYDATASTRUCT
Dim strTmp As String, strFullRegPath As String, strType As String
Dim strValue As String, strRegType As String, strOutType As String
Dim strProcessPath As String, strCmpData As String, strRegPath As String
Dim strFindAllowData As String, strFindNotAllowData As String
Select Case uMsg
Case WM_NCDESTROY
Unhook hwnd
Case WM_HOTKEY
' Call HotKeyFunctions(wParam)
' Exit Function
Case WM_GETMINMAXINFO
' Dim MinMax As MINMAXINFO
' CopyMemory MinMax, ByVal lParam, Len(MinMax)
' MinMax.ptMinTrackSize.x = 610
' MinMax.ptMinTrackSize.y = 420
' CopyMemory ByVal lParam, MinMax, Len(MinMax)
' WindowProc = 1
' Exit Function
Case WM_COPYDATA
'获取DLL传来的消息
CopyMemory objCd, ByVal lParam, Len(objCd)
strTmp = Space(objCd.cbData)
CopyMemory ByVal strTmp, ByVal objCd.lpData, objCd.cbData
'对消息进行分离
strType = Left(strTmp, InStr(strTmp, ":"))
strFullRegPath = GetFullPath(strTmp)
strProcessPath = GetRegProcessPathEx(strFullRegPath)
strRegPath = GetRegistryPath(strFullRegPath)
strCmpData = strProcessPath & "," & GetRegistryPath(strFullRegPath)
strFindAllowData = IsIniDataExist("AllowPath", strCmpData, strIniFilePath)
strFindNotAllowData = IsIniDataExist("DisAllowPath", strCmpData, strIniFilePath)
If strFindAllowData <> "" Then
WindowProc = 1000
Exit Function
End If
If strFindNotAllowData <> "" Then
WindowProc = 0
Exit Function
End If
If gblnIsShow Then
ReDim Preserve gstrArray(0 To glngCount)
gstrArray(glngCount) = GetRegProcessPath(strFullRegPath) & "," & strProcessPath
glngCount = glngCount + 1
Do While IsArraryInitialize(gstrArray) And gblnIsShow
DoEvents
Sleep 10
Loop
End If
'对分离出来的结果进行显示和处理
If Not gblnIsEnd Then
Select Case strType
Case "设置值:"
strRegType = GetRegistryType(strFullRegPath)
strValue = GetKeyValue(GetRoot(strFullRegPath), GetRegistrySubPath(strFullRegPath), GetRegValueName(strFullRegPath), GetRegTypeLng(strRegType))
If strValue = "^_*_*_^" Then
strOutType = "新增"
Else
strOutType = "修改"
End If
frmRegMonitor.txtRegPath.Text = strRegPath
If strOutType = "新增" Then
frmRegMonitor.txtType = "新增<" & GetRegValueName(strFullRegPath) & ">" & "值类型是<" & GetRegTypeString(strRegType) & ">"
Else
frmRegMonitor.txtType = "修改<" & GetRegValueName(strFullRegPath) & ">值为<" & GetRegValue(strFullRegPath) & ">值类型是<" & GetRegTypeString(strRegType) & ">"
End If
Case "删除值:"
frmRegMonitor.txtRegPath.Text = strRegPath
frmRegMonitor.txtType = "删除值<" & GetRegValueName(strFullRegPath) & ">"
frmRegMonitor.txtProcessPath.Text = GetRegProcessPath(strFullRegPath)
Case "删除项:"
frmRegMonitor.txtRegPath.Text = strRegPath
frmRegMonitor.txtType = "删除项<" & GetRegValueName(strFullRegPath) & ">"
frmRegMonitor.txtProcessPath.Text = GetRegProcessPath(strFullRegPath)
Case "新增项:"
frmRegMonitor.txtRegPath.Text = strRegPath
frmRegMonitor.txtType = "新增项<" & GetRegValueName(strFullRegPath) & ">"
frmRegMonitor.txtProcessPath.Text = GetRegProcessPath(strFullRegPath)
End Select
frmRegMonitor.txtProcessPath.Text = GetRegProcessPath(strFullRegPath)
frmRegMonitor.timerCheck = True
gblnIsShow = True
frmRegMonitor.Show 1
'对用户选择的结果进行处理
If frmRegMonitor.optAgree.Value Then
If frmRegMonitor.chkAllow.Value = 1 Then
If strFindAllowData = "" Then
WriteIniStr "AllowPath", GetMaxIndex("AllowPath", strIniFilePath), strCmpData, strIniFilePath
End If
End If
WindowProc = 1000
Else
If frmRegMonitor.chkAllow.Value = 1 Then
If strFindNotAllowData = "" Then
WriteIniStr "DisAllowPath", GetMaxIndex("DisAllowPath", strIniFilePath), strCmpData, strIniFilePath
End If
End If
WindowProc = 0
End If
Else
WindowProc = 1000
End If
Exit Function
Case WM_TRAYICON
If lParam = WM_RBUTTONDOWN Then
SetForegroundWindow hwnd
ElseIf lParam = WM_RBUTTONUP Then
frmRegMonitor.PopupMenu frmRegMonitor.mnuPopMenu
End If
End Select
WindowProc = CallWindowProc(lpPrevWndProc, hwnd, uMsg, wParam, lParam)
End Function
解决方案 »
- ACCESS与SQL
- 变态的google和更加变态的百度!!!
- 设置系统时间
- 急问:需要根据需要创建不同的类模块对象,怎么做呢?
- 高分求 CRYSTAL REPORT 10 for VB
- 问题似乎很严重,或许我只是不知道,关于js文件内创建对象
- 简单问题50分 如何启动Splash?
- 用VB的DataReport做报表,怎样才能改成横向打印?谢谢
- 怎么打开*.iso文件????
- 如何使自己编写的MP3播放器能接管机子内MP3的播放权限?!(点击MP3后由我的软件播放)
- 使用MSCOM控件为什么设置RThreshold = 0仍能引发OnComm事件,请高手指点!
- 在VB中如何将字符、图片进行封装
不知道为什么,下了你的代码保存为工程
下了你的DLL,但是我改注册表的时候没反应。
不知道为什么,下了你的代码保存为工程
下了你的DLL,但是我改注册表的时候没反应。
----------------------
需要改注册表吗?
哪个DLL是标准DLL,不过原扩展名是bmp,呵呵
我改注册表的目的,是想看软件能不能成功拦截~
不过什么反应都没有!
我这里安装了卡巴和360安全卫士,不知道有没有影响
发到这里了:285305530#qq.com
不是这个,是另一个,现在有点迷迷糊糊....反病毒工具之病毒诊断程序
http://topic.csdn.net/u/20080127/19/699d9a15-6b83-44bb-b9e1-c4d32c772950.html